Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Master the Fortinet NSE 4 - FortiOS 7.2 NSE4_FGT-7.2 Exam with Confidence!

Questions 1

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.

Which DPD mode on FortiGate will meet the above requirement?

Options:

A.

Disabled

B.

On Demand

C.

Enabled

D.

On Idle

Buy Now
Questions 2

An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 168. 1.0/24 and the remote quick mode selector is 192. 168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?

Options:

A.

192. 168. 1.0/24

B.

192. 168.0.0/24

C.

192. 168.2.0/24

D.

192. 168.3.0/24

Buy Now
Questions 3

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Options:

A.

The collector agent uses a Windows API to query DCs for user logins.

B.

NetAPI polling can increase bandwidth usage in large networks.

C.

The collector agent must search security event logs.

D.

The NetSession Enum function is used to track user logouts.

Buy Now
Questions 4

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

Options:

A.

It limits the scope of application control to the browser-based technology category only.

B.

It limits the scope of application control to scan application traffic based on application category only.

C.

It limits the scope of application control to scan application traffic using parent signatures only

D.

It limits the scope of application control to scan application traffic on DNS protocol only.

Buy Now
Questions 5

Which statement about video filtering on FortiGate is true?

Options:

A.

Full SSL Inspection is not required.

B.

It is available only on a proxy-based firewall policy.

C.

It inspects video files hosted on file sharing services.

D.

Video filtering FortiGuard categories are based on web filter FortiGuard categories.

Buy Now
Questions 6

7

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

Options:

A.

System time

B.

FortiGuaid update servers

C.

Operating mode

D.

NGFW mode

Buy Now
Questions 7

Refer to the exhibit, which contains a session diagnostic output.

NSE4_FGT-7.2 Question 7

Which statement is true about the session diagnostic output?

Options:

A.

The session is a UDP unidirectional state.

B.

The session is in TCP ESTABLISHED state.

C.

The session is a bidirectional UDP connection.

D.

The session is a bidirectional TCP connection.

Buy Now
Questions 8

95

Examine this output from a debug flow:

NSE4_FGT-7.2 Question 8

Why did the FortiGate drop the packet?

Options:

A.

The next-hop IP address is unreachable.

B.

It failed the RPF check .

C.

It matched an explicitly configured firewall policy with the action DENY.

D.

It matched the default implicit firewall policy.

Buy Now
Questions 9

18

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

Options:

A.

A CRL

B.

A person

C.

A subordinate CA

D.

A root CA

Buy Now
Questions 10

108

Which statement about the IP authentication header (AH) used by IPsec is true?

Options:

A.

AH does not provide any data integrity or encryption.

B.

AH does not support perfect forward secrecy.

C.

AH provides data integrity bur no encryption.

D.

AH provides strong data integrity but weak encryption.

Buy Now
Exam Code: NSE4_FGT-7.2
Exam Name: Fortinet NSE 4 - FortiOS 7.2
Last Update: May 20, 2024
Questions: 170

PDF + Testing Engine
$159.99
$64
Add to Cart

Testing Engine
$119.99
$48
Add to Cart

PDF (Q&A)
$99.99
$40
Add to Cart

How to Pass NSE4_FGT-7.2 Exams