Fortinet NSE4_FGT-7.2 Exam Practice Test Instant Access

Question 1

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

AVDOMs without ports with connected devices are not displayed in the topology.

BDownstream devices can connect to the upstream device from any of their VDOMs.

CSecurity rating reports can be run individually for each configured VDOM.

DEach VDOM in the environment can be part of a different Security Fabric.

Answer : A

FortiGate Security 7.2 Study Guide (p.436): 'When you configure FortiGate devices in multi-vdom mode and add them to the Security Fabric, each VDOM with its assigned ports is displayed when one or more devices are detected. Only the ports with discovered and connected devices appear in the Security Fabric view and, because of this, you must enable Device Detection on ports you want to have displayed in the Security Fabric. VDOMs without ports with connected devices are not displayed. All VDOMs configured must be part of a single Security Fabric.'

Question 2

Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

AChange password

BEnable restrict access to trusted hosts

CChange Administrator profile

DEnable two-factor authentication

Answer : C

Question 3

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

ASubject Key Identifier value

BSMMIE Capabilities value

CSubject value

DSubject Alternative Name value

Answer : A

Question 4

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

ATo detect intermediary NAT devices in the tunnel path.

BTo dynamically change phase 1 negotiation mode aggressive mode.

CTo encapsulation ESP packets in UDP packets using port 4500.

DTo force a new DH exchange with each phase 2 rekey.

Answer : A, C

Question 5

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

AThe public key of the web server certificate must be installed on the browser.

BThe web-server certificate must be installed on the browser.

CThe CA certificate that signed the web-server certificate must be installed on the browser.

DThe private key of the CA certificate that signed the browser certificate must be installed on the browser.

Answer : C

Question 6

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

AAdd the support of NTLM authentication.

BAdd user accounts to Active Directory (AD).

CAdd user accounts to the FortiGate group fitter.

DAdd user accounts to the Ignore User List.

Answer : D

Question 7

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

AOn HQ-FortiGate, enable Auto-negotiate.

BOn Remote-FortiGate, set Seconds to 43200.

COn HQ-FortiGate, enable Diffie-Hellman Group 2.

DOn HQ-FortiGate, set Encryption to AES256.

Answer : D

Encryption and authentication algorithm needs to match in order for IPSEC be successfully established.

Fortinet NSE4_FGT-7.2 Fortinet NSE 4 - FortiOS 7.2 Exam Practice Test