Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Exam
Fortinet NSE 4 - FortiOS 7.2 (Page 5 )

Updated On: 12-Feb-2026
Page 5 of 36
PDF with 174 Questions

Refer to the exhibit.



Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

  1. Traffic between port2 and port2-vlan1 is allowed by default.
  2. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
  3. port1 is a native VLAN.
  4. port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

Answer(s): C,D

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-rules-about-VLAN-configuration-and- VDOM-interf https://kb.fortinet.com/kb/viewContent.do?externalId=FD30883



Which statement about video filtering on FortiGate is true?

  1. Full SSL Inspection is not required.
  2. It is available only on a proxy-based firewall policy.
  3. It inspects video files hosted on file sharing services.
  4. Video filtering FortiGuard categories are based on web filter FortiGuard categories.

Answer(s): B


Reference:

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/190873/video-filtering



Refer to the exhibit.



Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

  1. There are five devices that are part of the security fabric.
  2. Device detection is disabled on all FortiGate devices.
  3. This security fabric topology is a logical topology view.
  4. There are 19 security recommendations for the security fabric.

Answer(s): C,D


Reference:

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/761085/results https://docs.fortinet.com/document/fortimanager/6.2.0/new-features/736125/security-fabric- topology



A network administrator has enabled SSL certificate inspection and antivirus on FortiGate.
When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file.
When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?

  1. The website is exempted from SSL inspection.
  2. The EICAR test file exceeds the protocol options oversize limit.
  3. The selected SSL inspection profile has certificate inspection enabled.
  4. The browser does not trust the FortiGate self-signed CA certificate.

Answer(s): A,C

Explanation:

SSL Inspection Profile, on the Inspection method there are 2 options to choose from, SSL Certificate Inspection or Full SSL Inspection. FG SEC 7.2 Studi Guide: Full SSL Inspection level is the only choice that allows antivirus to be effective.



Refer to the exhibits.





Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

  1. Administrators can access FortiGate only through the console port.
  2. FortiGate has entered conserve mode.
  3. FortiGate will start sending all files to FortiSandbox for inspection.
  4. Administrators cannot change the configuration.

Answer(s): B,D


Reference:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Conserve-mode-changes/ta- p/198502

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Conserve-mode-changes/ta-p/198502

configurable thresholds
Though it is recommended to keep the default memory threshold, a new CLI command has been added to allow administrators to adjust the thresholds.

Default values are :
- red : 88% of total memory is considered "used memory"
- extreme : 95% of total memory is considered "used memory"
- green : 82% of total memory is considered "used memory"






Post your Comments and Discuss Fortinet NSE4_FGT-7.2 exam prep with other Community members:

Join the NSE4_FGT-7.2 Discussion