[2023年10月19日] 無料ダウンロードFortinet NSE4_FGT-7.2リアル試験問題
あなたを合格させる試験には100%確認済みNSE4_FGT-7.2試験問題
質問 # 21
Which three statements explain a flow-based antivirus profile? (Choose three.)
- A. Optimized performance compared to proxy-based inspection.
- B. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
- C. If the virus is detected, the last packet is delivered to the client.
- D. FortiGate buffers the whole file but transmits to the client simultaneously.
- E. IPS engine handles the process as a standalone.
正解:A、B、D
質問 # 22
An administrator has configured the following settings:
What are the two results of this configuration? (Choose two.)
- A. Denied users are blocked for 30 minutes.
- B. A session for denied traffic is created.
- C. Device detection on all interfaces is enforced for 30 minutes.
- D. The number of logs generated by denied traffic is reduced.
正解:B、D
解説:
Explanation
ses-denied-traffic
Enable/disable including denied session in the session table.
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/20620/config-system-settings block-session-timer Duration in seconds for blocked sessions .
integer
Minimum value: 1 Maximum value: 300
30
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/1620/config-system-global
質問 # 23
Refer to the web filter raw logs.
Based on the raw logs shown in the exhibit, which statement is correct?
- A. Social networking web filter category is configured with the action set to authenticate.
- B. Access to the social networking web filter category was explicitly blocked to all users.
- C. The name of the firewall policy is all_users_web.
- D. The action on firewall policy ID 1 is set to warning.
正解:A
質問 # 24
Which statement about the policy ID number of a firewall policy is true?
- A. It represents the number of objects used in the firewall policy.
- B. It changes when firewall policies are reordered.
- C. It defines the order in which rules are processed.
- D. It is required to modify a firewall policy using the CLI.
正解:D
質問 # 25
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 16. 1.0/24 and the remote quick mode selector is 192. 16.2.0/24. How must the administrator configure the local quick mode selector for site B?
- A. 192. 168. 1.0/24
- B. 192. 168.2.0/24
- C. 192. 168.3.0/24
- D. 192. 168.0.0/8
正解:B
質問 # 26
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?
- A. FortiGuard category filter and rating filter
- B. Static domain filter, SSL inspection filter, and external connectors filters
- C. Static URL filter, FortiGuard category filter, and advanced filters
- D. DNS-based web filter and proxy-based web filter
正解:C
質問 # 27
Refer to the exhibit.
An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)
- A. The Enable probe packets setting is not enabled.
- B. The Detection Mode setting is not set to Passive.
- C. Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid.
- D. The configured participants are not SD-WAN members.
正解:A、C
質問 # 28
Refer to the exhibit.
Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)
- A. There will be eight routes active in the routing table.
- B. The port3 default route has the highest distance.
- C. The port1 and port2 default routes are active in the routing table.
- D. The port3 default route has the lowest metric.
正解:B、C
質問 # 29
An administrator has configured the following settings:
What are the two results of this configuration? (Choose two.)
- A. Denied users are blocked for 30 minutes.
- B. A session for denied traffic is created.
- C. Device detection on all interfaces is enforced for 30 minutes.
- D. The number of logs generated by denied traffic is reduced.
正解:B、D
解説:
ses-denied-traffic
Enable/disable including denied session in the session table.
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/20620/config-system-settings block-session-timer Duration in seconds for blocked sessions .
integer
Minimum value: 1 Maximum value: 300
30
https://docs.fortinet.com/document/fortigate/7.0.6/cli-reference/1620/config-system-global
質問 # 30
An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?
- A. Disable the RPF check at the FortiGate interface level for the reply check .
- B. Enable asymmetric routing, so the RPF check will be bypassed.
- C. Enable asymmetric routing at the interface level.
- D. Disable the RPF check at the FortiGate interface level for the source check.
正解:D
質問 # 31
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)
- A. The IP version of the sources and destinations in a firewall policy must be different.
- B. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
- C. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
- D. The IP version of the sources and destinations in a policy must match.
- E. The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
正解:B、D、E
質問 # 32
Which statement is correct regarding the use of application control for inspecting web applications?
- A. Application control signatures are organized in a nonhierarchical structure.
- B. Application control does not require SSL inspection to identity web applications.
- C. Application control can identity child and parent applications, and perform different actions on them.
- D. Application control does not display a replacement message for a blocked web application.
正解:C
解説:
Explanation
Application control is a feature that allows FortiGate to inspect and control the use of specific web applications on the network. When application control is enabled, FortiGate can identify child and parent applications, and can perform different actions on them based on the configuration.
質問 # 33
View the exhibit.
Which of the following statements are correct? (Choose two.)
