nse4_fgt-72 Exam - Question 21

Correct: A. Services defined in the firewall policy C. Destination defined as Internet Services in the firewall policy E. Source defined as Internet Services in the firewall policy FortiGate Security 7.2 Study Guide (p.52): "When a packet arrives, how does FortiGate find a matching policy? Each policy has match criteria, which you can define using the following objects: • Incoming Interface • Outgoing Interface • Source: IP address, user, internet services • Destination: IP address or internet services • Service: IP protocol and port number • Schedule: Specific times to apply policy" Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html

FortiGate Security 7.2 Study Guide p.52 The policies are consulted from top to bottom, regardless of the Policy ID #. The first rule that matches is applied and subsequent rules are not evaluated. FortiGate matches the traffic using the following criteria: - Incoming Interface - Outgoing Interface - Source (IP Address, User, Internet Services) - Destination (IP Address or Internet Services) - Service (IP Protocol and Port number) - Schedule (Time that the packet connected to the FortiGate)

ACE is correct

the correct answers are ACE.

ACE is correct

ACE - Policy ID does not define a matching criteria, it´s just for editing purposes, and there is no priority in the policies, only their order will affect the matching process.

there is no priority to be defined in security policies, and the policy id is just for reference

ACE is correct

7.2 SEC 52

ACE, firewall policy will match on services, source & destinaiton

ACE is correct!

Correct A, C, E

ACE is correct

The correct ones are A,C,E