Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-7.2

Free Fortinet NSE4_FGT-7.2 Exam Questions (page: 7)

Page 7 of 45
PDF with 174 Questions

Refer to the exhibits.





An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

  1. Change the csf setting on ISFW (downstream) to set configuration-sync local.
  2. Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.
  3. Change the csf setting on both devices to set downstream-access enable.
  4. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

Answer(s): C


Reference:

https://docs.fortinet.com/document/fortigate/6.4.5/administration- guide/880913/synchronizing-objects-across-the-security-fabric



Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

  1. System time
  2. FortiGuaid update servers
  3. Operating mode
  4. NGFW mode

Answer(s): C,D

Explanation:

C: "Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.
D: "Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection- mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in

System > Settings from the VDOM" Page 125 of FortiGate_Infrastructure_6.4_Study_Guide



Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

  1. The security actions applied on the web applications will also be explicitly applied on the third- party websites.
  2. The application signature database inspects traffic only from the original web application server.
  3. FortiGuard maintains only one signature of each web application that is unique.
  4. FortiGate can inspect sub-application traffic regardless where it was originated.

Answer(s): D


Reference:

https://help.fortinet.com/fortiproxy/11/Content/Admin%20Guides/FPX- AdminGuide/300_System/303d_FortiG



An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?

  1. Disabled
  2. On Demand
  3. Enabled
  4. On Idle

Answer(s): D


Reference:

https://kb.fortinet.com/kb/documentLink .do?externalID=FD40813



Viewing page 7 of 45



Post your Comments and Discuss Fortinet NSE4_FGT-7.2 exam prep with other Community members:

NSE4_FGT-7.2 Exam Discussions & Posts