Fortinet NSE4-FGT-7-2 Exam Questions

Questions for the NSE4-FGT-7-2 were updated on : Jun 17 ,2024

Page 1 out of 11. Viewing questions 1-10 out of 104

Question 1

Refer to the exhibits.
The exhibits contain a network diagram, and virtual IP, IP pool, and firewall policies configuration information.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled using IP pool.
The second firewall policy is configured with a VIP as the destination address.


Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?

  • A. 10.200.1.1
  • B. 10.0.1.254
  • C. 10.200.1.10
  • D. 10.200.1.100
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

  • A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking.
  • B. On the Static URL Filter configuration, set Type to Simple.
  • C. On the Static URL Filter configuration, set Action to Exempt.
  • D. On the Static URL Filter configuration, set Action to Monitor.
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What are two features of the NGFW policy-based mode? (Choose two.)

  • A. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy.
  • B. NGFW policy-based mode does not require the use of central source NAT policy.
  • C. NGFW policy-based mode policies support only flow inspection.
  • D. NGFW policy-based mode can only be applied globally and not on individual VDOMs.
Answer:

ac

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

An administrator configures outgoing interface any in a firewall policy.
What is the result of the policy list view?

  • A. Search option is disabled.
  • B. Policy lookup is disabled.
  • C. By Sequence view is disabled.
  • D. Interface Pair view is disabled.
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.
Which CLI command causes FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

  • A. set webfilter-force-off disable
  • B. set webfilter-cache disable
  • C. set protocol tcp
  • D. set fortiguard-anycast disable
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Refer to the exhibit.



Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

  • A. CLI diagnostics commands permission
  • B. Read/Write permission for Log & Report
  • C. Read/Write permission for Firewall
  • D. Custom permission for Network
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Refer to the exhibit showing a debug flow output.

What two conclusions can you make from the debug flow output? (Choose two.)

  • A. The debug flow is for ICMP traffic.
  • B. The default route is required to receive a reply.
  • C. Anew traffic session was created.
  • D. A firewall policy allowed the connection.
Answer:

ac

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Refer to the exhibit, which contains a static route configuration.

An administrator created a static route for Amazon Web Services.



Which CLI command must the administrator use to view the route?

  • A. get router info routing-table database
  • B. diagnose firewall route list
  • C. get internet-service route list
  • D. get router info routing-table all
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which two statements about the Security Fabric rating are true? (Choose two.)

  • A. It provides executive summaries of the four largest areas of security focus.
  • B. The Security Fabric rating is a free service that comes bundled with all FortiGate devices.
  • C. Many of the security issues can be fixed immediately by clicking Apply where available.
  • D. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
Answer:

cd

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Refer to the exhibits.
The SSL VPN connection fails when a user attempts to connect to it.


What should the user do to successfully connect to the SSL VPN?

  • A. Change the SSL VPN port on the client.
  • B. Change the idle-timeout.
  • C. Change the SSL VPN portal to the tunnel.
  • D. Change the server IP address.
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2