Download Fortinet.NSE4_FGT-7.2.PracticeTest.2024-04-19.194q.vcex

Download Exam

File Info

Exam Fortinet NSE 4 -FortiOS 7-2
Number NSE4_FGT-7.2
File Name Fortinet.NSE4_FGT-7.2.PracticeTest.2024-04-19.194q.vcex
Size 14 MB
Posted Apr 19, 2024
Downloads: 13
Download Fortinet.NSE4_FGT-7.2.PracticeTest.2024-04-19.194q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%






Demo Questions

Question 1

Which two statements are correct about NGFW Policy-based mode? (Choose two.)


  1. NGFW policy-based mode does not require the use of central source NAT policy
  2. NGFW policy-based mode can only be applied globally and not on individual VDOMs
  3. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
  4. NGFW policy-based mode policies support only flow inspection 
Correct answer: CD



Question 2

Refer to the exhibit.
 
Which contains a session diagnostic output. Which statement is true about the session diagnostic output?


  1. The session is in SYN_SENT state.
  2. The session is in FIN_ACK state.
  3. The session is in FTN_WAIT state.
  4. The session is in ESTABLISHED state.
Correct answer: A
Explanation:
Indicates TCP (proto=6)session in SYN_SENT state (proto_state=2)Reference:https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042
Indicates TCP (proto=6)
session in SYN_SENT state (proto_state=2)
Reference:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042



Question 3

Which two statements explain antivirus scanning modes? (Choose two.)


  1. In proxy-based inspection mode, files bigger than the buffer size are scanned.
  2. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
  3. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
  4. In flow-based inspection mode, files bigger than the buffer size are scanned.
Correct answer: BC
Explanation:
An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That is large enough for most files, except video files. If your FortiGate model has more RAM, you may be able to increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this threshold balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No. Regardless of vendor or model, you must make a choice. This is because of the difference between scans in theory, that have no limits, and scans on real-world devices, that have finite RAM. In order to detect 100% of malware regardless of file size, a firewall would need infinitely large RAM--something that no device has in the real world. Most viruses are very small. This table shows a typical tradeoff. You can see that with the default 10 MB threshold, only 0.01% of viruses pass through.
An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That is large enough for most files, except video files. If your FortiGate model has more RAM, you may be able to increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this threshold balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No. Regardless of vendor or model, you must make a choice. This is because of the difference between scans in theory, that have no limits, and scans on real-world devices, that have finite RAM. In order to detect 100% of malware regardless of file size, a firewall would need infinitely large RAM--something that no device has in the real world. Most viruses are very small. This table shows a typical tradeoff. You can see that with the default 10 MB threshold, only 0.01% of viruses pass through.



Question 4

Refer to the web filter raw logs.
 
Based on the raw logs shown in the exhibit, which statement is correct?


  1. Social networking web filter category is configured with the action set to authenticate.
  2. The action on firewall policy ID 1 is set to warning.
  3. Access to the social networking web filter category was explicitly blocked to all users.
  4. The name of the firewall policy is all_users_web.
Correct answer: A
Explanation:
We have two logs, first with action deny and second with passthrough. Remember ... action="passthrough" mean that authentication has occurred
We have two logs, first with action deny and second with passthrough. Remember ... action="passthrough" mean that authentication has occurred



Question 5

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)


  1. FortiGuard web filter cache
  2. FortiGate hostname
  3. NTP
  4. DNS 
Correct answer: CD



Question 6

An administrator wants to configure timeouts for users. Regardless of the user’s behavior, the timer should start as soon as the user authenticates and expire after the configured value.
Which timeout option should be configured on FortiGate?


  1. auth-on-demand
  2. soft-timeout
  3. idle-timeout
  4. new-session
  5. hard-timeout
Correct answer: E
Explanation:
Security Guide P167Reference:https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221
Security Guide P167
Reference:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221



Question 7

Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?


  1. To allow for out-of-order packets that could arrive after the FIN/ACK packets
  2. To finish any inspection operations
  3. To remove the NAT operation
  4. To generate logs.
Correct answer: A
Explanation:
TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end. This is called a half-close. FortiGate unit implements a specific timer before removing an entry in the firewall session table.
TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end. This is called a half-close. FortiGate unit implements a specific timer before removing an entry in the firewall session table.



Question 8

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)


  1. SSH
  2. HTTPS
  3. FTM
  4. FortiTelemetry
Correct answer: AB
Explanation:
Security Guide P29Reference:https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/99buildingsecurity-into-fortios
Security Guide P29
Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/99buildingsecurity-into-fortios



Question 9

Refer to the exhibit.
 
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?


  1. The IPS engine was inspecting high volume of traffic.
  2. The IPS engine was unable to prevent an intrusion attack .
  3. The IPS engine was blocking all traffic.
  4. The IPS engine will continue to run in a normal state.
Correct answer: A
Explanation:
Security Guide P417Reference:https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpuusage
Security Guide P417
Reference:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpuusage



Question 10

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.
Which CLI command will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?


  1. set fortiguard-anycast disable
  2. set webfilter-force-off disable
  3. set webfilter-cache disable
  4. set protocol tcp
Correct answer: A
Explanation:
by default, "fortiguard-anycast" is enabled, and this setting only works with "set protocol https". To use udp (ie. "set protocol udp"), "fortiguard-anycast" must be disabled."By default, FortiGate is configured to enforce the use of HTTPS port 443 to perform live filtering with FortiGuard or FortiManager. Other ports and protocols are available by disabling the FortiGuard anycast setting on the CLI." Security Guide P288Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48294
by default, "fortiguard-anycast" is enabled, and this setting only works with "set protocol https". To use udp (ie. "set protocol udp"), "fortiguard-anycast" must be disabled.
"By default, FortiGate is configured to enforce the use of HTTPS port 443 to perform live filtering with FortiGuard or FortiManager. Other ports and protocols are available by disabling the FortiGuard anycast setting on the CLI." Security Guide P288
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48294









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files