Online NSE4_FGT-7.2 Practice TestMore Fortinet Products >

Free Fortinet NSE4_FGT-7.2 Exam Dumps Questions

Fortinet NSE4_FGT-7.2: Fortinet NSE 4 - FortiOS 7.2

- Get instant access to NSE4_FGT-7.2 practice exam questions

- Get ready to pass the Fortinet NSE 4 - FortiOS 7.2 exam right now using our Fortinet NSE4_FGT-7.2 exam package, which includes Fortinet NSE4_FGT-7.2 practice test plus an Fortinet NSE4_FGT-7.2 Exam Simulator.

- The best online NSE4_FGT-7.2 exam study material and preparation tool is here.

4.5

(4515 ratings)

Question 1

Refer to the exhibit.
NSE4_FGT-7.2 dumps exhibit

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration. The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10.0. 1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1). Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

A. 10.200. 1. 149

B. 10.200. 1. 1

C. 10.200. 1.49

D. 10.200. 1.99

Correct Answer:D

Question 2

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)

A. The website is exempted from SSL inspection.

B. The EICAR test file exceeds the protocol options oversize limit.

C. The selected SSL inspection profile has certificate inspection enabled.

D. The browser does not trust the FortiGate self-signed CA certificate.

Correct Answer:AD

Question 3

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?

A. It uses UDP 8888.

B. It uses UDP 53.

C. It uses DNS over HTTPS.

D. It uses DNS overTLS.

Correct Answer:B

Question 4

Refer to the exhibit, which contains a session diagnostic output.
NSE4_FGT-7.2 dumps exhibit
Which statement is true about the session diagnostic output?

A. The session is a UDP unidirectional state.

B. The session is in TCP ESTABLISHED state.

C. The session is a bidirectional UDP connection.

D. The session is a bidirectional TCP connection.

Correct Answer:C
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042

Question 5

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

A. Web filter in flow-based inspection

B. Antivirus in flow-based inspection

C. DNS filter

D. Web application firewall

E. Application control

Correct Answer:ABE
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/739623/dns-filter-handled-by-ips-engine-in-flow

Question 6

Which statement about the IP authentication header (AH) used by IPsec is true?

A. AH does not provide any data integrity or encryption.

B. AH does not support perfect forward secrecy.

C. AH provides data integrity bur no encryption.

D. AH provides strong data integrity but weak encryption.

Correct Answer:C

START NSE4_FGT-7.2 EXAM