Dumps4free
Go Back on NSE4_FGT-7.2 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

NSE4_FGT-7.2 Practice Test


Page 10 out of 34 Pages

If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used? 


A. The Services field prevents SNAT and DNAT from being combined in the same policy. 


B. The Services field is used when you need to bundle several VIPs into VIP groups. 


C. The Services field removes the requirement to create multiple VIPs for different services.


D. The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer. 





C.   The Services field removes the requirement to create multiple VIPs for different services.

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection. 


Which FortiGate configuration can achieve this goal? 


A. SSL VPN bookmark 


B.  SSL VPN tunnel


C. Zero trust network access


D. SSL VPN quick connection





B.    SSL VPN tunnel

FortiGate Infrastructure 7.2 Study Guide (p.198): "Tunnel mode requires FortiClient to connect to FortiGate. FortiClient adds a virtual network adapter identified as fortissl to the user’s PC. This virtual adapter dynamically receives an IP address from FortiGate each time FortiGate establishes a new VPN connection. Inside the tunnel, all traffic is SSL/TLS encapsulated. The main advantage of tunnel mode over web mode is that after the VPN is established, any IP network application running on the client can send traffic through the tunnel."

An SSL VPN tunnel allows remote users to establish a secure and encrypted Virtual Private Network (VPN) connection to the private network using the SSL/TLS protocol1. An SSL VPN tunnel can provide access to network resources such as FTP servers, as well as external applications running on the user’s PC1. 

An SSL VPN bookmark is a web link that provides access to network resources through the SSL VPN web portal1. It does not support external applications running on the user’s PC. Zero trust network access (ZTNA) is a security model that provides role-based application access to remote users without exposing the private network to the internet2. It does not use SSL/TLS protocol, but rather a proprietary ZTNA protocol.

SSL VPN quick connection is a feature that allows users to connect to an SSL VPN tunnel without installing FortiClient or any other software on their PC3. It requires a web browser that supports Java or ActiveX. It does not support external applications running on the user’s PC. 

Which statement correctly describes the use of reliable logging on FortiGate?


A. Reliable logging is enabled by default in all configuration scenarios.


B. Reliable logging is required to encrypt the transmission of logs.


C. Reliable logging can be configured only using the CLI. 


D. Reliable logging prevents the loss of logs when the local disk is full.





B.   Reliable logging is required to encrypt the transmission of logs.

FortiGate Security 7.2 Study Guide (p.192): "if using reliable logging, you can encrypt communications using SSL-encrypted OFTP traffic, so when a log message is generated, it is safely transmitted across an unsecure network. You can choose the level of SSL protection used by configuring the enc-algorithm setting on the CLI."

Which two statements are true when FortiGate is in transparent mode? (Choose two.)


A. By default, all interfaces are part of the same broadcast domain.


B. The existing network IP schema must be changed when installing a transparent mode.


C. Static routes are required to allow traffic to the next hop. 


D. FortiGate forwards frames without changing the MAC address.





A.   By default, all interfaces are part of the same broadcast domain.

D.   FortiGate forwards frames without changing the MAC address.

Reference: https://kb.fortinet.com/kb/viewAttachment.doattachID=Fortigate_Transparent_Mode_Technical_Guide_FortiOS_4_0_version1.2.pdf&do cumentID=FD33113

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface. In this scenario, which statement about VLAN IDs is true?


A. The two VLAN subinterfaces can have the same VLAN ID only if they belong to different VDOMs. 


B. The two VLAN subinterfaces must have different VLAN IDs.


C. The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in the same subnet. 


D. The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in different subnets.





C.   The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in the same subnet. 

D.   The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in different subnets.

Reference: https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/402940/vlans


Page 10 out of 34 Pages
Previous