Question 1

What are two scanning techniques supported by FortiGate? (Choose two.)

AMachine learning scan

BAntivirus scan

CRansomware scan

DTrojan scan

Answer : A, B

FortiGate Security 7.2 Study Guide (p.341):

'Like viruses, which use many methods to avoid detection, FortiGate uses many techniques to detect viruses. These detection techniques include:

* Antivirus scan

* Grayware scan

* Machine learning (AI) scan

If all antivirus features are enabled, FortiGate applies the following scanning order: antivirus scan, followed by grayware scan, followed by AI scan.'

Question 2

Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

What should the administrator do next to troubleshoot the problem?

ARun a sniffer on the web server.

BCapture the traffic using an external sniffer connected to port1.

CExecute another sniffer in the FortiGate, this time with the filter host 10.0.1.10

DExecute a debug flow.

Answer : D

This solution will help the administrator troubleshoot the problem by tracing the packet flow through the FortiGate device and displaying the details of each step.A debug flow can show the source and destination interfaces, the firewall policy, the routing table, the NAT translation, the security profiles, and the session information of the packet1. A debug flow can also show any errors or anomalies that occur during the packet processing.To execute a debug flow, the administrator can use the diagnose debug flow command in the CLI

Question 3

Refer to the exhibit to view the firewall policy

Why would the firewall policy not block a well-known virus, for

example eicar?

AWeb filter is not enabled on the firewall policy to complement the antivirus profile.

BThe firewall policy does not apply deep content inspection.

CThe firewall policy is not configured in proxy-based inspection mode.

DThe action on the firewall policy is not set to deny

Answer : B

Question 4

Refer to the exhibits.

Exhibit A

Exhibit B

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.

How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

AIf there is a fall-through policy in place, users will not be prompted for authentication.

BAuthentication is enforced at a policy level; all users will be prompted for authentication.

CAll users will be prompted for authentication, users from the Sales group can authenticate successfully with the correct credentials.

DAll users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials.

Answer : D

Question 5

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

AThe server name indication (SNI) extension in the client hello message

BThe subject alternative name (SAN) field in the server certificate

CThe host field in the HTTP header

DThe serial number in the server certificate

EThe subject field in the server certificate

Answer : A, B, E

A) The server name indication (SNI) extension in the client hello message. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The SNI extension is a feature of the TLS protocol that allows a client to indicate the hostname of the server it wants to connect to during the TLS handshake.This helps the server to present the appropriate certificate for the requested hostname, especially when the server hosts multiple domains on the same IP address1.FortiGate can use the SNI extension in the client hello message to identify the hostname of the SSL server and verify it against the server certificate2.

B) The subject alternative name (SAN) field in the server certificate. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The SAN field is an extension of the X.509 certificate standard that allows a certificate to specify multiple hostnames or IP addresses that are valid for the certificate.This helps the certificate to support multiple domains or subdomains on the same server, or multiple servers with different IP addresses3.FortiGate can use the SAN field in the server certificate to identify the hostname of the SSL server and verify it against the client request2.

E) The subject field in the server certificate. This is correct. This is a piece of information that FortiGate uses to identify the hostname of the SSL server when SSL certificate inspection is enabled. The subject field is a part of the X.509 certificate standard that contains information about the identity of the entity that owns the certificate, such as common name, organization, country, and so on.The common name usually specifies the hostname or domain name of the server that owns the certificate4.FortiGate can use the subject field in the server certificate to identify the hostname of the SSL server and verify it against the client request2.

Free Practice Questions for Fortinet NSE4_FGT-7.2 Exam

Question 1

Question 2

Question 3

Question 4

Question 5