NSE4_FGT-7.2 Fortinet NSE 4 - FortiOS 7.2 exact Exam Questions

Fortinet NSE 4 - FortiOS 7.2

Last Update 10 hours ago Total Questions : 170

The Fortinet NSE 4 - FortiOS 7.2 content is now fully updated, with all current exam questions added 10 hours ago. Deciding to include NSE4_FGT-7.2 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our NSE4_FGT-7.2 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these NSE4_FGT-7.2 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Fortinet NSE 4 - FortiOS 7.2 practice test comfortably within the allotted time.

Question # 21

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

Browsers can be configured to retrieve this PAC file from the FortiGate.

Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.

All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.

Any web request fortinet.com is allowed to bypass the proxy.

Question # 22

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

VDOMs without ports with connected devices are not displayed in the topology.

Downstream devices can connect to the upstream device from any of their VDOMs.

Security rating reports can be run individually for each configured VDOM.

Each VDOM in the environment can be part of a different Security Fabric.

Question # 23

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

FortiGuard web filter cache

FortiGate hostname

NTP

DNS

Question # 24

109

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides

(client and server) have terminated the session?

To remove the NAT operation.

To generate logs

To finish any inspection operations.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Question # 25

Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24.

The LAN (port3) interface has the IP address 10 .0.1.254. /24.

The first firewall policy has NAT enabled using IP Pool.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0. 1. 10?

10.200. 1. 1

10.200.3. 1

10.200. 1. 100

10.200. 1. 10

Question # 26

An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value.

Which timeout option should be configured on FortiGate?

auth-on-demand

soft-timeout

idle-timeout

new-session

hard-timeout

Question # 27

Which statement correctly describes the use of reliable logging on FortiGate?

Reliable logging is enabled by default in all configuration scenarios.

Reliable logging is required to encrypt the transmission of logs.

Reliable logging can be configured only using the CLI.

Reliable logging prevents the loss of logs when the local disk is full.

Question # 28

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

* All traffic must be routed through the primary tunnel when both tunnels are up

* The secondary tunnel must be used only if the primary tunnel goes down

* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

Enable Dead Peer Detection.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Question # 29

Examine the exhibit, which contains a virtual IP and firewall policy configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port2) interface has the IP address 10.0. 1.254/24.

The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0. 1. 10/24?

10.200. 1. 10

Any available IP address in the WAN (port1) subnet 10.200. 1.0/24

66 of 108

10.200. 1. 1

10.0. 1.254