Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam NSE7_ZTA-7.2 All Questions

View all questions & answers for the NSE7_ZTA-7.2 exam

Exam NSE7_ZTA-7.2 topic 1 question 1 discussion

Actual exam question from Fortinet's NSE7_ZTA-7.2
Question #: 1
Topic #: 1
[All NSE7_ZTA-7.2 Questions]

Refer to the exhibit.

Based on the ZTNA logs provided, which statement is true?

  • A. The Remote_User ZTNA tag has matched the ZTNA rule.
  • B. An authentication scheme is configured.
  • C. The external IP for ZTNA server is 10.122.0.139.
  • D. Traffic is allowed by firewall policy 1.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
kinge2
Highly Voted 5 months, 2 weeks ago
Selected Answer: B
B is correct as per https://docs.fortinet.com/document/fortigate/7.0.0/new-features/591056/ztna-session-based-form-authentication-7-0-4
upvoted 6 times
...
lucient
Most Recent 2 months, 2 weeks ago
Selected Answer: B
B is correct. Since you have "user=" and "group=" it means there is authentication. So, an authentication scheme must be configured. Page 120. A is wrong. Remote_User is a "group", not a ZTNA tag. There are no ZTNA tags in the log "clientdevicetags=". Page 129 study guide. C is worng. 10.122.0.139 is the server's real IP. Page 129. You can see this IP in the column "Real server". D is wrong. It is not a "firewall" policy but a "proxy" policy. Page 117: ZTNA rule is a proxy policy.
upvoted 1 times
...
Thusi26
3 months, 3 weeks ago
Correct answer is B. There is no "clientdevicetags=" to see in the logs.
upvoted 1 times
...
Solankimss
4 months, 1 week ago
D is correct A Incorrect as there is no tag info in output C -Its destination server IP not extn IP
upvoted 1 times
...
amarsulistio
4 months, 3 weeks ago
Selected Answer: A
Based on the ZTNA logs provided, the true statement is: A) The Remote_user ZTNA tag has matched the ZTNA rule: The log includes a user tag 'ztna_user' and a policy name 'External_Access_FAZ', which suggests that the ZTNA tag for 'Remote_User' has successfully matched the ZTNA rule defined in the policy to allow access. The other options are not supported by the information in the log
upvoted 2 times
...
jorg_t
5 months, 2 weeks ago
I think it's A. There is no auth scheme, otherwise you would see the "authserver=" field in the log. The field "destip=" is the IP of the real server (backend server) It is a proxy policy, not a firewall policy.
upvoted 4 times
...
kfaebu
5 months, 3 weeks ago
I think its B
upvoted 1 times
...
Osirisdt89
6 months ago
D is incorrect, the logs show a proxy policy not a firewall policy. Correct Answer C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...