Free NSE4_FGT-7.2 Questions Attempt

Fortinet NSE 4 - FortiOS 7.2 Questions and Answers

Question 5

An administrator is running the following sniffer command:

Which three pieces of Information will be Included in me sniffer output? {Choose three.)

Interface name

Packet payload

Ethernet header

IP header

Application header

Question 6

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

Source defined as Internet Services in the firewall policy.

Destination defined as Internet Services in the firewall policy.

Highest to lowest priority defined in the firewall policy.

Services defined in the firewall policy.

Lowest to highest policy ID number.

Question 7

Which of the following statements about central NAT are true? (Choose two.)

IP tool references must be removed from existing firewall policies before enabling central NAT .

Central NAT can be enabled or disabled from the CLI only.

Source NAT, using central NAT, requires at least one central SNAT policy.

Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Question 8

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

ADVPN is only supported with IKEv2.

Tunnels are negotiated dynamically between spokes.

Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.