Fortinet Fortinet Certifications NSE4_FGT-7.2 Questions & Answers

• Question 171:

  Which two statements are correct about SLA targets? (Choose two.)

  A. You can configure only two SLA targets per one Performance SLA.

  B. SLA targets are optional.

  C. SLA targets are required for SD-WAN rules with a Best Quality strategy.

  D. SLA targets are used only when referenced by an SD-WAN rule.

  Correct Answer: BD

  Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/382233/performance-sla-sla-targets

• Question 172:

  Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

  A. VDOMs without ports with connected devices are not displayed in the topology.

  B. Downstream devices can connect to the upstream device from any of their VDOMs.

  C. Security rating reports can be run individually for each configured VDOM.

  D. Each VDOM in the environment can be part of a different Security Fabric.

  Correct Answer: A

  FortiGate Security 7.2 Study Guide (p.436): "When you configure FortiGate devices in multi-vdom mode and add them to the Security Fabric, each VDOM with its assigned ports is displayed when one or more devices are detected. Only the ports with discovered and connected devices appear in the Security Fabric view and, because of this, you must enable Device Detection on ports you want to have displayed in the Security Fabric. VDOMs without ports with connected devices are not displayed. All VDOMs configured must be part of a single Security Fabric."

• Question 173:

  Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

  A. Shut down/reboot a downstream FortiGate device.

  B. Disable FortiAnalyzer logging for a downstream FortiGate device.

  C. Log in to a downstream FortiSwitch device.

  D. Ban or unban compromised hosts.

  Correct Answer: AB

• Question 174:

  An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

  A. Policy lookup will be disabled.

  B. By Sequence view will be disabled.

  C. Search option will be disabled

  D. Interface Pair view will be disabled.

  Correct Answer: D

  https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821

• Question 175:

  What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)

  A. FortiGate uses fewer resources.

  B. FortiGate performs a more exhaustive inspection on traffic.

  C. FortiGate adds less latency to traffic.

  D. FortiGate allocates two sessions per connection.

  Correct Answer: AC

  Reference: https://community.fortinet.com/t5/Support-Forum/Proxy-based-vs-Flow-based- Inspection-Mode-for-Web-Filter/m-p/19204

  Flow-based inspection is a type of traffic inspection that is used by some firewall devices, including FortiGate, to analyze network traffic. It is designed to be more efficient and less resource-intensive than proxy-based inspection, and it offers

  several benefits over this approach.

  Two benefits of flow-based inspection compared to proxy-based inspection are:

  FortiGate uses fewer resources: Flow-based inspection uses fewer resources than proxy- based inspection, which can help to improve the performance of the firewall device and reduce the impact on overall system performance.

  FortiGate adds less latency to traffic: Flow-based inspection adds less latency to traffic than proxy-based inspection, which can be important for real-time applications or other types of traffic that require low latency.

• Question 176:

  Refer to the exhibit.

  

  The exhibit shows the IPS sensor configuration.

  If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

  A. The sensor will allow attackers matching the Microsoft Windows.iSCSI.Target.DoS signature.

  B. The sensor will block all attacks aimed at Windows servers.

  C. The sensor will reset all connections that match these signatures.

  D. The sensor will gather a packet log for all matched traffic.

  Correct Answer: AB

• Question 177:

  An administrator has configured the following settings:

  

  What are the two results of this configuration? (Choose two.)

  A. Device detection on all interfaces is enforced for 30 minutes.

  B. Denied users are blocked for 30 minutes.

  C. A session for denied traffic is created.

  D. The number of logs generated by denied traffic is reduced.

  Correct Answer: CD

  ses-denied-traffic Enable/disable including denied session in the session table. https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/20620/config-system-settings

  block-session-timer Duration in seconds for blocked sessions . integer Minimum value: 1 Maximum value: 300 https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/1620/config-system-global

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46328

• Question 178:

  What are two scanning techniques supported by FortiGate? (Choose two.)

  A. Machine learning scan

  B. Antivirus scan

  C. Ransomware scan

  D. Trojan scan

  Correct Answer: AB

• Question 179:

  Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

  A. diagnose wad session list

  B. diagnose wad session list | grep hook-preandandhook-out

  C. diagnose wad session list | grep hook=preandandhook=out

  D. diagnose wad session list | grep "hook=pre"and"hook=out"

  Correct Answer: A

• Question 180:

  Which three statements are true regarding session-based authentication? (Choose three.)

  A. HTTP sessions are treated as a single user.

  B. IP sessions from the same source IP address are treated as a single user.

  C. It can differentiate among multiple clients behind the same source IP address.

  D. It requires more resources.

  E. It is not recommended if multiple users are behind the source NAT

  Correct Answer: ACD