Fortinet NSE4_FGT-7.2問題集で必ず試験合格させる
NSE4_FGT-7.2試験問題(更新されたのは2023年)100%リアル問題解答
Fortinet NSE4_FGT-7.2(Fortinet NSE 4 - FortiOS 7.2)試験は、Fortinetのセキュリティソリューションを構成、管理、監視するための知識とスキルをテストするために設計されています。この認定試験は、FortinetのFortiGateファイアウォールアプライアンスで使用されるFortiOS 7.2オペレーティングシステムを使用するネットワークセキュリティ専門家を対象としています。試験は、Fortinetのセキュリティファブリックを理解することから、ネットワークセキュリティポリシーの構成、セキュリティ問題のトラブルシューティングまで、幅広いトピックをカバーしています。
Fortinet NSE4_FGT-7.2試験に合格するためには、候補者はFortinetセキュリティソリューションの設定と管理に熟達していることを証明する必要があります。試験は、候補者の知識を実際のシナリオに適用する能力をテストする多肢選択問題および実践的な演習で構成されています。認証は2年間有効であり、再認定試験に合格することで更新することができます。全体的に、Fortinet NSE4_FGT-7.2認証は、Fortinetセキュリティソリューションの専門知識を示したいITプロフェッショナルにとって貴重な資格です。
質問 # 20
Refer to the exhibit.
Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
- A. The signature setting includes a group of other signatures.
- B. The signature setting uses a custom rating threshold.
- C. Traffic matching the signature will be allowed and logged.
- D. Traffic matching the signature will be silently dropped and logged.
正解:D
解説:
Action is drop, signature default action is listed only in the signature, it would only match if action was set to default.
質問 # 21
How does FortiGate act when using SSL VPN in web mode?
- A. FortiGate acts as DNS server.
- B. FortiGate acts as router.
- C. FortiGate acts as an FDS server.
- D. FortiGate acts as an HTTP reverse proxy.
正解:D
解説:
Reference:
https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/Fortigate_v4.0MR3/fortigate-sslvpn-40-mr3.pdf
質問 # 22
Which statement describes a characteristic of automation stitches?
- A. They can have one or more triggers.
- B. They can be run only on devices in the Security Fabric.
- C. They can run multiple actions simultaneously.
- D. They can be created on any device in the fabric.
正解:C
質問 # 23
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
- A. The IPS engine will continue to run in a normal state.
- B. The IPS engine was inspecting high volume of traffic.
- C. The IPS engine was blocking all traffic.
- D. The IPS engine was unable to prevent an intrusion attack .
正解:B
解説:
Reference:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/232929/troubleshooting-high-cpu-usage
質問 # 24
What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)
- A. FortiGate uses fewer resources.
- B. FortiGate adds less latency to traffic.
- C. FortiGate performs a more exhaustive inspection on traffic.
- D. FortiGate allocates two sessions per connection.
正解:A、B
質問 # 25
Refer to the exhibit.
Based on the ZTNA tag, the security posture of the remote endpoint has changed.
What will happen to endpoint active ZTNA sessions?
- A. They will be re-evaluated to match the endpoint policy.
- B. They will be re-evaluated to match the firewall policy.
- C. They will be re-evaluated to match the security policy.
- D. They will be re-evaluated to match the ZTNA policy.
正解:C
質問 # 26
In an explicit proxy setup, where is the authentication method and database configured?
- A. Authentication Rule
- B. Authentication scheme
- C. Firewall Policy
- D. Proxy Policy
正解:B
質問 # 27
Refer to the FortiGuard connection debug output.
Based on the output shown in the exhibit, which two statements are correct? (Choose two.)
- A. FortiGate is using default FortiGuard communication settings.
- B. There is at least one server that lost packets consecutively.
- C. One server was contacted to retrieve the contract information.
- D. A local FortiManager is one of the servers FortiGate communicates with.
正解:A、C
質問 # 28
Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.)
- A. FortiGate directs the collector agent to use a remote LDAP server.
- B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
- C. FortiGate uses the AD server as the collector agent.
- D. FortiGate does not support workstation check .
正解:B、D
解説:
You can deploy FSSO w/o installing an agent. FG polls the DCs directly, instead of receiving logon info indirectly from a collector agent.
Because FG collects all of the data itself, agentless polling mode requires greater system resources, and it doesn't scale as easily.
Agentless polling mode operates in a similar way to WinSecLog, but with only two event IDs: 4768 and 4769. Because there's no collector agent, FG uses the SMB protocol to read the event viewer logs from the DCs.
FG acts as a collector. It 's responsible for polling on top of its normal FSSO tasks but does not have all the extra features, such as workstation checks, that are available with the external collector agent.
Reference:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-FSSO-agentless-polling/ta-p/214349
質問 # 29
Which statement regarding the firewall policy authentication timeout is true?
- A. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.
- B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
- C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.
- D. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
正解:D
質問 # 30
Refer to the exhibits.
The exhibits show a network diagram and firewall configurations.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. Remote-User1 must be able to access the Webserver. Remote-User2 must not be able to access the Webserver.

In this scenario, which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)
- A. Disable match-vip in the Deny policy.
- B. Set the Destination address as Deny_IP in the Allow-access policy.
- C. Set the Destination address as Web_server in the Deny policy.
- D. Enable match vip in the Deny policy.
正解:C、D
解説:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LAN/ta-p/189641
質問 # 31
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
- A. The Services field prevents SNAT and DNAT from being combined in the same policy.
- B. The Services field removes the requirement to create multiple VIPs for different services.
- C. The Services field is used when you need to bundle several VIPs into VIP groups.
- D. The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.
正解:B
質問 # 32
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
- A. Intrusion prevention system engine
- B. Detection engine
- C. Flow engine
- D. Antivirus engine
正解:A
解説:
http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control
質問 # 33
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
- A. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
- B. FortiGate automatically negotiates a new security association after the existing security association expires.
- C. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
- D. FortiGate automatically negotiates different local and remote addresses with the remote peer.
正解:A
解説:
https://kb.fortinet.com/kb/documentLink.do?externalID=12069
質問 # 34
Examine this PAC file configuration.
Which of the following statements are true? (Choose two.)
- A. Any web request fortinet.com is allowed to bypass the proxy.
- B. Any web request to the 172.25. 120.0/24 subnet is allowed to bypass the proxy.
- C. All requests not made to Fortinet.com or the 172.25. 120.0/24 subnet, have to go through altproxy.corp.com: 8060.
- D. Browsers can be configured to retrieve this PAC file from the FortiGate.
正解:A、D
質問 # 35
......
合格させるFortinet NSE4_FGT-7.2試験最速合格にはFast2test:https://jp.fast2test.com/NSE4_FGT-7.2-premium-file.html
準備NSE4_FGT-7.2問題解答でNSE4_FGT-7.2試験問題集:https://drive.google.com/open?id=1nvEajaG2sDer4DpkT9VngkKi1EffUSQg