Dumps4free
Go Back on NSE4_FGT-7.2 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99

NSE4_FGT-7.2 Practice Test


Page 9 out of 34 Pages

What are two functions of the ZTNA rule? (Choose two.)


A. It redirects the client request to the access proxy.


B. It applies security profiles to protect traffic.


C. It defines the access proxy. 


D. It enforces access control.





B.   It applies security profiles to protect traffic.

D.   It enforces access control.

A ZTNA rule is a policy that enforces access control and applies security profiles to protect traffic between the client and the access proxy1. A ZTNA rule defines the following parameters1:
Incoming interface: The interface that receives the client request.
Source: The address and user group of the client.
ZTNA tag: The tag that identifies the domain that the client belongs to.

ZTNA server: The server that hosts the access proxy.
Destination: The address of the application that the client wants to access.
Action: The action to take for the traffic that matches the rule. It can be accept, deny, or redirect.
Security profiles: The security features to apply to the traffic, such as antivirus, web filter, application control, and so on.
A ZTNA rule does not redirect the client request to the access proxy. That is the function of a policy route that matches the ZTNA tag and sends the traffic to the ZTNA server2. A ZTNA rule does not define the access proxy. That is done by creating a ZTNA server object that specifies the IP address, port, and certificate of the access proxy3. FortiGate Infrastructure 7.2 Study Guide (p.177): "A ZTNA rule is a proxy policy used to enforce access control. You can define ZTNA tags or tag groups to enforce zero-trust rolebased access. To create a rule, type a rule name, and add IP addresses and ZTNA tags or tag groups that are allowed or blocked access. You also select the ZTNA server as the destination. You can also apply security profiles to protect this traffic." 

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.

What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?


A. Static IP Address


B. Dialup User


C. Dynamic DNS


D. Pre-shared Key





B.   Dialup User

Dialup user is used when the remote peer's IP address is unknown. The remote peer whose IP address is unknown acts as the dialup clien and this is often the case for branch offices and mobile VPN clients that use dynamic IP address and no dynamic DNS 

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.) 


A. The firmware image must be manually uploaded to each FortiGate.


B. Only secondary FortiGate devices are rebooted.


C. Uninterruptable upgrade is enabled by default.


D. Traffic load balancing is temporally disabled while upgrading the firmware.





C.   Uninterruptable upgrade is enabled by default.

D.   Traffic load balancing is temporally disabled while upgrading the firmware.

Which of statement is true about SSL VPN web mode?


A. The tunnel is up while the client is connected. 


B. It supports a limited number of protocols. 


C. The external network application sends data through the VPN.


D. It assigns a virtual IP address to the client.





B.   It supports a limited number of protocols. 

FortiGate_Security_6.4 page 575 - Web mode requires only a web browser, but supports a limited number of protocols.

An administrator wants to simplify remote access without asking users to provide user credentials. Which access control method provides this solution?


A. ZTNA IP/MAC filtering mode 


B. ZTNA access proxy


C.  SSL VPN


D. L2TP





B.   ZTNA access proxy

FortiGate Infrastructure 7.2 Study Guide (p.165): "ZTNA access proxy allows users to securely access resources through an SSL-encrypted access proxy. This simplifies remote access by eliminating the use of VPNs."

This is true because ZTNA access proxy is a feature that allows remote users to access internal applications without requiring VPN or user credentials. ZTNA access proxy uses a secure tunnel between the user’s device and the FortiGate, and authenticates the user based on device identity and context. The user only needs to install a lightweight agent on their device, and the FortiGate will automatically assign them to the appropriate application group based on their device profile. This simplifies remote access and enhances security by reducing the attack surface12


Page 9 out of 34 Pages
Previous