Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE4_FGT-7.2 - Fortinet NSE 4 - FortiOS 7.2

Fortinet NSE4_FGT-7.2 Premium Access     Download Demo    
Page: 4 / 6
Total 170 questions

82

Consider the topology:

Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.

An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.

The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

A.

Set the maximum session TTL value for the TELNET service object.

B.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

C.

Create a new service object for TELNET and set the maximum session TTL.

D.

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSL/TLS connection.

Which FortiGate configuration can achieve this goal?

A.

SSL VPN bookmark

B.

SSL VPN tunnel

C.

Zero trust network access

D.

SSL VPN quick connection

6

Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

A.

FortiCache

B.

FortiSIEM

C.

FortiAnalyzer

D.

FortiSandbox

E.

FortiCloud

Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

A.

A local FortiManager is one of the servers FortiGate communicates with.

B.

One server was contacted to retrieve the contract information.

C.

There is at least one server that lost packets consecutively.

D.

FortiGate is using default FortiGuard communication settings.

Refer to the exhibit.

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

A.

Destination NAT is disabled in the firewall policy.

B.

One-to-one NAT IP pool is used in the firewall policy.

C.

Overload NAT IP pool is used in the firewall policy.

D.

Port block allocation IP pool is used in the firewall policy.

51

Which of the following statements about central NAT are true? (Choose two.)

A.

IP tool references must be removed from existing firewall policies before enabling central NAT .

B.

Central NAT can be enabled or disabled from the CLI only.

C.

Source NAT, using central NAT, requires at least one central SNAT policy.

D.

Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

31

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

A.

get system status

B.

get system performance status

C.

diagnose sys top

D.

get system arp

94

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A.

The interface has been configured for one-arm sniffer.

B.

The interface is a member of a virtual wire pair.

C.

The operation mode is transparent.

D.

The interface is a member of a zone.

E.

Captive portal is enabled in the interface.

Refer to the exhibits.

Exhibit A shows a network diagram. Exhibit B shows the firewall policy configuration and a VIP object configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

The administrator disabled the WebServer firewall policy.

Which IP address will be used to source NAT the traffic, if a user with address 10.0.1.10 connects over SSH to the host with address 10.200.3.1?

A.

10.200.1.10

B.

10.0.1.254

C.

10.200.1.1

D.

10.200.3.1

Refer to the exhibit.

The exhibit contains a network diagram, central SNAT policy, and IP pool configuration.

The WAN (port1) interface has the IP address 10.200. 1. 1/24.

The LAN (port3) interface has the IP address 10.0. 1.254/24.

A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1).

Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.

Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0. 1. 10) pings the IP address of Remote-FortiGate (10.200.3. 1)?

A.

10.200. 1. 149

B.

10.200. 1. 1

C.

10.200. 1.49

D.

10.200. 1.99