Fortinet NSE4_FGT-7.2 Real Exam Questions Test Engine Dumps Training With 175 Questions [Q24-Q40]

NEW QUESTION 24
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?

Configure Source IP Pools.

Configure split tunneling in tunnel mode.

Configure different SSL VPN realms.

Configure host check .

NEW QUESTION 25
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

The collector agent uses a Windows API to query DCs for user logins.

NetAPI polling can increase bandwidth usage in large networks.

The collector agent must search security event logs.

The NetSession Enum function is used to track user logouts.

NEW QUESTION 26
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)

Source IP

Spillover

Volume

Session

NEW QUESTION 27
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

Add the support of NTLM authentication.

Add user accounts to Active Directory (AD).

Add user accounts to the FortiGate group fitter.

Add user accounts to the Ignore User List.

NEW QUESTION 28
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection?
(Choose two.)

The keyUsage extension must be set to keyCertSign.

The common name on the subject field must use a wildcard name.

The issuer must be a public CA.

The CA extension must be set to TRUE.

NEW QUESTION 29
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

The interface has been configured for one-arm sniffer.

The interface is a member of a virtual wire pair.

The operation mode is transparent.

The interface is a member of a zone.

Captive portal is enabled in the interface.

NEW QUESTION 30
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

The administrator can register the same FortiToken on more than one FortiGate.

The administrator must use a FortiAuthenticator device

The administrator can use a third-party radius OTP server.

The administrator must use the user self-registration server.

NEW QUESTION 31
Refer to the exhibit, which contains a session diagnostic output.

Which statement is true about the session diagnostic output?

The session is a UDP unidirectional state.

The session is in TCP ESTABLISHED state.

The session is a bidirectional UDP connection.

The session is a bidirectional TCP connection.

NEW QUESTION 32
Refer to the exhibit.

Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

The session is in SYN_SENT state.

The session is in FIN_ACK state.

The session is in FTN_WAIT state.

The session is in ESTABLISHED state.

NEW QUESTION 33
Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.

If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

10.0.1.254, 10.0.1.10, and 443, respectively

10.0.1.254, 10.200.1.10, and 443, respectively

10.200.3.1, 10.0.1.10, and 443, respectively

10.0.1.254, 10.0.1.10, and 10443, respectively

NEW QUESTION 34
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.

Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)

FortiGate allocates port blocks per user, based on the configured range of internal IP addresses.

FortiGate allocates port blocks on a first-come, first-served basis.

FortiGate generates a system event log for every port block allocation made per user.

FortiGate allocates 128 port blocks per user.

NEW QUESTION 35
On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

System event logs

Forward traffic logs

Local traffic logs

Security logs

NEW QUESTION 36
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?

The website is exempted from SSL inspection.

The EICAR test file exceeds the protocol options oversize limit.

The selected SSL inspection profile has certificate inspection enabled.

The browser does not trust the FortiGate self-signed CA certificate.

NEW QUESTION 37
Refer to the exhibit.

Based on the raw log, which two statements are correct? (Choose two.)

Traffic is blocked because Action is set to DENY in the firewall policy.

Traffic belongs to the root VDOM.

This is a security log.

Log severity is set to error on FortiGate.

NEW QUESTION 38
Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)

Browsers can be configured to retrieve this PAC file from the FortiGate.

Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.

All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.

Any web request fortinet.com is allowed to bypass the proxy.

NEW QUESTION 39
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

IP address

Once Internet Service is selected, no other object can be added

User or User Group

FQDN address

NEW QUESTION 40
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

The strict RPF check is run on the first sent and reply packet of any new session.

Strict RPF checks the best route back to the source using the incoming interface.

Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

Strict RPF allows packets back to sources with all active routes.