Question # 1 What is the limitation of using a URL list and application control on the same firewall policy,
in NGFW policy-based mode?
A. It limits the scanning of application traffic to the DNS protocol only.B. It limits the scanning of application traffic to use parent signatures only.C. It limits the scanning of application traffic to the browser-based technology category
only.
D. It limits the scanning of application traffic to the application category only.
Click for Answer
C. It limits the scanning of application traffic to the browser-based technology category
only.
Answer Description FortiGate Security 7.2 Study Guide (p.317): "You can configure the URL Category within
the same security policy; however, adding a URL filter causes application control to scan
applications in only the browser-based technology category, for example, Facebook
Messenger on the Facebook website."
Question # 2 Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
A. The IPS engine was inspecting high volume of traffic. B. The IPS engine was unable to prevent an intrusion attack . C. The IPS engine was blocking all traffic. D. The IPS engine will continue to run in a normal state.
Click for Answer
A. The IPS engine was inspecting high volume of traffic.
Answer Description Explanation:
fortinet-fortigate-security-study-guide-for-fortios-72 page 417 If there are high-CPU use problems caused by the IPS, you can use the diagnose test application ipsmonitor command with option 5 to isolate where the problem might be. Option 5 enables IPS bypass mode. In this mode, the IPS engine is still running, but it is not inspecting traffic. If the CPU use decreases after that, it usually indicates that the volume of traffic being inspected is too high for that FortiGate model.
Reference:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-highcpu-usage
Question # 3 Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services.
Which CLI command must the administrator use to view the route?
A. get router info routing-table database B. diagnose firewall route list C. get internet-service route list D. get router info routing-table all
Click for Answer
B. diagnose firewall route list
Answer Description ISDB static route will not create entry directly in routing-table.
Reference:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-a-static-route-for-Predefined-Internet/ta-p/198756 and here https://community.fortinet.com/t5/FortiGate/Technical-Tip-Verify-the-matching- policy-route/ta-p/190640
FortiGate Infrastructure 7.2 Study Guide (p.16 and p.59): "Even though they are configured as static routes, ISDB routes are actually policy routes and take precedence over any other routes in the routing table. As such, ISDB routes are added to the policy routing table." "FortiOS maintains a policy route table that you can view by running the diagnose firewall proute list command."
Question # 4 Which three options are the remote log storage options you can configure on FortiGate?
(Choose three.)
A. FortiCacheB. FortiSIEMC. FortiAnalyzerD. FortiSandboxE. FortiCloud
Click for Answer
B. FortiSIEMC. FortiAnalyzerE. FortiCloud
Answer Description Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/265052/logging-and-reportingoverview
Question # 5 Which statement about the policy ID number of a firewall policy is true?
A. It is required to modify a firewall policy using the CLI. B. It represents the number of objects used in the firewall policy. C. . It changes when firewall policies are reordered. D. It defines the order in which rules are processed.
Click for Answer
A. It is required to modify a firewall policy using the CLI. Question # 6 Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.B. AH does not support perfect forward secrecy.C. AH provides data integrity bur no encryption.D. AH provides strong data integrity but weak encryption.
Click for Answer
C. AH provides data integrity bur no encryption.Question # 7 Refer to the exhibit. The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.
The WAN (port1) interface has the IP address 10.200. 1. 1/24.
The LAN (port3) interface has the IP address 10.0. 1.254/24.
A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).
Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?
A. 10.200. 1. 149
B. 10.200. 1. 1
C. 10.200. 1.49
D. 10.200. 1.99
Click for Answer
D. 10.200. 1.99 Question # 8 Which two statements ate true about the Security Fabric rating? (Choose two.) A. It provides executive summaries of the four largest areas of security focus. B. Many of the security issues can be fixed immediately by clicking Apply where available. C. The Security Fabric rating must be run on the root FortiGate device in the Security
Fabric.D. The Security Fabric rating is a free service that comes bundled with alt FortiGate
devices.
Click for Answer
B. Many of the security issues can be fixed immediately by clicking Apply where available. C. The Security Fabric rating must be run on the root FortiGate device in the Security
Fabric.
Answer Description Reference: https://docs.fortinet.com/document/fortigate/6.4.0/administrationguide/292634/security-rating
Up-to-Date
We always provide up-to-date NSE4_FGT-7.2 exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Fortinet NSE 4 - FortiOS 7.2 practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the NSE4_FGT-7.2 exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download NSE4 Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
NSE4_FGT-7.2 Dumps
We have recently updated Fortinet NSE4_FGT-7.2 dumps study guide. You can use our NSE4 braindumps and pass your exam in just 24 hours. Our Fortinet NSE 4 - FortiOS 7.2 real exam contains latest questions. We are providing Fortinet NSE4_FGT-7.2 dumps with updates for 3 months. You can purchase in advance and start studying. Whenever Fortinet update Fortinet NSE 4 - FortiOS 7.2 exam, we also update our file with new questions. Passin1day is here to provide real NSE4_FGT-7.2 exam questions to people who find it difficult to pass exam
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my Fortinet exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your NSE4_FGT-7.2 exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Fortinet NSE 4 - FortiOS 7.2 braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.
