Fortinet 7.2 NSE 4 GRADE A+
CORRECT SOLUTONS
SEC03 What is the benefit of using NAT?
A. Prevents depletion of IPv4 public address T
B. Enhanced content inspection
SEC03 Which statement about NAT66 is true?
A. It is used to translate addresses between two IPv6 networks. T
B. It is used to translate addresses between two IPv4 networks.
SEC03 What is the default IP pool type?
A. One-to-one
B. Overload
B. Overload
SEC03 Which of the following is the default VIP type?
A. static—nat
B. load—balance
A. static—nat
SEC03 Which statement is true?
A. Central NAT is not enabled by default.
B. Both central NAT and firewall policy NAT can be enabled together.
A. Central NAT is not enabled by default.
SEC03 What happens if there is no matching central SNAT policy or no
central SNAT policy configured?
A. The egress interface is used.
B. NAT is not be applied to the firewall session.
B. NAT is not be applied to the firewall session.
SEC04 Which firewall authentication method does FortiGate support?
A. Local password authentication
B. Biometric authentication
A. Local password authentication
SEC04 A remote LDAP user is trying to authenticate with a username
and password. How does FortiGate verify the login credentials?
A. FortiGate queries its own database for user credentials.
, B. FortiGate sends the user-entered credentials to the remote server
for verification.
B. FortiGate sends the user-entered credentials to the remote server
for verification.
SEC04 When FortiGate uses a RADIUS server for remote authentication,
which statement about RADIUS is true?
A. FortiGate must query the remote RADIUS server using the
distinguished name (dn).
B. RADIUS group memberships are provided by vendor-specific
attributes (VSAs) configured on the RADIUS server
A. FortiGate must query the remote RADIUS server using the
distinguished name (dn).
B. RADIUS group memberships are provided by vendor-specific
attributes (VSAs) configured on the RADIUS server
SEC04 Which statement about guest user groups is true?
Guest user group accounts are temporary.
Guest user group account passwords are temporary.
Guest user group accounts are temporary.
SEC04 Guest accounts are most commonly used for which purposes?
To provide temporary visitor access to corporate network resources
To provide temporary visitor access to wireless networks
To provide temporary visitor access to wireless networks
SEC05 If you enable reliable logging, which transport protocol will
FortiGate use?
A. UDP B. TCP -correct
SEC04 Firewall policies dictate whether a user or device can or
cannot authenticate on a network. Which statement about firewall
authentication is true?
-Firewall policies can be configured to authenticate certificate
users.
-The order of the firewall policies always determines whether a
user's credentials are determined actively or passively.
-Firewall policies can be configured to authenticate certificate
users.
SEC04 Which statement about active authentication is true?
-Active authentication is always used before passive authentication.
-The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet
protocols in order for the user to be prompted for credentials.
CORRECT SOLUTONS
SEC03 What is the benefit of using NAT?
A. Prevents depletion of IPv4 public address T
B. Enhanced content inspection
SEC03 Which statement about NAT66 is true?
A. It is used to translate addresses between two IPv6 networks. T
B. It is used to translate addresses between two IPv4 networks.
SEC03 What is the default IP pool type?
A. One-to-one
B. Overload
B. Overload
SEC03 Which of the following is the default VIP type?
A. static—nat
B. load—balance
A. static—nat
SEC03 Which statement is true?
A. Central NAT is not enabled by default.
B. Both central NAT and firewall policy NAT can be enabled together.
A. Central NAT is not enabled by default.
SEC03 What happens if there is no matching central SNAT policy or no
central SNAT policy configured?
A. The egress interface is used.
B. NAT is not be applied to the firewall session.
B. NAT is not be applied to the firewall session.
SEC04 Which firewall authentication method does FortiGate support?
A. Local password authentication
B. Biometric authentication
A. Local password authentication
SEC04 A remote LDAP user is trying to authenticate with a username
and password. How does FortiGate verify the login credentials?
A. FortiGate queries its own database for user credentials.
, B. FortiGate sends the user-entered credentials to the remote server
for verification.
B. FortiGate sends the user-entered credentials to the remote server
for verification.
SEC04 When FortiGate uses a RADIUS server for remote authentication,
which statement about RADIUS is true?
A. FortiGate must query the remote RADIUS server using the
distinguished name (dn).
B. RADIUS group memberships are provided by vendor-specific
attributes (VSAs) configured on the RADIUS server
A. FortiGate must query the remote RADIUS server using the
distinguished name (dn).
B. RADIUS group memberships are provided by vendor-specific
attributes (VSAs) configured on the RADIUS server
SEC04 Which statement about guest user groups is true?
Guest user group accounts are temporary.
Guest user group account passwords are temporary.
Guest user group accounts are temporary.
SEC04 Guest accounts are most commonly used for which purposes?
To provide temporary visitor access to corporate network resources
To provide temporary visitor access to wireless networks
To provide temporary visitor access to wireless networks
SEC05 If you enable reliable logging, which transport protocol will
FortiGate use?
A. UDP B. TCP -correct
SEC04 Firewall policies dictate whether a user or device can or
cannot authenticate on a network. Which statement about firewall
authentication is true?
-Firewall policies can be configured to authenticate certificate
users.
-The order of the firewall policies always determines whether a
user's credentials are determined actively or passively.
-Firewall policies can be configured to authenticate certificate
users.
SEC04 Which statement about active authentication is true?
-Active authentication is always used before passive authentication.
-The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet
protocols in order for the user to be prompted for credentials.
