Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

NSE4_FGT-7.2 Fortinet NSE 4 - FortiOS 7.2 Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Fortinet NSE4_FGT-7.2 Fortinet NSE 4 - FortiOS 7.2 certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Fortinet NSE4_FGT-7.2 Premium Access     Download Demo    
Page: 2 / 3
Total 170 questions

Refer to exhibit.

An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

A.

On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking

B.

On the Static URL Filter configuration, set Type to Simple

C.

On the Static URL Filter configuration, set Action to Exempt.

D.

On the Static URL Filter configuration, set Action to Monitor.

Refer to the exhibit.

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

A.

The port3 default route has the lowest metric.

B.

The port1 and port2 default routes are active in the routing table.

C.

The ports default route has the highest distance.

D.

There will be eight routes active in the routing table.

68

If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

A.

The Services field prevents SNAT and DNAT from being combined in the same policy.

B.

The Services field is used when you need to bundle several VIPs into VIP groups.

C.

The Services field removes the requirement to create multiple VIPs for different services.

D.

The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.

In this scenario, which statement about VLAN IDs is true?

A.

The two VLAN subinterfaces can have the same VLAN ID only if they belong to different VDOMs.

B.

The two VLAN subinterfaces must have different VLAN IDs.

C.

The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in the same subnet.

D.

The two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in different subnets.

16

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)

A.

Antivirus scanning

B.

File filter

C.

DNS filter

D.

Intrusion prevention

94

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A.

The interface has been configured for one-arm sniffer.

B.

The interface is a member of a virtual wire pair.

C.

The operation mode is transparent.

D.

The interface is a member of a zone.

E.

Captive portal is enabled in the interface.

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

A.

Add the support of NTLM authentication.

B.

Add user accounts to Active Directory (AD).

C.

Add user accounts to the FortiGate group fitter.

D.

Add user accounts to the Ignore User List.

Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

A.

To allow for out-of-order packets that could arrive after the FIN/ACK packets

B.

To finish any inspection operations

C.

To remove the NAT operation

D.

To generate logs

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A.

Log ID

B.

Universally Unique Identifier

C.

Policy ID

D.

Sequence ID

20

Which two statements are true about the RPF check? (Choose two.)

A.

The RPF check is run on the first sent packet of any new session.

B.

The RPF check is run on the first reply packet of any new session.

C.

The RPF check is run on the first sent and reply packet of any new session.

D.

RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A.

Browsers can be configured to retrieve this PAC file from the FortiGate.

B.

Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.

C.

All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D.

Any web request fortinet.com is allowed to bypass the proxy.

A.

Log downloads from the GUI are limited to the current filter view B. Log backups from the CLI cannot be restored to another FortiGate. C. Log backups from the CLI can be configured to upload to FTP as a scheduled time D. Log downloads from the GUI are stored as LZ4 compressed files.

An administrator configures outgoing interface any in a firewall policy.

What is the result of the policy list view?

A.

Search option is disabled.

B.

Policy lookup is disabled.

C.

By Sequence view is disabled.

D.

Interface Pair view is disabled.

Refer to the exhibit showing a debug flow output.

What two conclusions can you make from the debug flow output? (Choose two.)

A.

The debug flow is for ICMP traffic.

B.

The default route is required to receive a reply.

C.

Anew traffic session was created.

D.

A firewall policy allowed the connection.

Refer to the exhibits.

The exhibits show the firewall policies and the objects used in the firewall policies.

The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.

Which policy will be highlighted, based on the input criteria?

A.

Policy with ID 4.

B.

Policy with ID 5.

C.

Policies with ID 2 and 3.

D.

Policy with ID 4.

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A.

It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B.

ADVPN is only supported with IKEv2.

C.

Tunnels are negotiated dynamically between spokes.

D.

Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Refer to the exhibit, which contains a static route configuration.

An administrator created a static route for Amazon Web Services.

Which CLI command must the administrator use to view the route?

A.

get router info routing-table database

B.

diagnose firewall route list

C.

get internet-service route list

D.

get router info routing-table all

Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.

Which two actions does FortiGate take on internet traffic sourced from the subscribers? (Choose two.)

A.

FortiGate allocates port blocks per user, based on the configured range of internal IP addresses.

B.

FortiGate allocates port blocks on a first-come, first-served basis.

C.

FortiGate generates a system event log for every port block allocation made per user.

D.

FortiGate allocates 128 port blocks per user.

Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook .

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

A.

Make SSL inspection needs to be a deep content inspection.

B.

Force access to Facebook using the HTTP service.

C.

Get the additional application signatures are required to add to the security policy.

D.

Add Facebook in the URL category in the security policy.

View the exhibit.

Which of the following statements are correct? (Choose two.)

A.

This setup requires at least two firewall policies with the action set to IPsec.

B.

Dead peer detection must be disabled to support this type of IPsec setup.

C.

The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

D.

This is a redundant IPsec setup.

Fortinet NSE4_FGT-7.2 Premium Access     Download Demo    
Page: 2 / 3
Total 170 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved