Fortinet Fortinet Certifications NSE4_FGT-7.2 Questions & Answers

• Question 21:

  What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)

  A. Virtual IP addresses are used to distinguish between cluster members.

  B. Heartbeat interfaces have virtual IP addresses that are manually assigned.

  C. The primary device in the cluster is always assigned IP address 169.254.0.1.

  D. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

  Correct Answer: AD

  "FGCP automatically assigns the heartbeat IP addresses based on the serial number of each device. The IP address 169.254.0.1 is assigned to the device with the highest serial number."

  "A change in the heartbeat IP addresses may happen when a FortiGate device joins or leaves the cluster."

  "The HA cluster uses the heartbeat IP addresses to distinguish the cluster members and synchronize data."

  https://networkinterview.com/fortigate-ha-high-availability/

• Question 22:

  Refer to the web filter raw logs.

  

  Based on the raw logs shown in the exhibit, which statement is correct?

  A. Social networking web filter category is configured with the action set to authenticate.

  B. The action on firewall policy ID 1 is set to warning.

  C. Access to the social networking web filter category was explicitly blocked to all users.

  D. The name of the firewall policy is all_users_web.

  Correct Answer: A

• Question 23:

  What are two features of collector agent advanced mode? (Choose two.)

  A. In advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

  B. In advanced mode, security profiles can be applied only to user groups, not individual users.

  C. Advanced mode uses the Windows convention--NetBios: Domain\Username.

  D. Advanced mode supports nested or inherited groups.

  Correct Answer: AD

  In advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate. This is true because advanced mode allows FortiGate to query the LDAP server directly for user information and group membership, without relying on the collector agent. This enables FortiGate to apply security policies based on LDAP group filters, which can be configured on FortiGate1 Advanced mode supports nested or inherited groups. This is true because advanced mode can handle complex group structures, such as nested groups or inherited groups, where a user belongs to a group that is a member of another group. This allows FortiGate to apply security policies based on the effective group membership of a user, not just the direct group membership1

  FortiGate Infrastructure 7.2 Study Guide (p.146): "Also, advanced mode supports nested or inherited groups; that is, users can be members of subgroups that belong to monitored parent groups." "In advanced mode, you can configure FortiGate as an LDAP client and configure the group filters on FortiGate. You can also configure group filters on the collector agent."

• Question 24:

  You have enabled logging on a FortiGate device for event logs and all security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior when the local disk is full?

  A. No new log is recorded after the warning is issued when log disk use reaches the threshold of 95%.

  B. No new log is recorded until you manually clear logs from the local disk.

  C. Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.

  D. Logs are overwritten and the only warning is issued when log disk use reaches the threshold of 95%.

  Correct Answer: C

  config log disk setting

  set diskfull [ overwrite | nolog ]

  Action to take when disk is full. The system can overwrite the oldest log messages or stop logging when the disk is full. (default --> overwrite)

  config log memory global-setting

  set full-first-warning-threshold {integer}

  Log full first warning threshold as a percent. (default --> 75) Reference:

  https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/421620/config-log-disk- setting

  https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/418620/config-log-memory- global-setting

  Logs are overwritten and the first warning is issued when log disk use reaches the threshold of 75%.

  This is true because this is the default behavior of FortiGate when logging to the local disk. The local disk is the internal storage of FortiGate that can be used to store event logs and security logs. When the local disk is full, FortiGate will

  overwrite the oldest logs with the newest ones, and issue warnings at different thresholds of disk usage. The first warning is issued when log disk use reaches 75%, the second warning is issued when log disk use reaches 85%, and the final

  warning is issued when log disk use reaches 95%. The administrator can configure these thresholds and the action to take when the disk is full using the CLI command config log disk setting1

• Question 25:

  Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

  A. FortiGate points the collector agent to use a remote LDAP server.

  B. FortiGate uses the AD server as the collector agent.

  C. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

  D. FortiGate queries AD by using the LDAP to retrieve user group information.

  Correct Answer: CD

  https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

• Question 26:

  By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.

  Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

  A. set fortiguard-anycast disable

  B. set webfilter-force-off disable

  C. set webfilter-cache disable

  D. set protocol tcp

  Correct Answer: A

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48294

• Question 27:

  Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

  A. Heartbeat interfaces have virtual IP addresses that are manually assigned.

  B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

  C. Virtual IP addresses are used to distinguish between cluster members.

  D. The primary device in the cluster is always assigned IP address 169.254.0.1.

  Correct Answer: BC

• Question 28:

  Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)

  A. Source IP

  B. Spillover

  C. Volume

  D. Session

  Correct Answer: CD

  https://docs.fortinet.com/document/fortigate/6.0.0/handbook/49719/configuring-sd-wan-load-balancing

• Question 29:

  Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

  A. Extended authentication (XAuth) for faster authentication because fewer packets are exchanged

  B. Extended authentication (XAuth) to request the remote peer to provide a username and password

  C. No certificate is required on the remote peer when you set the certificate signature as the authentication method

  D. Pre-shared key and certificate signature as authentication methods

  Correct Answer: BD

  B. Extended authentication (XAuth) to request the remote peer to provide a username and password This is true because extended authentication (XAuth) is a feature that allows FortiGate to request the remote peer to provide a username and password during the IPsec IKEv1 authentication process. XAuth is an extension of the IKEv1 protocol that adds an additional authentication step after the main mode or aggressive mode exchange. XAuth can be used with either pre-shared key or certificate signature as the primary authentication method, and it can provide stronger security and granular access control for IPsec VPNs12 D. Pre-shared key and certificate signature as authentication methods This is true because pre-shared key and certificate signature are two authentication methods that are supported by FortiGate for IPsec IKEv1 VPNs. Pre-shared key is a method where both peers share a secret key that is used to authenticate each other during the IKEv1 exchange. Certificate signature is a method where both peers have digital certificates that are used to verify each other's identity and public key during the IKEv1 exchange. Both methods can be combined with XAuth for additional authentication

• Question 30:

  Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

  A. The collector agent uses a Windows API to query DCs for user logins.

  B. NetAPI polling can increase bandwidth usage in large networks.

  C. The collector agent must search security event logs.

  D. The NetSession Enum function is used to track user logouts.

  Correct Answer: D

  FortiGate_Infrastructure_7.0 page 270: "NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function in Windows."

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD34906 https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKCanddocType=kcandexternalId=FD34906andsliceId=1