Login
Login

NSE4_FGT-7.2 Exam Questions

Total 168 Questions

Last Updated Exam : 15-Apr-2025

The IPS engine is used by which three security features? (Choose three.) 


A. Antivirus in flow-based inspection


B. Web filter in flow-based inspection


C. Application control


D. DNS filter


E. Web application firewall





A.   Antivirus in flow-based inspection

B.   Web filter in flow-based inspection

C.   Application control

FortiGate Security 7.2 Study Guide (p.385): "The IPS engine is responsible for most of the features shown in this lesson: IPS and protocol decoders. It’s also responsible for application control, flow-based antivirus protection, web filtering, and email filtering."

Which timeout setting can be responsible for deleting SSL VPN associated sessions?


A. SSL VPN idle-timeout


B. SSL VPN http-request-body-timeout


C. SSL VPN login-timeout


D. SSL VPN dtls-hello-timeout





A.   SSL VPN idle-timeout

Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPNdisconnection-issues-when connected with/tap/207851#:~:text=By-default%2C-a-SSL%2DVPN,hours-due-to-auth%2Dtimeout

The SSL VPN idle-timeout setting determines how long an SSL VPN session can be inactive before it is terminated. When an SSL VPN session becomes inactive (for example, if the user closes the VPN client or disconnects from the network), the session timer begins to count down. If the timer reaches the idle-timeout value before the user reconnects or sends any new traffic, the session will be terminated and the associated resources (such as VPN tunnels and virtual interfaces) will be deleted.

Which feature in the Security Fabric takes one or more actions based on event triggers?


A. Fabric Connectors


B. Automation Stitches


C. Security Rating


D. Logical Topology





B.   Automation Stitches

Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/286973/fortinetsecurity-fabric

On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?


A. System event logs


B. Forward traffic logs


C. Local traffic logs


D. Security logs





C.   Local traffic logs

Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/476970

Traffic logs record the traffic flowing through your FortiGate unit. Since traffic needs firewall policies to properly flow through FortiGate, this type of logging is also called firewall policy logging. Firewall policies control all traffic attempting to pass through the FortiGate unit, between FortiGate interfaces, zones, and VLAN sub-interfaces.

FortiGate Security 7.2 Study Guide (p.176): "Local traffic logs contain information about traffic directly to and from the FortiGate management IP addresses. They also include connections to the GUI and FortiGuard queries."

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?


A. IP address


B. Once Internet Service is selected, no other object can be added


C. User or User Group


D. FQDN address





B.   Once Internet Service is selected, no other object can be added

Reference: https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-servicein-policy

Which three statements explain a flow-based antivirus profile? (Choose three.)


A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.


B. If a virus is detected, the last packet is delivered to the client.


C. The IPS engine handles the process as a standalone.


D. FortiGate buffers the whole file but transmits to the client at the same time.


E. Flow-based inspection optimizes performance compared to proxy-based inspection.





A.   Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

D.   FortiGate buffers the whole file but transmits to the client at the same time.

E.   Flow-based inspection optimizes performance compared to proxy-based inspection.

Reference: https://forum .fortinet.com/tm .aspx?m=192309

Which two statements explain antivirus scanning modes? (Choose two.)


A. In proxy-based inspection mode, files bigger than the buffer size are scanned. 


B.

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.


C.

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.


D.

In flow-based inspection mode, files bigger than the buffer size are scanned.





B.   
In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.


C.   
In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.


An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That is large enough for most files, except video files. If your FortiGate model has more RAM, you may be able to increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this threshold balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No. Regardless of vendor or model, you must make a choice. This is because of the difference between scans in theory, that have no limits, and scans on real world devices, that have finite RAM. In order to detect 100% of malware regardless of file size, a firewall would need infinitely large RAM- something that no device has in the real world. Most viruses are very small. This table shows a typical tradeoff. You can see that with the default 10 MB threshold, only 0.01% of viruses pass through.

FortiGate Security 7.2 Study Guide (p.350 & 352): "In flow-based inspection mode, the IPS engine reads the payload of each packet, caches a local copy, and forwards the packet to the receiver at the same time. Because the file is ransmitted simultaneously, flow-based mode consumes more CPU cycles than proxy-based." "Each protocol’s proxy picks up a connection and buffers the entire file first (or waits until the oversize limit is reached) before scanning. The client must wait for the scanning to finish." 

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 16. 1.0/24 and the remote quick mode selector is 192. 16.2.0/24. How must the administrator configure the local quick mode selector for site B?


A. 192. 168.3.0/24


B. 192. 168.2.0/24


C. 192. 168. 1.0/24


D. 192. 168.0.0/8





B.   192. 168.2.0/24

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)


A. SSH


B. HTTPS


C. FTM


D. FortiTelemetry





A.   SSH

B.   HTTPS

Reference:
https://docs.fortinet.com/document/fortigate/6.4.0/hardening-yourfortigate/995103/buildingsecurity-into-fortios 

Which statement about video filtering on FortiGate is true?


A. Video filtering FortiGuard categories are based on web filter FortiGuard categories. 


B. It does not require a separate FortiGuard license.


C. Full SSL inspection is not required.


D. its available only on a proxy-based firewall policy.





D.   its available only on a proxy-based firewall policy.

FortiGate Security 7.2 Study Guide (p.279): "To apply the video filter profile, proxy-based firewall polices currently allow you to enable the video filter profile. You must enable full SSL inspection on the firewall policy."

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/860867/filteringbased-on-fortiguard-categories


Page 4 out of 17 Pages
Previous

Copyright © - All Rights Reserved