Fortinet Fortinet Certifications NSE4_FGT-7.2 Questions & Answers

• Question 181:

  Which statement about the IP authentication header (AH) used by IPsec is true?

  A. AH does not provide any data integrity or encryption.

  B. AH does not support perfect forward secrecy.

  C. AH provides data integrity bur no encryption.

  D. AH provides strong data integrity but weak encryption.

  Correct Answer: C

• Question 182:

  Refer to the exhibit.

  

  Based on the ZTNA tag, the security posture of the remote endpoint has changed. What will happen to endpoint active ZTNA sessions?

  A. They will be re-evaluated to match the endpoint policy.

  B. They will be re-evaluated to match the firewall policy.

  C. They will be re-evaluated to match the ZTNA policy.

  D. They will be re-evaluated to match the security policy.

  Correct Answer: C

  https://docs.fortinet.com/document/fortigate/7.0.0/new-features/580880/posture-check-verification-for-active-ztna-proxy-session-7-0-2

  FortiGate Infrastructure 7.2 Study Guide (p.182): "Endpoint posture changes trigger active ZTNA proxy sessions to be re-verified and terminated if the endpoint is no longer compliant with the ZTNA policy."

• Question 183:

  Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

  A. get system status

  B. get system performance status

  C. diagnose sys top

  D. get system arp

  Correct Answer: D

  "If you suspect that there is an IP address conflict, or that an IP has been assigned to the wrong device, you may need to look at the ARP table."

• Question 184:

  Which two statements are true about the FGCP protocol? (Choose two.)

  A. FGCP elects the primary FortiGate device.

  B. FGCP is not used when FortiGate is in transparent mode.

  C. FGCP runs only over the heartbeat links.

  D. FGCP is used to discover FortiGate devices in different HA groups.

  Correct Answer: AC

  The FGCP (FortiGate Clustering Protocol) is a protocol that is used to manage high availability (HA) clusters of FortiGate devices. It performs several functions, including the following:

  FGCP elects the primary FortiGate device: In an HA cluster, FGCP is used to determine which FortiGate device will be the primary device, responsible for handling traffic and making decisions about what to allow or block. FGCP uses a

  variety of factors, such as the device's priority, to determine which device should be the primary.

  FGCP runs only over the heartbeat links: FGCP communicates between FortiGate devices in the HA cluster using the heartbeat links. These are dedicated links that are used to exchange status and control information between the devices.

  FGCP does not run over other types of links, such as data links.

  Reference:

  https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcp-fortigate-clustering-protocol

  FortiGate Infrastructure 7.2 Study Guide (p.292): "FortiGate HA uses the Fortinet- proprietary FortiGate Clustering Protocol (FGCP) to discover members, elect the primary FortiGate, synchronize data among members, and monitor the health

  of members. To discover and monitor members, the members broadcast heartbeat packets over all configured heartbeat interfaces."

• Question 185:

  An administrator has a requirement to keep an application session from timing out on port 80.

  What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

  A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

  B. Create a new service object for HTTP service and set the session TTL to never

  C. Set the TTL value to never under config system-ttl

  D. Set the session TTL on the HTTP policy to maximum

  Correct Answer: BC