Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Fortinet
  3. NSE4_FGT-7.2

Fortinet NSE4_FGT-7.2 Exam (page: 3)
Fortinet NSE 4 - FortiOS 7.2
Updated on: 28-Jul-2025

Viewing Page 3 of 36
NSE4_FGT-7.2 PDF 174 Questions

How does FortiGate act when using SSL VPN in web mode?

  1. FortiGate acts as an FDS server.
  2. FortiGate acts as an HTTP reverse proxy.
  3. FortiGate acts as DNS server.
  4. FortiGate acts as router.

Answer(s): B


Reference:

https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/Fortigate_v4.0MR3/fortigate- sslvpn-40-mr3.pdf



Which three statements explain a flow-based antivirus profile? (Choose three.)

  1. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.
  2. If a virus is detected, the last packet is delivered to the client.
  3. The IPS engine handles the process as a standalone.
  4. FortiGate buffers the whole file but transmits to the client at the same time.
  5. Flow-based inspection optimizes performance compared to proxy-based inspection.

Answer(s): A,D,E


Reference:

https://forum .fortinet.com/tm .aspx?m=192309



Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).





Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

  1. The firewall policy performs the full content inspection on the file.
  2. The flow-based inspection is used, which resets the last packet to the user.
  3. The volume of traffic being inspected is too high for this model of FortiGate.
  4. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

Answer(s): B

Explanation:

· "ONLY" If the virus is detected at the "START" of the connection, the IPS engine sends the block replacement message immediately
· When a virus is detected on a TCP session (FIRST TIME), but where "SOME PACKETS" have been already forwarded to the receiver, FortiGate "resets the connection" and does not send the last piece of the file. Although the receiver got most of the file content, the file has been truncated and therefore, can't be opened. The IPS engine also caches the URL of the infected file, so that if a "SECOND ATTEMPT" to transmit the file is made, the IPS engine will then send a block replacement message to the client instead of scanning the file again. In flow mode, the FortiGate drops the last packet killing the file. But because of that the block replacement message cannot be displayed. If the file is attempted to download again the block message will be shown.



A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

  1. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
  2. Enable Dead Peer Detection.
  3. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
  4. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Answer(s): B,C

Explanation:

Study Guide ­ IPsec VPN ­ IPsec configuration ­ Phase 1 Network.

When Dead Peer Detection (DPD) is enabled, DPD probes are sent to detect a failed tunnel and bring it down before its IPsec SAs expire. This failure detection mechanism is very useful when you have redundant paths to the same destination, and you want to failover to a backup connection when the primary connection fails to keep the connectivity between the sites up. There are three DPD modes. On demand is the default mode.

Study Guide ­ IPsec VPN ­ Redundant VPNs.

Add one phase 1 configuration for each tunnel. DPD should be enabled on both ends.

Add at least one phase 2 definition for each phase 1.

Add one static route for each path. Use distance or priority to select primary routes over backup routes (routes for the primary VPN must have a lower distance or lower priority than the backup).
Alternatively, use dynamic routing.

Configure FW policies for each IPsec interface.



Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

  1. Antivirus engine
  2. Intrusion prevention system engine
  3. Flow engine
  4. Detection engine

Answer(s): B

Explanation:

http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application-control


Reference:

http://docs.fortinet.com/document/fortigate/6.0.0/handbook/240599/application- control



Viewing Page 3 of 36



Share your comments for Fortinet NSE4_FGT-7.2 exam with other users:

ahmad hassan 9/6/2023 3:26:00 AM

pd1 with great experience
Anonymous


Žarko 9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution
UNITED KINGDOM


Shiji 10/15/2023 1:08:00 PM

helpful to check your understanding.
INDIA


Da Costa 8/27/2023 11:43:00 AM

question 128 the answer should be static not auto
Anonymous


bot 7/26/2023 6:45:00 PM

more comments here
UNITED STATES


Kaleemullah 12/31/2023 1:35:00 AM

great support to appear for exams
Anonymous


Bsmaind 8/20/2023 9:26:00 AM

useful dumps
Anonymous


Blessious Phiri 8/13/2023 8:37:00 AM

making progress
Anonymous


Nabla 9/17/2023 10:20:00 AM

q31 answer should be d i think
FRANCE


vladputin 7/20/2023 5:00:00 AM

is this real?
UNITED STATES


Nick W 9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it
Anonymous


Naveed 8/28/2023 2:48:00 AM

good questions with simple explanation
UNITED STATES


cert 9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
Anonymous


Yves 8/29/2023 8:46:00 PM

very inciting
Anonymous


Miguel 10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;
SPAIN


Byset 9/25/2023 12:49:00 AM

it look like real one
Anonymous


Debabrata Das 8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps
Anonymous


nITA KALE 8/22/2023 1:57:00 AM

i need dumps
Anonymous


CV 9/9/2023 1:54:00 PM

its time to comptia sec+
GREECE


SkepticReader 8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).
UNITED STATES


Nabin 10/16/2023 4:58:00 AM

helpful content
MALAYSIA


Blessious Phiri 8/15/2023 3:19:00 PM

oracle 19c is complex db
Anonymous


Sreenivas 10/24/2023 12:59:00 AM

helpful for practice
Anonymous


Liz 9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.
UNITED STATES


Namrata 7/15/2023 2:22:00 AM

helpful questions
Anonymous


lipsa 11/8/2023 12:54:00 PM

thanks for question
Anonymous


Eli 6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
EUROPEAN UNION


open2exam 10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?
Anonymous


Gerald 9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
UNITED STATES


ryo 9/10/2023 2:27:00 PM

very helpful
MEXICO


Jamshed 6/20/2023 4:32:00 AM

i need this exam
PAKISTAN


Roberto Capra 6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?
Anonymous


Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


Vey 5/27/2023 12:06:00 AM

highly appreciate for your sharing.
CAMBODIA