- A. This setup requires at least two firewall policies with the action set to IPsec.
- B. This is a redundant IPsec setup.
- C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
- D. Dead peer detection must be disabled to support this type of IPsec setup.
正解:B、C
解説:
https://docs.fortinet.com/document/fortigate/6.2.4/cookbook/632796/ospf-with-ipsec-vpn-for-network-redundancy
質問 # 34
An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?
- A. Software Switch interface
- B. Redundant interface
- C. Aggregate interface
- D. VLAN interface
正解:C
解説:
An aggregate interface is a logical interface that combines two or more physical interfaces into one virtual interface1. An aggregate interface can increase network bandwidth and provide redundancy by distributing traffic across multiple physical interfaces using a load balancing algorithm1. An aggregate interface can also support link aggregation control protocol (LACP) to negotiate the link aggregation settings with the connected device1.
Reference:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/567758/aggregation-and-redundancy
質問 # 35
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)
- A. Intrusion prevention
- B. DNS filter
- C. Antivirus scanning
- D. File filter
正解:A、C
質問 # 36
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
- A. Search option will be disabled
- B. Interface Pair view will be disabled.
- C. By Sequence view will be disabled.
- D. Policy lookup will be disabled.
正解:B
解説:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47821
質問 # 37
Which statement describes a characteristic of automation stitches?
- A. They can have one or more triggers.
- B. They can run multiple actions simultaneously.
- C. They can be run only on devices in the Security Fabric.
- D. They can be created on any device in the fabric.
正解:B
解説:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/351998/creating-automation-stitches
質問 # 38
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
- A. Idle-timeout
- B. auth-on-demand
- C. hard-timeout
- D. soft-timeout
- E. new-session
正解:A、C、E
質問 # 39
An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)
- A. Set the session TTL on the HTTP policy to maximum
- B. Create a new service object for HTTP service and set the session TTL to never
- C. Set the TTL value to never under config system-ttl
- D. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.
正解:B、C
質問 # 40
Examine this FortiGate configuration:
How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
- A. It authenticates the traffic using the authentication scheme SCHEME2.
- B. It drops the traffic.
- C. It always authorizes the traffic without requiring authentication.
- D. It authenticates the traffic using the authentication scheme SCHEME1.
正解:D
解説:
Explanation
"What happens to traffic that requires authorization, but does not match any authentication rule? The active and passive SSO schemes to use for those cases is defined under config authentication setting"
質問 # 41
Examine the exhibit, which contains a virtual IP and firewall policy configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24. The LAN (port2) interface has the IP address 10.0. 1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0. 1. 10/24?
- A. 10.200. 1. 1
- B. Any available IP address in the WAN (port1) subnet 10.200. 1.0/24 66 of 108
- C. 10.200. 1. 10
- D. 10.0. 1.254
正解:C
解説:
Explanation
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Virtual%20IPs.
質問 # 42
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
- A. The operation mode is transparent.
- B. Captive portal is enabled in the interface.
- C. The interface is a member of a virtual wire pair.
- D. The interface is a member of a zone.
- E. The interface has been configured for one-arm sniffer.
正解:A、C、E
解説:
Explanation
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm
質問 # 43
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
- A. The EICAR test file exceeds the protocol options oversize limit.
- B. The browser does not trust the FortiGate self-signed CA certificate.
- C. The website is exempted from SSL inspection.
- D. The selected SSL inspection profile has certificate inspection enabled.
正解:C、D
解説:
SSL Inspection Profile, on the Inspection method there are 2 options to choose from, SSL Certificate Inspection or Full SSL Inspection. FG SEC 7.2 Studi Guide: Full SSL Inspection level is the only choice that allows antivirus to be effective.
質問 # 44
Refer to the exhibit.
Based on the ZTNA tag, the security posture of the remote endpoint has changed.
What will happen to endpoint active ZTNA sessions?
- A. They will be re-evaluated to match the security policy.
- B. They will be re-evaluated to match the ZTNA policy.
- C. They will be re-evaluated to match the endpoint policy.
- D. They will be re-evaluated to match the firewall policy.
正解:A
質問 # 45
Refer to the exhibits.

The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?
- A. Change the SSL VPN port on the client.
- B. Change the Server IP address.
- C. Change the SSL VPN portal to the tunnel.
- D. Change the idle-timeout.
正解:A
質問 # 46
......
NSE4_FGT-7.2問題集100パー合格保証には最新のサンプル:https://jp.fast2test.com/NSE4_FGT-7.2-premium-file.html
NSE4_FGT-7.2問題PDFでNSE4_FGT-7.2リアル試験問題解答:https://drive.google.com/open?id=1sykZ8Vr6kayOctfL0PRhVs75KcZIh1ZZ