1. Home
  2. Fortinet
  3. NSE4_FGT-7.2

Fortinet NSE 4 - FortiOS 7.2

Exam Details

  • Exam Code
    :NSE4_FGT-7.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 7.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :185 Q&As
  • Last Updated
    :Jun 12, 2025

Fortinet Fortinet Certifications NSE4_FGT-7.2 Questions & Answers

  • Question 31:

    Consider the topology:

    Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.

    An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to

    increase or disable this timeout.

    The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

    What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

    A. Set the maximum session TTL value for the TELNET service object.

    B. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

    C. Create a new service object for TELNET and set the maximum session TTL.

    D. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

  • Question 32:

    Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

    A. The public key of the web server certificate must be installed on the browser.

    B. The web-server certificate must be installed on the browser.

    C. The CA certificate that signed the web-server certificate must be installed on the browser.

    D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

  • Question 33:

    Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

    A. DNS

    B. ping

    C. udp-echo

    D. TWAMP

  • Question 34:

    View the exhibit.

    Which of the following statements are correct? (Choose two.)

    A. This setup requires at least two firewall policies with the action set to IPsec.

    B. Dead peer detection must be disabled to support this type of IPsec setup.

    C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

    D. This is a redundant IPsec setup.

  • Question 35:

    Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

    A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

    B. ADVPN is only supported with IKEv2.

    C. Tunnels are negotiated dynamically between spokes.

    D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

  • Question 36:

    An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.

    What is true about the DNS connection to a FortiGuard server?

    A. It uses UDP 8888.

    B. It uses UDP 53.

    C. It uses DNS over HTTPS.

    D. It uses DNS overTLS.

  • Question 37:

    Refer to the exhibit.

    Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

    A. Destination NAT is disabled in the firewall policy.

    B. One-to-one NAT IP pool is used in the firewall policy.

    C. Overload NAT IP pool is used in the firewall policy.

    D. Port block allocation IP pool is used in the firewall policy.

  • Question 38:

    Which statement regarding the firewall policy authentication timeout is true?

    A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

    C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

    D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

  • Question 39:

    Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)

    A. FortiGate uses the AD server as the collector agent.

    B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

    C. FortiGate does not support workstation check .

    D. FortiGate directs the collector agent to use a remote LDAP server.

  • Question 40:

    Which of the following statements about central NAT are true? (Choose two.)

    A. IP tool references must be removed from existing firewall policies before enabling central NAT .

    B. Central NAT can be enabled or disabled from the CLI only.

    C. Source NAT, using central NAT, requires at least one central SNAT policy.

    D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-7.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.