nse4_fgt-72

Here you have the best Fortinet nse4_fgt-72 practice exam questions

  • You have 104 total questions to study from
  • Each page has 5 questions, making a total of 21 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 17, 2024
Question 1 of 104

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

    Correct Answer: A

    Using a URL list and application control on the same firewall policy in NGFW policy-based mode limits the scanning of application traffic to the browser-based technology category only. This means that the firewall will only scan applications that operate through a web browser, such as Facebook Messenger used within the Facebook website.

Question 2 of 104

Refer to the exhibits.

The exhibits show the firewall policies and the objects used in the firewall policies.

The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.

Which policy will be highlighted, based on the input criteria?

    Correct Answer: B

    Based on the input criteria, the policy that will be highlighted is the one that matches the incoming interface (port3), source IP (10.0.1.10), destination (facebook.com), and destination port (443) with the protocol TCP. Reviewing the firewall policies, we see that Policy ID 5 matches these criteria. It is configured with port3 as the incoming interface, source as LOCAL_CLIENT (which includes 10.0.1.10), destination as Facebook-Web (including facebook.com), and it lists 'Internet Service' which supports TCP port 443. Therefore, Policy ID 5 is the correct match.

Question 3 of 104

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.

In this scenario, what are two requirements for the VLAN ID? (Choose two.)

    Correct Answer: C, D

    The two VLAN subinterfaces must have different VLAN IDs to ensure each VLAN is uniquely identified and traffic is properly segregated. Additionally, the two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in different subnets, allowing them to operate without IP address conflicts while still maintaining separate network segments.

Question 4 of 104

An administrator has configured a strict RPF check on FortiGate.

How does strict RPF check work?

    Correct Answer: B

    Strict RPF (Reverse Path Forwarding) check ensures that the packet is received on the interface that has the best route back to the source address according to the routing table. This means that for the strict RPF check to pass, the incoming interface must be the one that the router would use to send packets back to the source. This helps in preventing spoofed IP addresses and ensures that the paths used for bidirectional communication are symmetrical.

Question 5 of 104

An administrator has configured the following settings:

config system settings

set ses-denied-traffic enable

end

config system global

set block-session-timer 30

end

What are the two results of this configuration? (Choose two.)

    Correct Answer: C, D

    If 'ses-denied-traffic' is enabled, a session for denied traffic is created in the session table to avoid repeated policy lookups for each packet, which reduces CPU usage and the number of logs generated for denied traffic. The 'block-session-timer' setting determines how long these sessions are kept in the session table, and it is measured in seconds, not minutes. Hence, the results are that denied traffic sessions are logged, and the number of logs generated by denied traffic is reduced.