NSE4_FGT-7.2 Online Practice Questions and Answers

An administrator has a requirement to keep an application session from timing out on port 80.

What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

B. Create a new service object for HTTP service and set the session TTL to never

C. Set the TTL value to never under config system-ttl

D. Set the session TTL on the HTTP policy to maximum

An administrator wants to configure timeouts for users. Regardless of the userTMs behavior, the timer should start as soon as the user authenticates and expire after the configured value. Which timeout option should be configured on FortiGate?

A. auth-on-demand

B. soft-timeout

C. idle-timeout

D. new-session

E. hard-timeout

Refer to the exhibits.

The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

A. Change the SSL VPN port on the client.

B. Change the Server IP address.

C. Change the idle-timeout.

D. Change the SSL VPN portal to the tunnel.

Refer to the exhibit.

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

A. The port3 default route has the lowest metric.

B. The port1 and port2 default routes are active in the routing table.

C. The ports default route has the highest distance.

D. There will be eight routes active in the routing table.

Refer to the exhibits.

Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

A. 10.0.1.254, 10.0.1.10, and 443, respectively

B. 10.0.1.254, 10.200.1.10, and 443, respectively

C. 10.200.3.1, 10.0.1.10, and 443, respectively

D. 10.0.1.254, 10.0.1.10, and 10443, respectively

If Internet Service is already selected as Destination in a firewall policy, which other configuration object can be selected for the Destination field of a firewall policy?

A. IP address

B. No other object can be added

C. FQDN address

D. User or User Group

An administrator must disable RPF check to investigate an issue.

Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

A. Enable asymmetric routing, so the RPF check will be bypassed.

B. Disable the RPF check at the FortiGate interface level for the source check.

C. Disable the RPF check at the FortiGate interface level for the reply check .

D. Enable asymmetric routing at the interface level.

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

A. The collector agent uses a Windows API to query DCs for user logins.

B. NetAPI polling can increase bandwidth usage in large networks.

C. The collector agent must search security event logs.

D. The NetSession Enum function is used to track user logouts.

The exhibit shows the configuration for the SD-WAN member, Performance SLA, and SD-WAN Rule, as well as the output of diagnose sys virtual-wan-link health-check.

Which interface will be selected as an outgoing interface?

A. port2

B. port3

C. port4

D. port1

What is the primary FortiGate election process when the HA override setting is disabled?

A. Connected monitored ports > Priority > HA uptime > FortiGate serial number

B. Connected monitored ports > System uptime > Priority > FortiGate serial number

C. Connected monitored ports > Priority > System uptime > FortiGate serial number

D. Connected monitored ports > HA uptime > Priority > FortiGate serial number