NSE4_FGT-7.2 Free Practice Test

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

1. A. FortiGate points the collector agent to use a remote LDAP server.
2. B. FortiGate uses the AD server as the collector agent.
3. C. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
4. D. FortiGate queries AD by using the LDAP to retrieve user group information.

Correct Answer: CD
Fortigate Infrastructure 7.0 Study Guide P.272-273 https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

An administrator configures outgoing interface any in a firewall policy. What is the result of the policy list view?

1. A. Search option is disabled.
2. B. Policy lookup is disabled.
3. C. By Sequence view is disabled.
4. D. Interface Pair view is disabled.

Correct Answer: D
"If you use multiple source or destination interfaces, or the any interface in a firewall policy, you cannot separate policies into sections by interface pairs—some would be triplets or more. So instead, policies are then always displayed in a single list (By Sequence)."

Refer to the exhibit.

Based on the ZTNA tag, the security posture of the remote endpoint has changed. What will happen to endpoint active ZTNA sessions?

1. A. They will be re-evaluated to match the endpoint policy.
2. B. They will be re-evaluated to match the firewall policy.
3. C. They will be re-evaluated to match the ZTNA policy.
4. D. They will be re-evaluated to match the security policy.

Correct Answer: C
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/580880/posture-check-verification-for-active-zt FortiGate Infrastructure 7.2 Study Guide (p.182): "Endpoint posture changes trigger active ZTNA proxy
sessions to be re-verified and terminated if the endpoint is no longer compliant with the ZTNA policy."

Which two statements are correct about SLA targets? (Choose two.)

1. A. You can configure only two SLA targets per one Performance SLA.
2. B. SLA targets are optional.
3. C. SLA targets are required for SD-WAN rules with a Best Quality strategy.
4. D. SLA targets are used only when referenced by an SD-WAN rule.

Correct Answer: BD

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

1. A. On HQ-FortiGate, set IKE mode to Main (ID protection).
2. B. On both FortiGate devices, set Dead Peer Detection to On Demand.
3. C. On HQ-FortiGate, disable Diffie-Helman group 2.
4. D. On Remote-FortiGate, set port2 as Interface.

Correct Answer: AD
"In IKEv1, there are two possible modes in which the IKE SA negotiation can take place: main, and aggressive mode. Settings on both ends must agree; otherwise, phase 1 negotiation fails and both IPsec peers are not able to establish a secure channel."