Fortinet NSE 7 - Zero Trust Access 7.2

Here you have the best Fortinet NSE7_ZTA-7.2 practice exam questions

You have 30 total questions to study from
Each page has 5 questions, making a total of 6 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on May 8, 2025
This site is not affiliated with or endorsed by Fortinet.

Question 1 of 30

Refer to the exhibit.

Based on the ZTNA logs provided, which statement is true?

The Remote_User ZTNA tag has matched the ZTNA rule.

An authentication scheme is configured.

The external IP for ZTNA server is 10.122.0.139.

Traffic is allowed by firewall policy 1.

Correct Answer: D

The provided logs show that traffic is allowed by policy ID 1, as indicated by 'action="accept"' and 'policyid=1'. Therefore, traffic is being allowed by the specified firewall policy, making this statement true.

Question 2 of 30

Refer to exhibit.

Which statement is true about the hr endpoint?

The endpoint is a rogue device.

The endpoint is disabled.

The endpoint is unauthenticated.

The endpoint has been marked at risk.

Correct Answer: D

The hr endpoint has been marked at risk. This is indicated by the warning icon next to the host status, suggesting there is a security concern with this endpoint that needs to be addressed.

Question 3 of 30

Which two types of configuration can you associate with a user/host profile on FortiNAC? (Choose two.)

Service Connectors

Network Access

Inventory

Endpoint compliance

Correct Answer: B, D

The two types of configuration that can be associated with a user/host profile on FortiNAC are Network Access and Endpoint Compliance. Network access involves managing how users or devices connect to the network, while endpoint compliance ensures that devices meet security policies before they are granted access. These configurations are essential for controlling and securing network access and ensuring compliance with security standards.

Question 4 of 30

Which statement is true regarding a FortiClient quarantine using FortiAnalyzer playbooks?

FortiGate sends a notification to FortiClient EMS to quarantine the endpoint.

FortiAnalyzer discovers malicious activity in the logs and notifies FortiGate.

FortiAnalyzer sends an API to FortiClient EMS to quarantine the endpoint.

FortiClient sends logs to FortiAnalyzer.

Correct Answer: C

FortiAnalyzer sends an API to FortiClient EMS to quarantine the endpoint. This is because the FortiAnalyzer playbook is configured to act upon the detection of Indicators of Compromise (IOCs) in the logs it receives. Upon detecting a threat, FortiAnalyzer initiates a playbook that sends an API request to FortiClient EMS, instructing it to quarantine the affected endpoint. This process automates the response to detected threats, ensuring quick and effective isolation of compromised systems.

Question 5 of 30

An administrator is trying to create a separate web filtering profile for off-fabric and on-fabric clients and push it to managed FortiClient devices.

Where can you enable this feature on FortiClient EMS?

Endpoint policy

ZTNA connection rules

System settings

On-fabric rule sets

Correct Answer: A

To create and assign separate web filtering profiles for off-fabric and on-fabric clients on FortiClient EMS, you need to navigate to the Endpoint Policy section. In this area, administrators can manage and apply policies to different groups or statuses of client devices, ensuring appropriate security measures based on their connectivity context.