Dumps4free
Go Back on NSE4_FGT-7.2 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

NSE4_FGT-7.2 Practice Test


Page 12 out of 34 Pages

If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?


A. IP address 


B. No other object can be added 


C. FQDN address


D. User or User Group





B.   No other object can be added 

FortiGate Security 7.2 Study Guide (p.59): "When configuring your firewall policy, you can use Internet Service as the destination in a firewall policy, which contains all the IP addresses, ports, and protocols used by that service. For the same reason, you cannot mix regular address objects with ISDB objects, and you cannot select services on a firewall policy. The ISDB objects already have services information, which is hardcoded." 

This is true because Internet Service is a special type of destination object that can only be used alone in a firewall policy. Internet Service is a feature that allows FortiGate to identify and filter traffic based on the internet service or application that it belongs to, such as Facebook, YouTube, Skype, etc. Internet Service uses a database of IP addresses and ports that are associated with each internet service or application, and updates it regularly from FortiGuard. When Internet Service is selected as the destination in a firewall policy, FortiGate will match the traffic to the corresponding internet service or application, and apply the appropriate action and security profiles to it. However, Internet Service cannot be combined with any other destination object, such as IP address, FQDN address, user or user group, etc., as this would create a conflict or ambiguity in the firewall policy. Therefore, no other object can be added if Internet Service is already selected as the destination in a firewall policy

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?


A. Log ID


B. Universally Unique Identifier


C. Policy ID


D. Sequence ID





B.   Universally Unique Identifier

FortiGate Security 7.2 Study Guide (p.67): "When creating firewall objects or policies, a universally unique identifier (UUID) attribute is added so that logs can record these UUIDs and improve functionality when integrating with FortiManager or FortiAnalyzer." 

Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/554066/firewallpolicies

An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)


A. Interface name


B. Packet payload


C. Ethernet header


D. IP header


E. Application header





A.   Interface name

B.   Packet payload

D.   IP header

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)


A. To detect intermediary NAT devices in the tunnel path.


B. To dynamically change phase 1 negotiation mode aggressive mode.


C. To encapsulation ESP packets in UDP packets using port 4500. 


D. To force a new DH exchange with each phase 2 rekey. 





A.   To detect intermediary NAT devices in the tunnel path.

C.   To encapsulation ESP packets in UDP packets using port 4500. 

Which two types of traffic are managed only by the management VDOM? (Choose two.) 


A. FortiGuard web filter queries


B.  PKI 


C. Traffic shaping


D.  DNS 





A.   FortiGuard web filter queries

D.    DNS 


Page 12 out of 34 Pages
Previous