NSE4_FGT-7.2 Free Practice Test

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

1. A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
2. B. ADVPN is only supported with IKEv2.
3. C. Tunnels are negotiated dynamically between spokes.
4. D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Correct Answer: AC

Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)

1. A. Browsers can be configured to retrieve this PAC file from the FortiGate.
2. B. Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.
3. C. All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.
4. D. Any web request fortinet.com is allowed to bypass the proxy.

Correct Answer: AD

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

1. A. By default, all interfaces are part of the same broadcast domain.
2. B. The existing network IP schema must be changed when installing a transparent mode.
3. C. Static routes are required to allow traffic to the next hop.
4. D. FortiGate forwards frames without changing the MAC address.

Correct Answer: AD

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

1. A. DNS-based web filter and proxy-based web filter
2. B. Static URL filter, FortiGuard category filter, and advanced filters
3. C. Static domain filter, SSL inspection filter, and external connectors filters
4. D. FortiGuard category filter and rating filter

Correct Answer: B
FortiGate Security 7.2 Study Guide (p.285): "Remember that the web filtering profile has several features. So, if you have enabled many of them, the inspection order flows as follows: 1. The local static URL filter 2. FortiGuard category filtering (to determine a rating) 3. Advanced filters (such as safe search or removing Active X components)"

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).


Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

1. A. The firewall policy performs the full content inspection on the file.
2. B. The flow-based inspection is used, which resets the last packet to the user.
3. C. The volume of traffic being inspected is too high for this model of FortiGate.
4. D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

Correct Answer: B
· "ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block replacement message immediately
· When a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a "SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again.
In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.