Legit NSE4_FGT-7.2 Exam Download

Fortinet NSE 4 - FortiOS 7.2 Questions and Answers

Question 13

In which two ways can RPF checking be disabled? (Choose two )

Enable anti-replay in firewall policy.

Disable the RPF check at the FortiGate interface level for the source check

Enable asymmetric routing.

Disable strict-arc-check under system settings.

Question 14

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

ADVPN is only supported with IKEv2.

Tunnels are negotiated dynamically between spokes.

Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Question 15

Refer to the exhibit.

The exhibit shows the output of a diagnose command.

What does the output reveal about the policy route?

It is an ISDB route in policy route.

It is a regular policy route.

It is an ISDB policy route with an SDWAN rule.

It is an SDWAN rule in policy route.

Question 16

If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

The Services field prevents SNAT and DNAT from being combined in the same policy.

The Services field is used when you need to bundle several VIPs into VIP groups.

The Services field removes the requirement to create multiple VIPs for different services.

The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.