Question 7

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Correct Answer:ABD
When a packet arrives, how does FortiGate find a matching policy? Each policy has match criteria, which you can define using the following objects:
• Incoming Interface
• Outgoing Interface
• Source: IP address, user, internet services
• Destination: IP address or internet services
• Service: IP protocol and port number
• Schedule: Applies during configured times

Question 8

Which of the following statements about central NAT are true? (Choose two.)

Correct Answer:AB

Question 9

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

Correct Answer:D

Question 10

Refer to the exhibits.
Exhibit A.
NSE4_FGT-7.2 dumps exhibit
Exhibit B.
NSE4_FGT-7.2 dumps exhibit
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?

Correct Answer:C

Question 11

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

Correct Answer:AC

Question 12

Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
NSE4_FGT-7.2 dumps exhibit
NSE4_FGT-7.2 dumps exhibit
If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

Correct Answer:C

START NSE4_FGT-7.2 EXAM