100%無料NSE4_FGT-7.2試験問題集で試験を簡単に合格させます [Q56-Q77]

100%無料NSE4_FGT-7.2試験問題集で試験を簡単に合格させるJPNTest

無料NSE4_FGT-7.2試験問題NSE4_FGT-7.2実際のリアル試験問題

質問 56
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface. Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

A. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.
B. The two VLAN sub interfaces must have different VLAN IDs.
C. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
D. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

正解: B

解説:
FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf > page 147
"Multiple VLANs can coexist in the same physical interface, provide they have different VLAN ID"

質問 57
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scanning of application traffic to the browser-based technology category only.
B. It limits the scanning of application traffic to the DNS protocol only.
C. It limits the scanning of application traffic to use parent signatures only.
D. It limits the scanning of application traffic to the application category only.

正解: A

解説:
https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/38324/ngfw-policy-based-mode

質問 58
In an explicit proxy setup, where is the authentication method and database configured?

A. Proxy Policy
B. Firewall Policy
C. Authentication scheme
D. Authentication Rule

正解: C

質問 59
Refer to the exhibit.

Based on the raw log, which two statements are correct? (Choose two.)

A. This is a security log.
B. Traffic is blocked because Action is set to DENY in the firewall policy.
C. Log severity is set to error on FortiGate.
D. Traffic belongs to the root VDOM.

正解: A,B

質問 60
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

A. The CA extension must be set to TRUE.
B. The keyUsage extension must be set to keyCertSign.
C. The issuer must be a public CA.
D. The common name on the subject field must use a wildcard name.

正解: A,B

解説:
"In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign."

質問 61
You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk . What is the default behavior when the local disk is full?

A. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.
B. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.
C. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.
D. No new log is recorded until you manually clear logs from the local disk .

正解: A

質問 62
An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

A. Denied users are blocked for 30 minutes.
B. A session for denied traffic is created.
C. The number of logs generated by denied traffic is reduced.
D. Device detection on all interfaces is enforced for 30 minutes.

正解: B,C

解説:
ses-denied-traffic
Enable/disable including denied session in the session table.
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/20620/config-system-settings block-session-timer Duration in seconds for blocked sessions .
integer
Minimum value: 1 Maximum value: 300
30
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/1620/config-system-global

質問 63
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A. The public key of the web server certificate must be installed on the browser.
B. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
C. The CA certificate that signed the web-server certificate must be installed on the browser.
D. The web-server certificate must be installed on the browser.

正解: C

質問 64
Refer to the exhibits.
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.

In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

A. Disable match-vip in the Deny policy.
B. Set the Destination address as Deny_IP in the Allow-access policy.
C. Set the Destination address as Web_server in the Deny policy.
D. Enable match vip in the Deny policy.

正解: C,D

解説:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LAN/ta-p/189641

質問 65
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?

A. Sequence ID
B. Policy ID
C. Log ID
D. Universally Unique Identifier

正解: D

質問 66
Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

A. Port block allocation IP pool is used in the firewall policy.
B. One-to-one NAT IP pool is used in the firewall policy.
C. Destination NAT is disabled in the firewall policy.
D. Overload NAT IP pool is used in the firewall policy.

正解: B

解説:
FortiGate_Security_6.4 page 155 . In one-to-one, PAT is not required.

質問 67
Which statement about video filtering on FortiGate is true?

A. Full SSL inspection is not required.
B. It does not require a separate FortiGuard license.
C. Otis available only on a proxy-based firewall policy.
D. Video filtering FortiGuard categories are based on web filter FortiGuard categories.

正解: B

質問 68
Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

A. Traffic between port2 and port2-vlan1 is allowed by default.
B. port1 is a native VLAN.
C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
D. port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

正解: B,D

解説:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-rules-about-VLAN-configuration-and-VDOM-interf
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30883

質問 69
Which two statements are correct about SLA targets? (Choose two.)

A. SLA targets are optional.
B. SLA targets are used only when referenced by an SD-WAN rule.
C. You can configure only two SLA targets per one Performance SLA.
D. SLA targets are required for SD-WAN rules with a Best Quality strategy.

正解: A,B

質問 70
Which three statements explain a flow-based antivirus profile? (Choose three.)

A. FortiGate buffers the whole file but transmits to the client simultaneously.
B. IPS engine handles the process as a standalone.
C. If the virus is detected, the last packet is delivered to the client.
D. Optimized performance compared to proxy-based inspection.
E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.

正解: A,D,E

質問 71
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

A. Security policy
B. SSL inspection and authentication policy

正解: A,B

質問 72
Which two types of traffic are managed only by the management VDOM? (Choose two.)

A. PKI
B. FortiGuard web filter queries
C. DNS
D. Traffic shaping

正解: B,C

質問 73
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 16. 1.0/24 and the remote quick mode selector is 192. 16.2.0/24. How must the administrator configure the local quick mode selector for site B?

A. 192. 168.0.0/8
B. 192. 168. 1.0/24
C. 192. 168.3.0/24
D. 192. 168.2.0/24

正解: D

質問 74
In which two ways can RPF checking be disabled? (Choose two )

A. Disable the RPF check at the FortiGate interface level for the source check
B. Disable strict-arc-check under system settings.
C. Enable anti-replay in firewall policy.
D. Enable asymmetric routing.

正解: B,D

質問 75
Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?

A. Change the csf setting on ISFW (downstream) to set configuration-sync local.
B. Change the csf setting on Local-FortiGate (root) to set configuration-sync local.
C. Change the csf setting on ISFW (downstream) to set fabric-object-unification default.
D. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

正解: D

質問 76
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

A. The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
B. The IP version of the sources and destinations in a policy must match.
C. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
D. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
E. The IP version of the sources and destinations in a firewall policy must be different.

正解: A,B,D

質問 77
......

最新100%合格率保証付きの素晴らしいNSE4_FGT-7.2試験問題PDF：https://www.jpntest.com/shiken/NSE4_FGT-7.2-mondaishu

検証済みのNSE4_FGT-7.2問題集152格別な問題：https://drive.google.com/open?id=1ghReZc0NS2V2TdCEgSWfpX2B2luZmrnG