Dumps4free
Go Back on NSE4_FGT-7.2 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

NSE4_FGT-7.2 Practice Test


Page 11 out of 34 Pages

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.) 


A. Source defined as Internet Services in the firewall policy. 


B. Destination defined as Internet Services in the firewall policy.


C. Highest to lowest priority defined in the firewall policy.


D. Services defined in the firewall policy.


E. Lowest to highest policy ID number. 





A.   Source defined as Internet Services in the firewall policy. 

B.   Destination defined as Internet Services in the firewall policy.

D.   Services defined in the firewall policy.

When a packet arrives, how does FortiGate find a matching policy? Each policy has match criteria, which you can define using the following objects:
• Incoming Interface
• Outgoing Interface
• Source: IP address, user, internet services
• Destination: IP address or internet services
• Service: IP protocol and port number
• Schedule: Applies during configured times
Reference: https://kb.fortinet.com/kb/documentLink .do?externalID=FD47435

Which two types of traffic are managed only by the management VDOM? (Choose two.)


A. FortiGuard web filter queries


B. PKI


C. Traffic shaping


D. DNS 





A.   FortiGuard web filter queries

D.   DNS 

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?


A. The matching firewall policy is set to proxy inspection mode. 


B.

The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions. 


C.

The full SSL inspection feature does not have a valid license.


D.

The browser does not trust the certificate used by FortiGate for SSL inspection. 





D.   
The browser does not trust the certificate used by FortiGate for SSL inspection. 


FortiGate Security 7.2 Study Guide (p.235): "If FortiGate receives a trusted SSL certificate, then it generates a temporary certificate signed by the built-in Fortinet_CA_SSL certificate and sends it to the browser. If the browser trusts the Fortinet_CA_SSL certificate, the browser completes the SSL handshake. Otherwise, the browser also presents a warning message informing the user that the site is untrusted. In other words, for this function to work as intended, you must import the Fortinet_CA_SSL certificate into the trusted root CA certificate store of your browser." 

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)


A. Browsers can be configured to retrieve this PAC file from the FortiGate.


B. Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy. 


C. All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.


D. Any web request fortinet.com is allowed to bypass the proxy.





A.   Browsers can be configured to retrieve this PAC file from the FortiGate.

D.   Any web request fortinet.com is allowed to bypass the proxy.

What inspection mode does FortiGate use if it is configured as a policy-based nextgeneration firewall (NGFW)?


A. Full Content inspection


B. Proxy-based inspection 


C. Certificate inspection


D. Flow-based inspection





D.   Flow-based inspection


Page 11 out of 34 Pages
Previous