An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192. 168. 1.0/24 and the remote quick mode selector is 192. 168.2.0/24. Which subnet must the administrator configure for the local quick mode selector for site B?
Answer(s): C
For an IPsec VPN between site A and site B, the administrator has configured the local quick mode selector for site A as 192.168.1.0/24 and the remote quick mode selector as 192.168.2.0/24. This means that the VPN will allow traffic to and from the 192.168.1.0/24 subnet at site A to reach the192.168.2.0/24 subnet at site B.To complete the configuration, the administrator must configure the local quick mode selector for site B. To do this, the administrator must use the same subnet as the remote quick mode selector for site A, which is 192.168.2.0/24. This will allow traffic to and from the 192.168.2.0/24 subnet at site B to reach the 192.168.1.0/24 subnet at site A.Therefore, the administrator must configure the local quick mode selector for site B as 192.168.2.0/24.
Which two statements are true about the FGCP protocol? (Choose two.)
Answer(s): A,C
The FGCP (FortiGate Clustering Protocol) is a protocol that is used to manage high availability (HA) clusters of FortiGate devices. It performs several functions, including the following:FGCP elects the primary FortiGate device: In an HA cluster, FGCP is used to determine which FortiGate device will be the primary device, responsible for handling traffic and making decisions about what to allow or block. FGCP uses a variety of factors, such as the device's priority, to determine which device should be the primary.FGCP runs only over the heartbeat links: FGCP communicates between FortiGate devices in the HA cluster using the heartbeat links. These are dedicated links that are used to exchange status and control information between the devices. FGCP does not run over other types of links, such as data links.
https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/564712/fgcp-fortigate- clustering-protocolFortiGate Infrastructure 7.2 Study Guide (p.292): "FortiGate HA uses the Fortinet-proprietary FortiGate Clustering Protocol (FGCP) to discover members, elect the primary FortiGate, synchronize data among members, and monitor the health of members. To discover and monitor members, the members broadcast heartbeat packets over all configured heartbeat interfaces."
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
Answer(s): A,D
"In order for FortiGate to act in these roles, its CA certificate must have the basic constraints extension set to cA=True and the value of the keyUsage extension set to keyCertSign."
https://www.reddit.com/r/fortinet/comments/c7j6jg/recommended_ssl_cert/
Which two inspection modes can you use to configure a firewall policy on a profile-based next- generation firewall (NGFW)? (Choose two.)
Refer to the exhibit.The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem .With this configuration, which statement is true?
Answer(s): A
https://kb.fortinet.com/kb/documentLink .do?externalID=FD46542
Share your comments for Fortinet NSE4_FGT-7.2 exam with other users:
please share me the pdf..
q50: which two functions can be used by an end user when pivoting an interactive report? the correct answer is a, c because we do not have rank in the function pivoting you can check in the apex app
best to practice
so far it is good
please provide me the dump
i failed the cisa exam today. but i have found all the questions that were on the exam to be on this site.
in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.
it was helpful
good question
really nice
please i need dumps for isc2 cybersecuity
ans is coldline i think
very helpful
can you please provide dumps so that it helps me more
thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
how i can see exam questions?
can you please upload please?
question 75: option c is correct answer
please add this exam
please upoad
has anyone recently attended safe 6.0 certification? is it the samq question from here.
expository experience
52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
great help!!!
very useful tools
looks a good platform to prepare az-104
want to pass the exam
good resource
question 11 : d
only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
good questions. thanks.
good for practice.
great case study
the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your NSE4_FGT-7.2, please sign in or create a free account.