Fortinet Fortinet Certifications NSE4_FGT-7.2 Questions & Answers

• Question 161:

  An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

  A. The interface has been configured for one-arm sniffer.

  B. The interface is a member of a virtual wire pair.

  C. The operation mode is transparent.

  D. The interface is a member of a zone.

  E. Captive portal is enabled in the interface.

  Correct Answer: ABC

  https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm

• Question 162:

  Refer to the exhibit.

  The exhibit shows the output of a diagnose command.

  

  What does the output reveal about the policy route?

  A. It is an ISDB route in policy route.

  B. It is a regular policy route.

  C. It is an ISDB policy route with an SDWAN rule.

  D. It is an SDWAN rule in policy route.

  Correct Answer: D

  FortiGate Infrastructure 7.2 Study Guide (p.59): "ISDB routes and SD-WAN rules are assigned an ID higher than 65535. However, SD-WAN rule entries include the vwl_service field, and ISDB route entries don't."

• Question 163:

  Refer to the exhibit.

  

  Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

  A. The signature setting uses a custom rating threshold.

  B. The signature setting includes a group of other signatures.

  C. Traffic matching the signature will be allowed and logged.

  D. Traffic matching the signature will be silently dropped and logged.

  Correct Answer: D

  Select Block to silently drop traffic matching any of the signatures included in the entry. So, while the default action would be 'Pass' for this signature the administrator is specifically overriding that to set the Block action. To use the default action the setting would have to be 'Default'.

  Action is drop, signature default action is listed only in the signature, it would only match if action was set to default.

• Question 164:

  Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)

  A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

  B. The client FortiGate requires a manually added route to remote subnets.

  C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

  D. The server FortiGate requires a CA certificate to verify the client FortiGate certificate.

  Correct Answer: CD

  https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/508779/fortigate-as-ssl-vpn-client To establish an SSL VPN connection between two FortiGate devices, the following two settings are required: The server FortiGate requires a CA certificate to verify the client FortiGate certificate: The server FortiGate will use a CA (Certificate Authority) certificate to verify the client FortiGate certificate, ensuring that the client device is trusted and

  allowed to establish an SSL VPN connection.

  The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN: The client FortiGate must have an SSL VPN tunnel interface type configured in order to establish an SSL VPN connection. This interface type will be used

  to connect to the server FortiGate over the SSL VPN.

• Question 165:

  Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

  A. diagnose sys top

  B. execute ping

  C. execute traceroute

  D. diagnose sniffer packet any

  E. get system arp

  Correct Answer: BCD

• Question 166:

  In which two ways can RPF checking be disabled? (Choose two )

  A. Enable anti-replay in firewall policy.

  B. Disable the RPF check at the FortiGate interface level for the source check

  C. Enable asymmetric routing.

  D. Disable strict-arc-check under system settings.

  Correct Answer: CD

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955

• Question 167:

  What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

  A. It limits the scanning of application traffic to the DNS protocol only.

  B. It limits the scanning of application traffic to use parent signatures only.

  C. It limits the scanning of application traffic to the browser-based technology category only.

  D. It limits the scanning of application traffic to the application category only.

  Correct Answer: C

  FortiGate Security 7.2 Study Guide (p.317): "You can configure the URL Category within the same security policy; however, adding a URL filter causes application control to scan applications in only the browser-based technology category, for example, Facebook Messenger on the Facebook website."

• Question 168:

  Which two statements are correct about a software switch on FortiGate? (Choose two.)

  A. It can be configured only when FortiGate is operating in NAT mode

  B. Can act as a Layer 2 switch as well as a Layer 3 router

  C. All interfaces in the software switch share the same IP address

  D. It can group only physical interfaces

  Correct Answer: AC

• Question 169:

  Refer to the exhibit.

  

  Examine the intrusion prevention system (IPS) diagnostic command.

  Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

  A. The IPS engine was inspecting high volume of traffic.

  B. The IPS engine was unable to prevent an intrusion attack .

  C. The IPS engine was blocking all traffic.

  D. The IPS engine will continue to run in a normal state.

  Correct Answer: A

  fortinet-fortigate-security-study-guide-for-fortios-72 page 417 If there are high-CPU use problems caused by the IPS, you can use the diagnose test application ipsmonitor command with option 5 to isolate where the problem might be. Option 5 enables IPS bypass mode. In this mode, the IPS engine is still running, but it is not inspecting traffic. If the CPU use decreases after that, it usually indicates that the volume of traffic being inspected is too high for that FortiGate model.

  Reference: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpu-usage

• Question 170:

  An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

  A. Add the support of NTLM authentication.

  B. Add user accounts to Active Directory (AD).

  C. Add user accounts to the FortiGate group fitter.

  D. Add user accounts to the Ignore User List.

  Correct Answer: D

  Reference: https://community.fortinet.com/t5/Support-Forum/Collector-Agent-and-problem-getting-login-info/m-p/95481