Free NSE4_FGT-7.2 Sample Questions — Fortinet NSE 4 - FortiOS 7.2

What is a reason for triggering IPS fail open?

• A. The IPS socket buffer is full and the IPS engine cannot process additional packets
• B. The IPS engine cannot decode a packet
• C. The IPS engine is upgraded
• D. The administrator enabled NTurbo acceleration

Which two statements are true about the FGCP protocol? (Choose two.)

• A. FGCP elects the primary FortiGate device
• B. FGCP is not used when FortiGate is in transparent mode
• C. FGCP runs only over the heartbeat links
• D. FGCP is used to discover FortiGate devices in different HA groups

An administrator needs to increase network bandwidth and provide redundancy. Which interface type must the administrator select to bind multiple FortiGate interfaces?

• A. Redundant interface
• B. Software switch interface
• C. VLAN interface
• D. Aggregate interface

FortiGate is integrated with FortiAnalyzer and FortiManager. When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager?

• A. Policy ID
• B. Log ID
• C. Sequence ID
• D. Universally Unique Identifier

The IPS engine is used by which three security features? (Choose three.)

• A. Antivirus in flow-based inspection
• B. Web filter in flow-based inspection
• C. Application control
• D. DNS filter
• E. Web application firewall

Which inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

• A. Flow-based inspection
• B. Full content inspection
• C. Certificate inspection
• D. Proxy-based inspection

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

• A. The host field in the HTTP header
• B. The subject alternative name (SAN) field in the server certificate
• C. The subject field in the server certificate
• D. The server name indication (SNI) extension in the client hello message
• E. The serial number in the server certificate

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

• A. FortiGuard web filter cache
• B. FortiGate hostname
• C. DNS
• D. NTP

What are two features of the NGFW policy-based mode? (Choose two.)

• A. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
• B. NGFW policy-based mode does not require the use of central source NAT policy
• C. NGFW policy-based mode policies support only flow inspection
• D. NGFW policy-based mode can only be applied globally and not on individual VDOMs

On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

• A. Forward traffic logs
• B. Local traffic logs
• C. Security logs
• D. System event logs

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface. In this scenario, what are two requirements for the VLAN ID? (Choose two.)

• A. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet
• B. The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs
• C. The two VLAN subinterfaces must have different VLAN IDs
• D. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in different subnets

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

• A. It limits the scanning of application traffic to the browser-based technology category only
• B. It limits the scanning of application traffic to the DNS protocol only
• C. It limits the scanning of application traffic to use parent signatures only
• D. It limits the scanning of application traffic to the application category only

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?

• A. It uses UDP 8888
• B. It uses UDP 53
• C. It uses DNS over HTTPS
• D. It uses DNS over TLS

Which two types of traffic are managed only by the management VDOM? (Choose two.)

• A. DNS
• B. FortiGuard web filter queries
• C. PKi
• D. Traffic shaping

Which statement about video filtering on FortiGate is true?

• A. Video filtering FortiGuard categories are based on web filter FortiGuard categories
• B. It does not require a separate FortiGuard license
• C. Full SSL inspection is not required
• D. Otis available only on a proxy-based firewall policy

What are two characteristics of FortiGate HA cluster virtual IP addresses? (Choose two.)

• A. Virtual IP addresses are used to distinguish between cluster members
• B. Heartbeat interfaces have virtual IP addresses that are manually assigned
• C. The primary device in the cluster is always assigned IP address 169.254.0.1.
• D. change in the virtual IP address happens when a FortiGate device joins or leaves the cluster

An administrator wants to simplify remote access without asking users to provide user credentials. Which access control method provides this solution?

• A. ZTNA IP/MAC filtering mode
• B. ZTNA access proxy
• C. SSL VPN
• D. L2TP

Which statement describes a characteristic of automation stitches?

• A. They can have one or more triggers
• B. They can be run only on devices in the Security Fabric
• C. They can run multiple actions simultaneously
• D. They can be created on any device in the fabric

Which statement is correct regarding the security fabric?

• A. FortiManager is one of the required member devices
• B. FortiGate devices must be operating in NAT mode
• C. minimum of two Fortinet devices is required
• D. FortiGate Cloud cannot be used for logging purposes

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded. The administrator confirms that the traffic matches the configured firewall policy. What are two reasons for the failed virus detection by FortiGate? (Choose two.)

• A. The website is exempted from SSL inspection
• B. The EICAR test file exceeds the protocol options oversize limit
• C. The selected SSL inspection profile has certificate inspection enabled
• D. The browser does not trust the FortiGate self-signed CA certificate