Fortinet NSE4_FGT-7.2 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-7.2 Online Questions & Answers

• Question 171:

  Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

  A. hard-timeout
  B. auth-on-demand
  C. soft-timeout
  D. new-session
  E. Idle-timeout
  A. hard-timeout
  D. new-session
  E. Idle-timeout

  ---

  Explanation/Reference:

  https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221

• Question 172:

  An administrator needs to increase network bandwidth and provide redundancy.

  What interface type must the administrator select to bind multiple FortiGate interfaces?

  A. VLAN interface
  B. Software Switch interface
  C. Aggregate interface
  D. Redundant interface
  C. Aggregate interface

  ---

  Explanation/Reference:

  An aggregate interface is a logical interface that combines two or more physical interfaces into one virtual interface1. An aggregate interface can increase network bandwidth and provide redundancy by distributing traffic across multiple physical interfaces using a load balancing algorithm1. An aggregate interface can also support link aggregation control protocol (LACP) to negotiate the link aggregation settings with the connected device1.

  Reference: https://forum.fortinet.com/tm .aspx?m=120324 https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/567758/aggregation-and-redundancy

• Question 173:

  An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

  A. Add the support of NTLM authentication.
  B. Add user accounts to Active Directory (AD).
  C. Add user accounts to the FortiGate group fitter.
  D. Add user accounts to the Ignore User List.
  D. Add user accounts to the Ignore User List.

  ---

  Explanation/Reference:

  Reference: https://community.fortinet.com/t5/Support-Forum/Collector-Agent-and-problem-getting-login-info/m-p/95481

• Question 174:

  How does FortiGate act when using SSL VPN in web mode?

  A. FortiGate acts as an FDS server.
  B. FortiGate acts as an HTTP reverse proxy.
  C. FortiGate acts as DNS server.
  D. FortiGate acts as router.
  B. FortiGate acts as an HTTP reverse proxy.

  ---

  Explanation/Reference:

  Reference: https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/Fortigate_v4.0MR3/fortigate-sslvpn-40-mr3.pdf

• Question 175:

  An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.

  What is true about the DNS connection to a FortiGuard server?

  A. It uses UDP 8888.
  B. It uses UDP 53.
  C. It uses DNS over HTTPS.
  D. It uses DNS overTLS.
  D. It uses DNS overTLS.

  ---

  Explanation/Reference:

  FortiGate Security 7.2 Study Guide (p.15): "When using FortiGuard servers for DNS, FortiOS uses DNS over TLS (DoT) by default to secure the DNS traffic."

  When using FortiGuard servers for DNS, FortiOS defaults to using DNS over TLS (DoT) to secure the DNS traffic1. DNS over TLS is a protocol that encrypts and authenticates DNS queries and responses using the Transport Layer Security (TLS) protocol2. This prevents eavesdropping, tampering, and spoofing of DNS data by third parties. The default FortiGuard DNS servers are 96.45.45.45 and 96.45.46.46, and they use the hostname globalsdns.fortinet.net1. The FortiGate verifies the server hostname using the server-hostname setting in the system dns configuration1.

• Question 176:

  Refer to the exhibit to view the firewall policy.

  

  Why would the firewall policy not block a well-known virus, for example eicar?

  A. Web filter is not enabled on the firewall policy to complement the antivirus profile.
  B. The firewall policy is not configured in proxy-based inspection mode.
  C. The firewall policy does not apply deep content inspection.
  D. The action on the firewall policy is not set to deny.
  C. The firewall policy does not apply deep content inspection.

  ---

  Explanation/Reference:

• Question 177:

  Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

  A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
  B. To finish any inspection operations
  C. To remove the NAT operation
  D. To generate logs
  A. To allow for out-of-order packets that could arrive after the FIN/ACK packets

  ---

  Explanation/Reference:

  TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end. This is called a half-close. FortiGate unit implements a specific timer before removing an entry in the firewall session table.

• Question 178:

  On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

  A. System event logs
  B. Forward traffic logs
  C. Local traffic logs
  D. Security logs
  C. Local traffic logs

  ---

  Explanation/Reference:

  Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/476970 Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces. FortiGate Security 7.2 Study Guide (p.176): "Local traffic logs contain information about traffic directly to and from the FortiGate management IP addresses. They also include connections to the GUI and FortiGuard queries."

• Question 179:

  Which statement describes a characteristic of automation stitches?

  A. They can have one or more triggers.
  B. They can be run only on devices in the Security Fabric.
  C. They can run multiple actions simultaneously.
  D. They can be created on any device in the fabric.
  C. They can run multiple actions simultaneously.

  ---

  Explanation/Reference:

  Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/351998/creating-automation-stitches https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/139441/automation-stitches

• Question 180:

  Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

  A. The public key of the web server certificate must be installed on the browser.
  B. The web-server certificate must be installed on the browser.
  C. The CA certificate that signed the web-server certificate must be installed on the browser.
  D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
  C. The CA certificate that signed the web-server certificate must be installed on the browser.