11.11 Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Fortinet NSE4_FGT-7.2 Questions Answers

Page: 9 / 12
Total 170 questions

Fortinet NSE 4 - FortiOS 7.2 Questions and Answers

Question 33

Refer to the exhibit.

The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check . Which interface will be selected as an outgoing interface?

Options:

A.

port2

B.

port4

C.

port3

D.

port1

Question 34

82

Consider the topology:

Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.

An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.

The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Options:

A.

Set the maximum session TTL value for the TELNET service object.

B.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

C.

Create a new service object for TELNET and set the maximum session TTL.

D.

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

Question 35

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

Options:

A.

FortiGate points the collector agent to use a remote LDAP server.

B.

FortiGate uses the AD server as the collector agent.

C.

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

D.

FortiGate queries AD by using the LDAP to retrieve user group information.

Question 36

View the exhibit.

Which of the following statements are correct? (Choose two.)

Options:

A.

This setup requires at least two firewall policies with the action set to IPsec.

B.

Dead peer detection must be disabled to support this type of IPsec setup.

C.

The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

D.

This is a redundant IPsec setup.

Page: 9 / 12
Total 170 questions