Fortinet Fortinet Certifications NSE4_FGT-7.2 Questions & Answers

• Question 131:

  Refer to the exhibits.

  

  Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

  A. Administrators can access FortiGate only through the console port.

  B. FortiGate has entered conserve mode.

  C. FortiGate will start sending all files to FortiSandbox for inspection.

  D. Administrators cannot change the configuration.

  Correct Answer: BD

  Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Conserve-mode-changes/ta-p/198502

  configurable thresholds

  Though it is recommended to keep the default memory threshold, a new CLI command has been added to allow administrators to adjust the thresholds.

  Default values are :

  -red : 88% of total memory is considered "used memory"

  -extreme : 95% of total memory is considered "used memory"

  -green : 82% of total memory is considered "used memory"

• Question 132:

  Refer to the exhibits.

  The exhibits show the firewall policies and the objects used in the firewall policies.

  The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.

  

  Which policy will be highlighted, based on the input criteria?

  A. Policy with ID 4.

  B. Policy with ID 5.

  C. Policies with ID 2 and 3.

  D. Policy with ID 4.

  Correct Answer: B

  Reference: https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/497952/policy-views-and-policy-lookup

  We are looking for a policy that will allow or deny traffic from the source interface Port3 and source IP address 10.1.1.10 (LOCAL_CLIENT) to facebook.com TCP port 443 (HTTPS). There are only two policies that will match this traffic, policy ID 2 and 5. In FortiGate, firewall policies are evaluated from top to bottom. This means that the first policy that matches the traffic is applied, and subsequent policies are not evaluated. Based on the Policy Lookup criteria, Policy ID 5 will be highlighted

• Question 133:

  If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

  A. IP address

  B. Once Internet Service is selected, no other object can be added

  C. User or User Group

  D. FQDN address

  Correct Answer: B

  Reference: https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

• Question 134:

  Which three statements explain a flow-based antivirus profile? (Choose three.)

  A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

  B. If a virus is detected, the last packet is delivered to the client.

  C. The IPS engine handles the process as a standalone.

  D. FortiGate buffers the whole file but transmits to the client at the same time.

  E. Flow-based inspection optimizes performance compared to proxy-based inspection.

  Correct Answer: ADE

  Reference: https://forum.fortinet.com/tm .aspx?m=192309

• Question 135:

  On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

  A. System event logs

  B. Forward traffic logs

  C. Local traffic logs

  D. Security logs

  Correct Answer: C

  Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/476970 Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces. FortiGate Security 7.2 Study Guide (p.176): "Local traffic logs contain information about traffic directly to and from the FortiGate management IP addresses. They also include connections to the GUI and FortiGuard queries."

• Question 136:

  A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

  

  Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

  A. On HQ-FortiGate, set IKE mode to Main (ID protection).

  B. On both FortiGate devices, set Dead Peer Detection to On Demand.

  C. On HQ-FortiGate, disable Diffie-Helman group 2.

  D. On Remote-FortiGate, set port2 as Interface.

  Correct Answer: AD

  "In IKEv1, there are two possible modes in which the IKE SA negotiation can take place:

  main, and aggressive mode. Settings on both ends must agree; otherwise, phase 1 negotiation fails and both IPsec peers are not able to establish a secure channel."

• Question 137:

  Which feature in the Security Fabric takes one or more actions based on event triggers?

  A. Fabric Connectors

  B. Automation Stitches

  C. Security Rating

  D. Logical Topology

  Correct Answer: B

  Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/286973/fortinet-security-fabric

• Question 138:

  Which timeout setting can be responsible for deleting SSL VPN associated sessions?

  A. SSL VPN idle-timeout

  B. SSL VPN http-request-body-timeout

  C. SSL VPN login-timeout

  D. SSL VPN dtls-hello-timeout

  Correct Answer: A

  Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-disconnection-issues-when-connected-with/ta-p/207851#:~:text=By%20default%2C%20a%20SSL%2DVPN,hours%20due%20to%20auth%2Dtimeout

  The SSL VPN idle-timeout setting determines how long an SSL VPN session can be inactive before it is terminated. When an SSL VPN session becomes inactive (for example, if the user closes the VPN client or disconnects from the network), the session timer begins to count down. If the timer reaches the idle-timeout value before the user reconnects or sends any new traffic, the session will be terminated and the associated resources (such as VPN tunnels and virtual interfaces) will be deleted.

• Question 139:

  The IPS engine is used by which three security features? (Choose three.)

  A. Antivirus in flow-based inspection

  B. Web filter in flow-based inspection

  C. Application control

  D. DNS filter

  E. Web application firewall

  Correct Answer: ABC

  FortiGate Security 7.2 Study Guide (p.385): "The IPS engine is responsible for most of the features shown in this lesson: IPS and protocol decoders. It's also responsible for application control, flow-based antivirus protection, web filtering, and email filtering."

• Question 140:

  Refer to the exhibits.

  

  The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

  A. Change the SSL VPN port on the client.

  B. Change the Server IP address.

  C. Change the idle-timeout.

  D. Change the SSL VPN portal to the tunnel.

  Correct Answer: A

  Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/150494