NSE4_FGT-7.2

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)A . It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes. B. ADVPN is only supported with IKEv2. C. Tunnels are negotiated dynamically between spokes. D. Every spoke requires a static tunnel...

Which two statements are true when FortiGate is in transparent mode? (Choose two.)A . By default, all interfaces are part of the same broadcast domain. B. The existing network IP schema must be changed when installing a transparent mode. C. Static routes are required to allow traffic to the next...

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?A . get system status B. get system performance status C. diagnose sys top D. get system arpView AnswerAnswer: D Explanation: "If you suspect that there is an IP address conflict, or that an IP...

An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?A . Enable asymmetric routing, so the RPF check will be bypassed. B. Disable the RPF check at the FortiGate interface level for the...

In which two ways can RPF checking be disabled? (Choose two )A . Enable anti-replay in firewall policy. B. Disable the RPF check at the FortiGate interface level for the source check C. Enable asymmetric routing. D. Disable strict-arc-check under system settings.View AnswerAnswer: C,D Explanation: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955

Which of statement is true about SSL VPN web mode?A . The tunnel is up while the client is connected. B. It supports a limited number of protocols. C. The external network application sends data through the VPN. D. It assigns a virtual IP address to the client.View AnswerAnswer: B...

Refer to the exhibit. An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)A . Interface name B. Ethernet header C. IP header D. Application header E. Packet payloadView AnswerAnswer: A,C,E Explanation: Reference: https://kb.fortinet.com/kb/documentLink .do?externalID=11186...

Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?A . The signature setting uses a custom rating threshold. B. The signature setting includes a group of other signatures. C. Traffic matching the...

Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)A . FortiGate SN FGVM010000065036 HA uptime has been reset. B. FortiGate devices are not in sync because one device is down. C. FortiGate SN FGVM010000064692...

Examine the exhibit, which contains a virtual IP and firewall policy configuration. The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port2) interface has the IP address 10.0. 1.254/24. The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is...