Dumps4free
Go Back on NSE4_FGT-7.2 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

NSE4_FGT-7.2 Practice Test


Page 5 out of 34 Pages

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?


A. diagnose wad session list


B. diagnose wad session list | grep hook-pre&&hook-out


C. diagnose wad session list | grep hook=pre&&hook=out


D. diagnose wad session list | grep "hook=pre"&"hook=out" 





A.   diagnose wad session list

Which statement is correct regarding the security fabric?


A. FortiManager is one of the required member devices.


B. FortiGate devices must be operating in NAT mode.


C. A minimum of two Fortinet devices is required.


D. FortiGate Cloud cannot be used for logging purposes.





B.   FortiGate devices must be operating in NAT mode.

FortiGate Security 7.2 Study Guide (p.428): "You must have a minimum of two FortiGate devices at the core of the Security Fabric, plus one FortiAnalyzer or cloud logging solution. FortiAnalyzer Cloud or FortiGate Cloud can act as the cloud logging solution. The FortiGate devices must be running in NAT mode." 

An administrator configures outgoing interface any in a firewall policy. What is the result of the policy list view? 


A.  Search option is disabled.


B. Policy lookup is disabled.


C. By Sequence view is disabled.


D. Interface Pair view is disabled.





D.   Interface Pair view is disabled.

"If you use multiple source or destination interfaces, or the any interface in a firewall policy, you cannot separate policies into sections by interface pairs—some would be triplets or more. So instead, policies are then always displayed in a single list (By Sequence)."

When configuring a firewall virtual wire pair policy, which following statement is true?


A. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.


B. Only a single virtual wire pair can be included in each policy. 


C.

Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.


D. Exactly two virtual wire pairs need to be included in each policy. 





A.   Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

Reference: https://kb.fortinet.com/kb/documentLink .do?externalID=FD48690

An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 168. 1.0/24 and the remote quick mode selector is 192.168.2.0/24.

Which subnet must the administrator configure for the local quick mode selector for site B?


A. 192. 168. 1.0/24


B. 192. 168.0.0/24


C. 192. 168.2.0/24


D. 192. 168.3.0/24





C.   192. 168.2.0/24

For an IPsec VPN between site A and site B, the administrator has configured the local quick mode selector for site A as 192.168.1.0/24 and the remote quick mode selector as 192.168.2.0/24. This means that the VPN will allow traffic to and from the 192.168.1.0/24 subnet at site A to reach the 192.168.2.0/24 subnet at site B.

To complete the configuration, the administrator must configure the local quick mode selector for site B. To do this, the administrator must use the same subnet as the remote quick mode selector for site A, which is 192.168.2.0/24. This will allow traffic to and from the 192.168.2.0/24 subnet at site B to reach the 192.168.1.0/24 subnet at site A. 

Therefore, the administrator must configure the local quick mode selector for site B as 192.168.2.0/24.


Page 5 out of 34 Pages
Previous