Dumps4free
Go Back on NSE4_FGT-7.2 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

NSE4_FGT-7.2 Practice Test


Page 1 out of 34 Pages

An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)


A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.


B. Create a new service object for HTTP service and set the session TTL to never


C. Set the TTL value to never under config system-ttl 


D.  Set the session TTL on the HTTP policy to maximum





B.   Create a new service object for HTTP service and set the session TTL to never

C.   Set the TTL value to never under config system-ttl 

Which two statements are true about the FGCP protocol? (Choose two.)


A. FGCP elects the primary FortiGate device.


B. FGCP is not used when FortiGate is in transparent mode.


C. FGCP runs only over the heartbeat links.


D.  FGCP is used to discover FortiGate devices in different HA groups.





A.   FGCP elects the primary FortiGate device.

C.   FGCP runs only over the heartbeat links.

The FGCP (FortiGate Clustering Protocol) is a protocol that is used to manage high availability (HA) clusters of FortiGate devices. It performs several functions, including the following:

FGCP elects the primary FortiGate device: In an HA cluster, FGCP is used to determine which FortiGate device will be the primary device, responsible for handling traffic and making decisions about what to allow or block. FGCP uses a variety of factors, such as the device's priority, to determine which device should be the primary. 

FGCP runs only over the heartbeat links: FGCP communicates between FortiGate devices in the HA cluster using the heartbeat links. These are dedicated links that are used to exchange status and control information between the devices. FGCP does not run over other types of links, such as data links

Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcpfortigate-clustering-protocol

Infrastructure 7.2 Study Guide (p.292): "FortiGate HA uses the Fortinetproprietary FortiGate Clustering Protocol (FGCP) to discover members, elect the primary FortiGate, synchronize data among members, and monitor the health of members. To discover and monitor members, the members broadcast heartbeat packets over all configured heartbeat interfaces."

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?


A. get system status


B. get system performance status


C. diagnose sys top


D. get system arp





D.   get system arp

"If you suspect that there is an IP address conflict, or that an IP has been assigned to the wrong device, you may need to look at the ARP table." 

Which three statements are true regarding session-based authentication? (Choose three.)


A. HTTP sessions are treated as a single user.


B. IP sessions from the same source IP address are treated as a single user.


C. It can differentiate among multiple clients behind the same source IP address.


D.  It requires more resources.


E.  It is not recommended if multiple users are behind the source NAT





A.   HTTP sessions are treated as a single user.

C.   It can differentiate among multiple clients behind the same source IP address.

D.    It requires more resources.

Which statement about the IP authentication header (AH) used by IPsec is true?


A. AH does not provide any data integrity or encryption.


B. AH does not support perfect forward secrecy.


C. AH provides data integrity bur no encryption.


D. AH provides strong data integrity but weak encryption.





C.   AH provides data integrity bur no encryption.


Page 1 out of 34 Pages