1. Home
  2. Fortinet
  3. NSE4_FGT-7.2

Fortinet NSE 4 - FortiOS 7.2

Exam Details

  • Exam Code
    :NSE4_FGT-7.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 7.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :185 Q&As
  • Last Updated
    :Jun 12, 2025

Fortinet Fortinet Certifications NSE4_FGT-7.2 Questions & Answers

  • Question 41:

    Refer to exhibit.

    An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

    Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

    A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking

    B. On the Static URL Filter configuration, set Type to Simple

    C. On the Static URL Filter configuration, set Action to Exempt.

    D. On the Static URL Filter configuration, set Action to Monitor.

  • Question 42:

    Refer to the exhibit.

    Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

    A. There are five devices that are part of the security fabric.

    B. Device detection is disabled on all FortiGate devices.

    C. This security fabric topology is a logical topology view.

    D. There are 19 security recommendations for the security fabric.

  • Question 43:

    The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

    A. DNS-based web filter and proxy-based web filter

    B. Static URL filter, FortiGuard category filter, and advanced filters

    C. Static domain filter, SSL inspection filter, and external connectors filters

    D. FortiGuard category filter and rating filter

  • Question 44:

    Which scanning technique on FortiGate can be enabled only on the CLI?

    A. Heuristics scan

    B. Trojan scan

    C. Antivirus scan

    D. Ransomware scan

  • Question 45:

    How does FortiGate act when using SSL VPN in web mode?

    A. FortiGate acts as an FDS server.

    B. FortiGate acts as an HTTP reverse proxy.

    C. FortiGate acts as DNS server.

    D. FortiGate acts as router.

  • Question 46:

    Refer to the exhibit.

    An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic. Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

    A. The Detection Mode setting is not set to Passive.

    B. Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid.

    C. The configured participants are not SD-WAN members.

    D. The Enable probe packets setting is not enabled.

  • Question 47:

    Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

    A. Warning

    B. Exempt

    C. Allow

    D. Learn

  • Question 48:

    Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

    A. Log downloads from the GUI are limited to the current filter view

    B. Log backups from the CLI cannot be restored to another FortiGate.

    C. Log backups from the CLI can be configured to upload to FTP as a scheduled time

    D. Log downloads from the GUI are stored as LZ4 compressed files.

  • Question 49:

    FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

    A. www.example.com:443

    B. www.example.com

    C. example.com

    D. www.example.com/index.html

  • Question 50:

    Refer to the exhibit.

    A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

    Based on the phase 2 configuration shown in the exhibit, which configuration change will bring phase 2 up?

    A. On Remote-FortiGate, set Seconds to 43200.

    B. On HQ-FortiGate, set Encryption to AES256.

    C. On HQ-FortiGate, enable Diffie-Hellman Group 2.

    D. On HQ-FortiGate, enable Auto-negotiate.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-7.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.