Dumps4free
Go Back on NSE4_FGT-7.2 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

NSE4_FGT-7.2 Practice Test


Page 4 out of 34 Pages

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?


A. It limits the scanning of application traffic to the DNS protocol only.


B. It limits the scanning of application traffic to use parent signatures only.


C.

It limits the scanning of application traffic to the browser-based technology category only.


D.

It limits the scanning of application traffic to the application category only.





C.   
It limits the scanning of application traffic to the browser-based technology category only.


FortiGate Security 7.2 Study Guide (p.317): "You can configure the URL Category within the same security policy; however, adding a URL filter causes application control to scan applications in only the browser-based technology category, for example, Facebook Messenger on the Facebook website."

Which two settings are required for SSL VPN to function between two FortiGate devices? 
(Choose two.)


A.

The client FortiGate requires a client certificate signed by the CA on the server FortiGate.


B. The client FortiGate requires a manually added route to remote subnets.


C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.


D. The server FortiGate requires a CA certificate to verify the client FortiGate certificate.





C.   The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

D.   The server FortiGate requires a CA certificate to verify the client FortiGate certificate.

https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/508779/fortigate-asssl-vpn-client

To establish an SSL VPN connection between two FortiGate devices, the following two settings are required:

The server FortiGate requires a CA certificate to verify the client FortiGate certificate: The server FortiGate will use a CA (Certificate Authority) certificate to verify the client FortiGate certificate, ensuring that the client device is trusted and allowed to establish an SSL VPN connection.

The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN: The client FortiGate must have an SSL VPN tunnel interface type configured in order to establish an SSL VPN connection. This interface type will be used to connect to the server FortiGate over the SSL VPN. 

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.) 


A. The interface has been configured for one-arm sniffer.


B. The interface is a member of a virtual wire pair.


C. The operation mode is transparent.


D. The interface is a member of a zone.


E. Captive portal is enabled in the interface.





A.   The interface has been configured for one-arm sniffer.

B.   The interface is a member of a virtual wire pair.

C.   The operation mode is transparent.

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats new54/Top_VirtualWirePair.htm

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)


A.

The IP version of the sources and destinations in a firewall policy must be different.


B.

The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.


C.

The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.


D.

The IP version of the sources and destinations in a policy must match.


E.

The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.





B.   
The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.


D.   
The IP version of the sources and destinations in a policy must match.


E.   
The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.


Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)


A. System time


B. FortiGuaid update servers


C. Operating mode


D. NGFW mode





C.   Operating mode

D.   NGFW mode

C: "Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.
D: "Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM" Page 125 of FortiGate_Infrastructure_6.4_Study_Guide QUESTION NO: 23 51 Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites? A. The security actions applied on the web applications will also be explicitly applied on the third-party websites.
B. The application signature database inspects traffic only from the original web application server.
C. FortiGuard maintains only one signature of each web application that is unique.
D. FortiGate can inspect sub-application traffic regardless where it was originated.

Answer: D

Reference:
https://help.fortinet.com/fortiproxy/11/Content/Admin-Guides/FPXAdminGuide/300_System/303d_FortiG


Page 4 out of 34 Pages
Previous