NSE4_FGT-7.2 Free Practice Test

Refer to the exhibits.
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.


In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

1. A. Disable match-vip in the Deny policy.
2. B. Set the Destination address as Deny_IP in the Allow-access policy.
3. C. Enable match vip in the Deny policy.
4. D. Set the Destination address as Web_server in the Deny policy.

Correct Answer: CD
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LAN/ta

Refer to exhibit.
An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

1. A. On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking
2. B. On the Static URL Filter configuration, set Type to Simple
3. C. On the Static URL Filter configuration, set Action to Exempt.
4. D. On the Static URL Filter configuration, set Action to Monitor.

Correct Answer: C

Refer to the exhibits.
Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.


Based on the system performance output, which two results are correct? (Choose two.)

1. A. FortiGate will start sending all files to FortiSandbox for inspection.
2. B. FortiGate has entered conserve mode.
3. C. Administrators cannot change the configuration.
4. D. Administrators can access FortiGate only through the console port.

Correct Answer: BD

FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)

1. A. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
2. B. The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs.
3. C. The two VLAN subinterfaces must have different VLAN IDs.
4. D. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

Correct Answer: CD

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

1. A. The firmware image must be manually uploaded to each FortiGate.
2. B. Only secondary FortiGate devices are rebooted.
3. C. Uninterruptable upgrade is enabled by default.
4. D. Traffic load balancing is temporally disabled while upgrading the firmware.

Correct Answer: CD