Fortinet NSE4_FGT-7.2 Exam Questions Instant Access

Question 1

Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

Adiagnose sys top

Bexecute ping

Cexecute traceroute

Ddiagnose sniffer packet any

Eget system arp

Answer : B, C, D

Question 2

Refer to the exhibit.

Based on the ZTNA tag, the security posture of the remote endpoint has changed.

What will happen to endpoint active ZTNA sessions?

AThey will be re-evaluated to match the endpoint policy.

BThey will be re-evaluated to match the firewall policy.

CThey will be re-evaluated to match the ZTNA policy.

DThey will be re-evaluated to match the security policy.

Answer : C

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/580880/posture-check-verification-for-active-ztna-proxy-session-7-0-2

FortiGate Infrastructure 7.2 Study Guide (p.182): 'Endpoint posture changes trigger active ZTNA proxy sessions to be re-verified and terminated if the endpoint is no longer compliant with the ZTNA policy.'

Question 3

If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

AThe Services field prevents SNAT and DNAT from being combined in the same policy.

BThe Services field is used when you need to bundle several VIPs into VIP groups.

CThe Services field removes the requirement to create multiple VIPs for different services.

DThe Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.

Answer : C

Question 4

An administrator needs to increase network bandwidth and provide redundancy.

What interface type must the administrator select to bind multiple FortiGate interfaces?

AVLAN interface

BSoftware Switch interface

CAggregate interface

DRedundant interface

Answer : C

An aggregate interface is a logical interface that combines two or more physical interfaces into one virtual interface1. An aggregate interface can increase network bandwidth and provide redundancy by distributing traffic across multiple physical interfaces using a load balancing algorithm1. An aggregate interface can also support link aggregation control protocol (LACP) to negotiate the link aggregation settings with the connected device1.

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/567758/aggregation-and-redundancy

Question 5

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on

which device?

AFortiManager

BRoot FortiGate

CFortiAnalyzer

DDownstream FortiGate

Answer : B

Question 6

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .

With this configuration, which statement is true?

AInter-VDOM links are required to allow traffic between the Local and Root VDOMs.

BA static route is required on the To_Internet VDOM to allow LAN users to access the internet.

CInter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

DInter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Answer : A

Question 7

On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

ASystem event logs

BForward traffic logs

CLocal traffic logs

DSecurity logs

Answer : C

Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces.

FortiGate Security 7.2 Study Guide (p.176): 'Local traffic logs contain information about traffic directly to and from the FortiGate management IP addresses. They also include connections to the GUI and FortiGuard queries.'

Fortinet NSE 4 - FortiOS 7.2 NSE4_FGT-7.2 Exam Questions