Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Fortinet > Fortinet Certifications > NSE4_FGT-7.2 > NSE4_FGT-7.2 Online Practice Questions and Answers

NSE4_FGT-7.2 Online Practice Questions and Answers

Questions 4

Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

A. Shut down/reboot a downstream FortiGate device.

B. Disable FortiAnalyzer logging for a downstream FortiGate device.

C. Log in to a downstream FortiSwitch device.

D. Ban or unban compromised hosts.

Buy Now

Correct Answer: AB

Questions 5

Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

A. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration

B. Apple FaceTime will be allowed, based on the Apple filter configuration.

C. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn

D. Apple FaceTime will be allowed, based on the Categories configuration.

Buy Now

Correct Answer: A

Questions 6

When configuring a firewall virtual wire pair policy, which following statement is true?

A. Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

B. Only a single virtual wire pair can be included in each policy.

C. Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

D. Exactly two virtual wire pairs need to be included in each policy.

Buy Now

Correct Answer: A

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD48690

Questions 7

Refer to the exhibits.

The exhibits show the firewall policies and the objects used in the firewall policies.

The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.

Which policy will be highlighted, based on the input criteria?

A. Policy with ID 4.

B. Policy with ID 5.

C. Policies with ID 2 and 3.

D. Policy with ID 4.

Buy Now

Correct Answer: B

Reference: https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/497952/policy-views-and-policy-lookup

We are looking for a policy that will allow or deny traffic from the source interface Port3 and source IP address 10.1.1.10 (LOCAL_CLIENT) to facebook.com TCP port 443 (HTTPS). There are only two policies that will match this traffic, policy ID 2 and 5. In FortiGate, firewall policies are evaluated from top to bottom. This means that the first policy that matches the traffic is applied, and subsequent policies are not evaluated. Based on the Policy Lookup criteria, Policy ID 5 will be highlighted

Questions 8

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

A. To detect intermediary NAT devices in the tunnel path.

B. To dynamically change phase 1 negotiation mode aggressive mode.

C. To encapsulation ESP packets in UDP packets using port 4500.

D. To force a new DH exchange with each phase 2 rekey.

Buy Now

Correct Answer: AC

Questions 9

Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

A. Custom permission for Network

B. Read/Write permission for Log and Report

C. CLI diagnostics commands permission

D. Read/Write permission for Firewall

Buy Now

Correct Answer: C

https://kb.fortinet.com/kb/documentLink.do?externalID=FD50220

Questions 10

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A. A CRL

B. A person

C. A subordinate CA

D. A root CA

Buy Now

Correct Answer: D

Questions 11

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A. Antivirus engine

B. Intrusion prevention system engine

C. Flow engine

D. Detection engine

Buy Now

Correct Answer: B

Reference: http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control

Questions 12

Which statement regarding the firewall policy authentication timeout is true?

A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Buy Now

Correct Answer: A

Questions 13

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A. The public key of the web server certificate must be installed on the browser.

B. The web-server certificate must be installed on the browser.

C. The CA certificate that signed the web-server certificate must be installed on the browser.

D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

Buy Now

Correct Answer: C

Exam Code: NSE4_FGT-7.2
Exam Name: Fortinet NSE 4 - FortiOS 7.2
Last Update: Jul 08, 2026
Questions: 185

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.