NSE4_FGT-7.2 Free Practice Test

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

1. A. It limits the scope of application control to the browser-based technology category only.
2. B. It limits the scope of application control to scan application traffic based on application category only.
3. C. It limits the scope of application control to scan application traffic using parent signatures only
4. D. It limits the scope of application control to scan application traffic on DNS protocol only.

Correct Answer: B

Which two statements are correct about a software switch on FortiGate? (Choose two.)

1. A. It can be configured only when FortiGate is operating in NAT mode
2. B. Can act as a Layer 2 switch as well as a Layer 3 router
3. C. All interfaces in the software switch share the same IP address
4. D. It can group only physical interfaces

Correct Answer: AC

Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)

1. A. The client FortiGate requires a manually added route to remote subnets.
2. B. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
3. C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate.
4. D. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN.

Correct Answer: BC

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168. 1.0/24 and the remote quick mode selector is 192.168.2.0/24. Which subnet must the administrator configure for the local quick mode selector for site B?

1. A. 192.168.3.0/24
2. B. 192.168.2.0/24
3. C. 192.168. 1.0/24
4. D. 192.168.0.0/8

Correct Answer: C

Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?

1. A. Change the csf setting on Local-FortiGate (root) to set configuration-sync local.
2. B. Change the csf setting on ISFW (downstream) to set configuration-sync local.
3. C. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
4. D. Change the csf setting on ISFW (downstream) to set fabric-object-unification default.

Correct Answer: C