Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. Fortinet
  5. NSE4_FGT-7.2

Fortinet NSE 4 - FortiOS 7.2
NSE4_FGT-7.2 Exam

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

  1. NGFW policy-based mode does not require the use of central source NAT policy
  2. NGFW policy-based mode can only be applied globally and not on individual VDOMs
  3. NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
  4. NGFW policy-based mode policies support only flow inspection

Answer(s): C,D



Refer to the exhibit.



Which contains a session diagnostic output.
Which statement is true about the session diagnostic output?

  1. The session is in SYN_SENT state.
  2. The session is in FIN_ACK state.
  3. The session is in FTN_WAIT state.
  4. The session is in ESTABLISHED state.

Answer(s): A

Explanation:

Indicates TCP (proto=6) session in SYN_SENT state (proto=state=2) https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042



Which two statements explain antivirus scanning modes? (Choose two.)

  1. In proxy-based inspection mode, files bigger than the buffer size are scanned.
  2. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
  3. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
  4. In flow-based inspection mode, files bigger than the buffer size are scanned.

Answer(s): B,C

Explanation:

An antivirus profile in full scan mode buffers up to your specified file size limit. The default is 10 MB. That is large enough for most files, except video files. If your FortiGate model has more RAM, you may be able to increase this threshold. Without a limit, very large files could exhaust the scan memory. So, this threshold balances risk and performance. Is this tradeoff unique to FortiGate, or to a specific model? No. Regardless of vendor or model, you must make a choice. This is because of the difference between scans in theory, that have no limits, and scans on real-world devices, that have finite RAM. In order to detect 100% of malware regardless of file size, a firewall would need infinitely large RAM--something that no device has in the real world. Most viruses are very small. This table shows a typical tradeoff. You can see that with the default 10 MB threshold, only 0.01% of viruses pass through.

FortiGate Security 7.2 Study Guide (p.350 & 352): "In flow-based inspection mode, the IPS engine reads the payload of each packet, caches a local copy, and forwards the packet to the receiver at the same time. Because the file is ransmitted simultaneously, flow-based mode consumes more CPU cycles than proxy-based." "Each protocol's proxy picks up a connection and buffers the entire file first (or waits until the oversize limit is reached) before scanning. The client must wait for the scanning to finish."



Refer to the exhibit.

Refer to the web filter raw logs.



Based on the raw logs shown in the exhibit, which statement is correct?

  1. Social networking web filter category is configured with the action set to authenticate.
  2. The action on firewall policy ID 1 is set to warning.
  3. Access to the social networking web filter category was explicitly blocked to all users.
  4. The name of the firewall policy is all_users_web.

Answer(s): A




Bruce Gord
Thanks Well I just passed the exam with high score. Anyway, thanks for providing the good material.
- Malaysia
Upvote


Parag
Hi, Let me appreciate your Study Guide. I passed the exam with 92%. All the questions were from the study guide. I am still wondering where I went wrong for not scoring 100%. I will not hesitate to recommend your site to my friends and colleagues. Thanks
- UNITED STATES
Upvote


J M
Hello, I purchased your 640-801 last week and I was able to pass my exam with 96%. The questions were all the same. I wondering how you guys do it? Keep up the good job. I appreciate your service and your best price. Thanks
- UNITED STATES
Upvote

Read more ...