Fortinet NSE4_FGT-7.2 exam revealed answer (P. 7)

Win IT Exam with Last Dumps 2025

Fortinet NSE4_FGT-7.2 Exam

Page 7/7

Viewing Questions 61 65 out of 65 Questions

100.00%

Question 61

Refer to the exhibits.
Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
If the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be, after FortiGate forwards the packet to the destination?

Image NSE4_FGT-7.2_61Q.png related to the Fortinet NSE4_FGT-7.2 Exam

A. 10.0.1.254, 10.0.1.10, and 443, respectively

B. 10.0.1.254, 10.200.1.10, and 443, respectively

C. 10.200.3.1, 10.0.1.10, and 443, respectively

D. 10.0.1.254, 10.0.1.10, and 10443, respectively

Question 62

Which three methods are used by the collector agent for AD polling? (Choose three.)

A. FortiGate polling

B. FSSO REST API

C. WMI

D. NetAPI

E. WinSecLog

Question 63

What are two functions of the ZTNA rule? (Choose two.)

A. It redirects the client request to the access proxy.

B. It applies security profiles to protect traffic.

C. It defines the access proxy.

D. It enforces access control.

Question 64

Which two statements describe how the RPF check is used? (Choose two.)

A. The RPF check is a mechanism that protects FortiGate and the network from IP spoofing attacks.

B. The RPF check is run on the first sent and reply packet of any new session.

C. The RPF check is run on the first sent packet of any new session.

D. The RPF check is run on the first reply packet of any new session.

Question 65

Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 failed to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes can the administrator make to bring phase 1 up? (Choose two.)

Image NSE4_FGT-7.2_65Q.png related to the Fortinet NSE4_FGT-7.2 Exam

Win IT Exam with Last Dumps 2025

Fortinet NSE4_FGT-7.2 Exam

Page 7/7

Viewing Questions 61 65 out of 65 Questions

A. 10.0.1.254, 10.0.1.10, and 443, respectively

B. 10.0.1.254, 10.200.1.10, and 443, respectively

C. 10.200.3.1, 10.0.1.10, and 443, respectively

D. 10.0.1.254, 10.0.1.10, and 10443, respectively

Which three methods are used by the collector agent for AD polling? (Choose three.)

A. FortiGate polling

B. FSSO REST API

C. WMI

D. NetAPI

E. WinSecLog

What are two functions of the ZTNA rule? (Choose two.)

A. It redirects the client request to the access proxy.

B. It applies security profiles to protect traffic.

C. It defines the access proxy.

D. It enforces access control.

Which two statements describe how the RPF check is used? (Choose two.)

A. The RPF check is a mechanism that protects FortiGate and the network from IP spoofing attacks.

B. The RPF check is run on the first sent and reply packet of any new session.

C. The RPF check is run on the first sent packet of any new session.

D. The RPF check is run on the first reply packet of any new session.

A. On both FortiGate devices, set Dead Peer Detection to On Demand.

B. On HQ-FortiGate, set IKE mode to Main (ID protection).

C. On HO-FortiGate, disable Diffie-Helman group 2.

D. On Remote-FortiGate, set port2 as Interface.