NSE4_FGT-7.2 Fortinet Exam Questions and Free Practice Test

Question 7

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

A. Source defined as Internet Services in the firewall policy.

B. Destination defined as Internet Services in the firewall policy.

C. Highest to lowest priority defined in the firewall policy.

D. Services defined in the firewall policy.

E. Lowest to highest policy ID number.

Correct Answer:ABD
When a packet arrives, how does FortiGate find a matching policy? Each policy has match criteria, which you can define using the following objects:
• Incoming Interface
• Outgoing Interface
• Source: IP address, user, internet services
• Destination: IP address or internet services
• Service: IP protocol and port number
• Schedule: Applies during configured times

Question 8

Which of the following statements about central NAT are true? (Choose two.)

A. IP tool references must be removed from existing firewall policies before enabling central NAT .

B. Central NAT can be enabled or disabled from the CLI only.

C. Source NAT, using central NAT, requires at least one central SNAT policy.

D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Correct Answer:AB

Question 9

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A. A CRL

B. A person

C. A subordinate CA

D. A root CA

Correct Answer:D

Question 10

Refer to the exhibits.
Exhibit A.
NSE4_FGT-7.2 dumps exhibit
Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?

A. Change the csf setting on Local-FortiGate (root) to set configuration-sync local.

B. Change the csf setting on ISFW (downstream) to set configuration-sync local.

C. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

D. Change the csf setting on ISFW (downstream) to set fabric-object-unification default.

Correct Answer:C

Question 11

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

A. Warning

B. Exempt

C. Allow

D. Learn

Correct Answer:AC

Question 12

Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
NSE4_FGT-7.2 dumps exhibit

If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

A. 10.0.1.254, 10.0.1.10, and 443, respectively

B. 10.0.1.254, 10.0.1.10, and 10443, respectively

C. 10.200.3.1, 10.0.1.10, and 443, respectively

Correct Answer:C

START NSE4_FGT-7.2 EXAM