Fortinet NSE4_FGT-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .

With this configuration, which statement is true?

AInter-VDOM links are required to allow traffic between the Local and Root VDOMs.

BA static route is required on the To_Internet VDOM to allow LAN users to access the internet.

CInter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

DInter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Answer : A

Question 2

In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

AThe IP version of the sources and destinations in a firewall policy must be different.

BThe Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.

CThe policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.

DThe IP version of the sources and destinations in a policy must match.

EThe policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

Answer : B, D, E

Question 3

Which two statements are true about the RPF check? (Choose two.)

AThe RPF check is run on the first sent packet of any new session.

BThe RPF check is run on the first reply packet of any new session.

CThe RPF check is run on the first sent and reply packet of any new session.

DRPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

Answer : A, D

Question 4

Which feature in the Security Fabric takes one or more actions based on event triggers?

AFabric Connectors

BAutomation Stitches

CSecurity Rating

DLogical Topology

Answer : B

Question 5

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

ASystem time

BFortiGuaid update servers

COperating mode

DNGFW mode

Answer : C, D

C: 'Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.

D: 'Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM' Page 125 of FortiGate_Infrastructure_6.4_Study_Guide

Question 6

On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

ASystem event logs

BForward traffic logs

CLocal traffic logs

DSecurity logs

Answer : C

Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces.

FortiGate Security 7.2 Study Guide (p.176): 'Local traffic logs contain information about traffic directly to and from the FortiGate management IP addresses. They also include connections to the GUI and FortiGuard queries.'

Question 7

Which statement about the policy ID number of a firewall policy is true?

AIt is required to modify a firewall policy using the CLI.

BIt represents the number of objects used in the firewall policy.

CIt changes when firewall policies are reordered.

DIt defines the order in which rules are processed.

Answer : A

Fortinet NSE4_FGT-7.2 Fortinet NSE 4 - FortiOS 7.2 Exam Practice Test