Fortinet NSE4_FGT-7.2 Exam Practice Test Instant Access

Question 1

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

APolicy lookup will be disabled.

BBy Sequence view will be disabled.

CSearch option will be disabled

DInterface Pair view will be disabled.

Answer : D

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821

Question 2

Refer to the exhibit.

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24.

The LAN (port3) interface has the IP address 10.0. 1.254/24.

A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

A10.200. 1. 149

B10.200. 1. 1

C10.200. 1.49

D10.200. 1.99

Answer : D

Question 3

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

ABy default, all interfaces are part of the same broadcast domain.

BThe existing network IP schema must be changed when installing a transparent mode.

CStatic routes are required to allow traffic to the next hop.

DFortiGate forwards frames without changing the MAC address.

Answer : A, D

attachID=Fortigate_Transparent_Mode_Technical_Guide_FortiOS_4_0_version1.2.pdf&documentID=FD33113

Question 4

Which two statements are correct about a software switch on FortiGate? (Choose two.)

AIt can be configured only when FortiGate is operating in NAT mode

BCan act as a Layer 2 switch as well as a Layer 3 router

CAll interfaces in the software switch share the same IP address

DIt can group only physical interfaces

Answer : A, C

Question 5

An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value.

Which timeout option should be configured on FortiGate?

Aauth-on-demand

Bsoft-timeout

Cidle-timeout

Dnew-session

Ehard-timeout

Answer : E

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-auth-timeout-types-for-Firewall/ta-p/189423

https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221#:~:text=Hard%20timeout%3A%20User%20

Question 6

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

AFortiGuard web filter cache

BFortiGate hostname

CNTP

DDNS

Answer : C, D

In the 7.2 Infrastructure Guide (page 306) the list of configuration settings that are NOT synchronized includes both 'FortiGate host name' and 'Cache'

Question 7

Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

ATo allow for out-of-order packets that could arrive after the FIN/ACK packets

BTo finish any inspection operations

CTo remove the NAT operation

DTo generate logs

Answer : A

TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end. This is called a half-close. FortiGate unit implements a specific timer before removing an entry in the firewall session table.

Fortinet NSE 4 - FortiOS 7.2 NSE4_FGT-7.2 Exam Practice Test