1. Home
  2. Fortinet
  3. NSE4
  4. NSE4_FGT-7.2
  5. Fortinet NSE 4 - FortiOS 7.2 Questions and Answers

Pass the Fortinet NSE4 NSE4_FGT-7.2 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 6 pages
Viewing questions 11-20 out of questions
Questions # 11:

Examine the exhibit, which contains a virtual IP and firewall policy configuration.

Question # 11

Question # 11

The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port2) interface has the IP address 10.0. 1.254/24.

The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0. 1. 10/24?

Options:
A.

10.200. 1. 10

B.

Any available IP address in the WAN (port1) subnet 10.200. 1.0/24

66 of 108

C.

10.200. 1. 1

D.

10.0. 1.254

Expert Solution
Questions # 12:

85

Which statement regarding the firewall policy authentication timeout is true?

Options:
A.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

B.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

C.

It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

D.

It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Expert Solution
Questions # 13:

58

Refer to the exhibit.

Question # 13

An administrator is running a sniffer command as shown in the exhibit.

Which three pieces of information are included in the sniffer output? (Choose three.)

Options:
A.

Interface name

B.

Ethernet header

C.

IP header

D.

Application header

E.

Packet payload

Expert Solution
Questions # 14:

94

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

Options:
A.

The interface has been configured for one-arm sniffer.

B.

The interface is a member of a virtual wire pair.

C.

The operation mode is transparent.

D.

The interface is a member of a zone.

E.

Captive portal is enabled in the interface.

Expert Solution
Questions # 15:

84

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

Options:
A.

Subject Key Identifier value

B.

SMMIE Capabilities value

C.

Subject value

D.

Subject Alternative Name value

Expert Solution
Questions # 16:

Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.

When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.

Question # 16

Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?

Options:
A.

Configure a loopback interface with address 203.0.113.2/32.

B.

In the VIP configuration, enable arp-reply.

C.

Enable port forwarding on the server to map the external service port to the internal service port.

D.

In the firewall policy configuration, enable match-vip.

Expert Solution
Questions # 17:

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.

Which FortiGate configuration can achieve this goal?

Options:
A.

SSL VPN bookmark

B.

SSL VPN tunnel

C.

Zero trust network access

D.

SSL VPN quick connection

Expert Solution
Questions # 18:

An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value.

Which timeout option should be configured on FortiGate?

Options:
A.

auth-on-demand

B.

soft-timeout

C.

idle-timeout

D.

new-session

E.

hard-timeout

Expert Solution
Questions # 19:

24

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on

which device?

Options:
A.

FortiManager

B.

Root FortiGate

C.

FortiAnalyzer

D.

Downstream FortiGate

Expert Solution
Questions # 20:

95

Examine this output from a debug flow:

Question # 20

Why did the FortiGate drop the packet?

Options:
A.

The next-hop IP address is unreachable.

B.

It failed the RPF check .

C.

It matched an explicitly configured firewall policy with the action DENY.

D.

It matched the default implicit firewall policy.

Expert Solution
Viewing page 2 out of 6 pages
Viewing questions 11-20 out of questions