← Back to exam page

NSE4_FGT-7.2 Fortinet NSE 4FortiOS 7.2

Loading demo links...

Showing 4–6 of 10 questions

Question 4

11

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

Select all that apply, then click Submit answer.

  • To detect intermediary NAT devices in the tunnel path.

  • To dynamically change phase 1 negotiation mode aggressive mode.

  • To encapsulation ESP packets in UDP packets using port 4500.

  • To force a new DH exchange with each phase 2 rekey.
Question 5

Refer to the exhibit.

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

Select all that apply, then click Submit answer.

  • The port3 default route has the highest distance.

  • The port3 default route has the lowest metric.

  • There will be eight routes active in the routing table.

  • The port1 and port2 default routes are active in the routing table.
Question 6

43

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Select an option, then click Submit answer.

  • FortiGate automatically negotiates different local and remote addresses with the remote peer.

  • FortiGate automatically negotiates a new security association after the existing security association expires.

  • FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

  • FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.