Fortinet NSE4_FGT-7.2 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-7.2 Online Questions & Answers

• Question 151:

  Which statement about the IP authentication header (AH) used by IPsec is true?

  A. AH does not provide any data integrity or encryption.
  B. AH does not support perfect forward secrecy.
  C. AH provides data integrity bur no encryption.
  D. AH provides strong data integrity but weak encryption.
  C. AH provides data integrity bur no encryption.

• Question 152:

  Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

  A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  B. ADVPN is only supported with IKEv2.
  C. Tunnels are negotiated dynamically between spokes.
  D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
  A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  C. Tunnels are negotiated dynamically between spokes.

• Question 153:

  When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

  A. Log ID
  B. Universally Unique Identifier
  C. Policy ID
  D. Sequence ID
  B. Universally Unique Identifier

  ---

  Explanation/Reference:

  FortiGate Security 7.2 Study Guide (p.67): "When creating firewall objects or policies, a universally unique identifier (UUID) attribute is added so that logs can record these UUIDs and improve functionality when integrating with FortiManager or FortiAnalyzer."

  Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/554066/firewall-policies

• Question 154:

  The exhibit shows the configuration for the SD-WAN member, Performance SLA, and SD-WAN Rule, as well as the output of diagnose sys virtual-wan-link health-check.

  

  Which interface will be selected as an outgoing interface?

  A. port2
  B. port3
  C. port4
  D. port1
  A. port2

  ---

  Explanation/Reference:

  To determine the best path for traffic in Fortinet's SD-WAN implementation, a "lowest cost" algorithm is used that considers the cost metric associated with each available WAN link. In this case, Port 4 and 3 are eliminated due to packet loss,

  leaving Port 1 and Port 2 as the available paths.

  The next stage of elimination is based on the highest cost. Port 1 has a high cost of 15, which makes it less desirable than Port 2. Therefore, Port 1 is eliminated, and Port 2 is selected as the winner.

• Question 155:

  Which three methods are used by the collector agent for AD polling? (Choose three.)

  A. FortiGate polling
  B. NetAPI
  C. Novell API
  D. WMI
  E. WinSecLog
  B. NetAPI
  D. WMI
  E. WinSecLog

  ---

  Explanation/Reference:

  FortiGate Infrastructure 7.2 Study Guide (p.127-128): "As previously stated, collector agent-based polling mode has three methods (or options) for collecting login information. The order on the slide from left to right shows most recommend to

  least recommended:

  (WMI, WinSecLog, and NetAPI)"

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

• Question 156:

  You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior when the local disk is full?

  A. No new log is recorded after the warning is issued when log disk use reaches the threshold of 95%.
  B. No new log is recorded until you manually clear logs from the local disk.
  C. Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.
  D. Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%.
  C. Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.

  ---

  set diskfull [ overwrite | nolog ]

  Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full. (default --> overwrite)

  config log memory global-setting

  set full-first-warning-threshold {integer}

  Log full first warning threshold as a percent. (default --> 75) Reference:

  https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/421620/config-log-disk- setting

  https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/418620/config-log-memory- global-setting

  Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.

  This is true because this is the default behavior of FortiGate when logging to the local disk. The local disk is the internal storage of FortiGate that can be used to store event logs and security logs. When the local disk is full, FortiGate will

  overwrite the oldest logs with the newest ones, and issue warnings at different thresholds of disk usage. The first warning is issued when log disk use reaches 75%, the second warning is issued when log disk use reaches 85%, and the final

  warning is issued when log disk use reaches 95%. The administrator can configure these thresholds and the action to take when the disk is full using the CLI command config log disk setting1

• Question 157:

  Refer to the exhibits.

  Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command.

  

  Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)

  A. For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.
  B. The traffic sourced from the client and destined to the server is sent to FGT-1.
  C. The cluster can load balance ICMP connections to the secondary.
  D. For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.
  A. For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.
  D. For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.

  ---

  Explanation/Reference:

  FortiGate Infrastructure 7.2 Study Guide (p.317 and p.320): "To forward traffic correctly, a FortiGate HA solution uses virtual MAC addresses." "The primary forwards the SYN packet to the selected secondary. (...) This is also known as MAC address rewrite. In addition, the primary encapsulates the packet in an Ethernet frame type 0x8891. The encapsulation is done only for the first packet of a load balanced session. The encapsulated packet includes the original packet plus session information that the secondary requires to process the traffic."

• Question 158:

  An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

  A. Policy lookup will be disabled.
  B. By Sequence view will be disabled.
  C. Search option will be disabled
  D. Interface Pair view will be disabled.
  D. Interface Pair view will be disabled.

  ---

  Explanation/Reference:

  https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821

• Question 159:

  By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.

  Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

  A. set fortiguard-anycast disable
  B. set webfilter-force-off disable
  C. set webfilter-cache disable
  D. set protocol tcp
  A. set fortiguard-anycast disable

  ---

  Explanation/Reference:

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48294

• Question 160:

  Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

  A. FortiCache
  B. FortiSIEM
  C. FortiAnalyzer
  D. FortiSandbox
  E. FortiCloud
  B. FortiSIEM
  C. FortiAnalyzer
  E. FortiCloud

  ---

  Explanation/Reference:

  Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reporting-overview