NSE4_FGT-7.2 Exam Questions

Total 168 Questions

Last Updated Exam : 16-Dec-2024

An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)


A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.


B. Create a new service object for HTTP service and set the session TTL to never


C. Set the TTL value to never under config system-ttl 


D.  Set the session TTL on the HTTP policy to maximum





B.
  Create a new service object for HTTP service and set the session TTL to never

C.
  Set the TTL value to never under config system-ttl 

Which two statements are true about the FGCP protocol? (Choose two.)


A. FGCP elects the primary FortiGate device.


B. FGCP is not used when FortiGate is in transparent mode.


C. FGCP runs only over the heartbeat links.


D.  FGCP is used to discover FortiGate devices in different HA groups.





A.
  FGCP elects the primary FortiGate device.

C.
  FGCP runs only over the heartbeat links.

The FGCP (FortiGate Clustering Protocol) is a protocol that is used to manage high availability (HA) clusters of FortiGate devices. It performs several functions, including the following:

FGCP elects the primary FortiGate device: In an HA cluster, FGCP is used to determine which FortiGate device will be the primary device, responsible for handling traffic and making decisions about what to allow or block. FGCP uses a variety of factors, such as the device's priority, to determine which device should be the primary. 

FGCP runs only over the heartbeat links: FGCP communicates between FortiGate devices in the HA cluster using the heartbeat links. These are dedicated links that are used to exchange status and control information between the devices. FGCP does not run over other types of links, such as data links

Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcpfortigate-clustering-protocol

Infrastructure 7.2 Study Guide (p.292): "FortiGate HA uses the Fortinetproprietary FortiGate Clustering Protocol (FGCP) to discover members, elect the primary FortiGate, synchronize data among members, and monitor the health of members. To discover and monitor members, the members broadcast heartbeat packets over all configured heartbeat interfaces."

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?


A. get system status


B. get system performance status


C. diagnose sys top


D. get system arp





D.
  get system arp

"If you suspect that there is an IP address conflict, or that an IP has been assigned to the wrong device, you may need to look at the ARP table." 

Which three statements are true regarding session-based authentication? (Choose three.)


A. HTTP sessions are treated as a single user.


B. IP sessions from the same source IP address are treated as a single user.


C. It can differentiate among multiple clients behind the same source IP address.


D.  It requires more resources.


E.  It is not recommended if multiple users are behind the source NAT





A.
  HTTP sessions are treated as a single user.

C.
  It can differentiate among multiple clients behind the same source IP address.

D.
   It requires more resources.

Which statement about the IP authentication header (AH) used by IPsec is true?


A. AH does not provide any data integrity or encryption.


B. AH does not support perfect forward secrecy.


C. AH provides data integrity bur no encryption.


D. AH provides strong data integrity but weak encryption.





C.
  AH provides data integrity bur no encryption.

Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?


A. diagnose wad session list


B. diagnose wad session list | grep hook-pre&&hook-out


C. diagnose wad session list | grep hook=pre&&hook=out


D. diagnose wad session list | grep "hook=pre"&"hook=out"





A.
  diagnose wad session list

Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)


A. Shut down/reboot a downstream FortiGate device.


B. Disable FortiAnalyzer logging for a downstream FortiGate device.


C. Log in to a downstream FortiSwitch device.


D. Ban or unban compromised hosts.





A.
  Shut down/reboot a downstream FortiGate device.

B.
  Disable FortiAnalyzer logging for a downstream FortiGate device.

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?


A.  Policy lookup will be disabled.


B. By Sequence view will be disabled.


C. Search option will be disabled


D. Interface Pair view will be disabled.





D.
  Interface Pair view will be disabled.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821

What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)


A. FortiGate uses fewer resources.


B.  FortiGate performs a more exhaustive inspection on traffic.


C. FortiGate adds less latency to traffic.


D.  FortiGate allocates two sessions per connection.





A.
  FortiGate uses fewer resources.

C.
  FortiGate adds less latency to traffic.

Reference: https://community.fortinet.com/t5/Support-Forum/Proxy-based-vs-Flow-basedInspection-Mode-for-Web-Filter/m-p/19204

Flow-based inspection is a type of traffic inspection that is used by some firewall devices, including FortiGate, to analyze network traffic. It is designed to be more efficient and less resource-intensive than proxy-based inspection, and it offers several benefits over this approach.

Two benefits of flow-based inspection compared to proxy-based inspection are:

FortiGate uses fewer resources: Flow-based inspection uses fewer resources than proxybased inspection, which can help to improve the performance of the firewall device and reduce the impact on overall system performance.

FortiGate adds less latency to traffic: Flow-based inspection adds less latency to traffic than proxy-based inspection, which can be important for real-time applications or other types of traffic that require low latency.

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?


A. VDOMs without ports with connected devices are not displayed in the topology.


B. Downstream devices can connect to the upstream device from any of their VDOMs.


C.  Security rating reports can be run individually for each configured VDOM.


D.  Each VDOM in the environment can be part of a different Security Fabric.





A.
  VDOMs without ports with connected devices are not displayed in the topology.

FortiGate Security 7.2 Study Guide (p.436): "When you configure FortiGate devices in multi-vdom mode and add them to the Security Fabric, each VDOM with its assigned ports is displayed when one or more devices are detected. Only the ports with discovered and connected devices appear in the Security Fabric view and, because of this, you must enable Device Detection on ports you want to have displayed in the Security Fabric. VDOMs without ports with connected devices are not displayed. All VDOMs configured must be part of a single Security Fabric."