Packets won't reach Fortigate unless the ARP-reply is enabled and the router learns the mac where to send the packets.
Fortinet nse4-fgt-7-2 practice test
Fortinet NSE 4 - FortiOS 7.2
Last exam update: Jul 20 ,2024
Question 1
Refer to the exhibit showing a FortiGuard connection debug output.
Based on the output, which two facts does the administrator know about the FortiGuard connection? (Choose two.)
- A. One server was contacted to retrieve the contract information.
- B. There is at least one server that lost packets consecutively.
- C. A local FortiManager is one of the servers FortiGate communicates with.
- D. FortiGate is using default FortiGuard communication settings.
Answer:
ad
Discussions
0
/ 1000
Question 2
What are two functions of ZTNA? (Choose two.)
- A. ZTNA manages access through the client only.
- B. ZTNA manages access for remote users only.
- C. ZTNA provides a security posture check.
- D. ZTNA provides role-based access.
Answer:
cd
Discussions
0
/ 1000
Question 3
Which three criteria can FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
- A. Services defined in the firewall policy
- B. Highest to lowest priority defined in the firewall policy
- C. Destination defined as Internet Services in the firewall policy
- D. Lowest to highest policy ID number
- E. Source defined as Internet Services in the firewall policy
Answer:
abe
Discussions
0
/ 1000
Question 4
Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?
- A. 10.0.1.254, 10.0.1.10, and 443, respectively
- B. 10.0.1.254, 10.0.1.10, and 10443, respectively
- C. 10.200.3.1, 10.0.1.10, and 443, respectively
Answer:
c
Discussions
0
/ 1000
Question 5
An administrator needs to increase network bandwidth and provide redundancy.
Which interface type must the administrator select to bind multiple FortiGate interfaces?
- A. Redundant interface
- B. Software switch interface
- C. VLAN interface
- D. Aggregate interface
Answer:
d
Discussions
0
/ 1000
Question 6
Which three statements explain a flow-based antivirus profile? (Choose three.)
- A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.
- B. If a virus is detected, the last packet is delivered to the client.
- C. The IPS engine handles the process as a standalone.
- D. FortiGate buffers the whole file but transmits to the client at the same time.
- E. Flow-based inspection optimizes performance compared to proxy-based inspection.
Answer:
ade
Discussions
0
/ 1000
Question 7
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.
When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.
Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?
- A. Configure a loopback interface with address 203.0.113.2/32.
- B. In the VIP configuration, enable arp-reply.
- C. Enable port forwarding on the server to map the external service port to the internal service port.
- D. In the firewall policy configuration, enable match-vip.
Answer:
d
Discussions
0
/ 1000
2 months, 4 weeks ago
Question 8
Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?
- A. 10.0.1.254, 10.0.1.10, and 443, respectively
- B. 10.0.1.254, 10.200.1.10, and 443, respectively
- C. 10.200.3.1, 10.0.1.10, and 443, respectively
- D. 10.0.1.254, 10.0.1.10, and 10443, respectively
Answer:
c
Discussions
0
/ 1000
Question 9
An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.
Which FortiGate configuration can achieve this goal?
- A. SSL VPN bookmark
- B. SSL VPN tunnel
- C. Zero trust network access
- D. SSL VPN quick connection
Answer:
b
Discussions
0
/ 1000
Question 10
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.
Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)
- A. FortiGate allocates port blocks per user, based on the configured range of internal IP addresses.
- B. FortiGate allocates port blocks on a first-come, first-served basis.
- C. FortiGate generates a system event log for every port block allocation made per user.
- D. FortiGate allocates 128 port blocks per user.
Answer:
ad
Discussions
0
/ 1000
2 months, 4 weeks ago
Can't be A, because the allocation of ports is based on the external ip ranges, block size and blocks per user. Can't be D, because the 128 port are allocated per block, not per user. So answers are B, and C.