Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
 

Fortinet NSE7_NST-7.2 Exam Actual Questions

The questions for NSE7_NST-7.2 were last updated on Nov. 5, 2024.
  • Viewing page 1 out of 10 pages.
  • Viewing questions 1-4 out of 40 questions
 

Topic 1 - Exam A

Question #1 Topic 1

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

  • A. FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
  • B. FortiGate uses the CN information from the Subject field in the server certificate.
  • C. FortiGate uses the first entry listed in the SAN field in the server certificate.
  • D. FortiGate uses the SNI from the user’s web browser.
Reveal Solution Hide Solution   Discussion  

Correct Answer: B 🗳️

Question #2 Topic 1

Refer to the exhibit.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?

  • A. Enable asymmetric routing under config system settings.
  • B. Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.
  • C. A firewall policy that allows all ICMP traffic from port3 to port1.
  • D. Change the configuration from strict RPF check mode to feasible RPF check mode.
Reveal Solution Hide Solution   Discussion  

Correct Answer: D 🗳️

Question #3 Topic 1

Refer to the exhibit, which contains the output of a debug command.

If the default settings are in place, what can you conclude about the conserve mode shown in the exhibit?

  • A. FortiGate is currently blocking new sessions that require flow-based or proxy-based content inspection.
  • B. FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.
  • C. FortiGate is currently allowing new sessions that require flow-based or proxy-based content inspection but is not performing inspection on those sessions.
  • D. FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection.
Reveal Solution Hide Solution   Discussion  

Correct Answer: A 🗳️

Question #4 Topic 1

Refer to the exhibit, which shows a session table entry.

Which statement about FortiGate behavior relating to this session is true?

  • A. FortiGate forwarded this session without any inspection.
  • B. FortiGate is performing a security profile inspection using the CPU.
  • C. FortiGate redirected the client to the captive portal to authenticate, so that a correct policy match could be made.
  • D. FortiGate applied only IPS inspection to this session.
Reveal Solution Hide Solution   Discussion  

Correct Answer: B 🗳️

Next Questions

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel