NSE4_FGT-7.2 Exam Dumps - Fortinet NSE 4 - FortiOS 7.2

A ZTNA rule is a policy that enforces access control and applies security profiles to protect traffic between the client and the access proxy1. A ZTNA rule defines the following parameters1:

Incoming interface: The interface that receives the client request.

Source: The address and user group of the client.

ZTNA tag: The tag that identifies the domain that the client belongs to.

ZTNA server: The server that hosts the access proxy.

Destination: The address of the application that the client wants to access.

Action: The action to take for the traffic that matches the rule. It can be accept, deny, or redirect.

Security profiles: The security features to apply to the traffic, such as antivirus, web filter, application control, and so on.

A ZTNA rule does not redirect the client request to the access proxy. That is the function of a policy route that matches the ZTNA tag and sends the traffic to the ZTNA server2.

A ZTNA rule does not define the access proxy. That is done by creating a ZTNA server object that specifies the IP address, port, and certificate of the access proxy3.

FortiGate Infrastructure 7.2 Study Guide (p.177): "A ZTNA rule is a proxy policy used to enforce access control. You can define ZTNA tags or tag groups to enforce zero-trust role-based access. To create a rule, type a rule name, and add IP addresses and ZTNA tags or tag groups that are allowed or blocked access. You also select the ZTNA server as the destination. You can also apply security profiles to protect this traffic."

C: "Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same physical Fortigate.

D: "Inspection-mode selection has moved from VDOM to firewall policy, and the default inspection-mode is flow, so NGFW Mode can be changed from Profile-base (Default) to Policy-base directly in System > Settings from the VDOM" Page 125 of FortiGate_Infrastructure_6.4_Study_Guide QUESTION NO: 23 51 Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites? A. The security actions applied on the web applications will also be explicitly applied on the third-party websites.

B. The application signature database inspects traffic only from the original web application server.

C. FortiGuard maintains only one signature of each web application that is unique.

D. FortiGate can inspect sub-application traffic regardless where it was originated.

Answer: D

FortiGate Security 7.2 Study Guide (p.428): "You must have a minimum of two FortiGate devices at the core of the Security Fabric, plus one FortiAnalyzer or cloud logging solution. FortiAnalyzer Cloud or FortiGate Cloud can act as the cloud logging solution. The FortiGate devices must be running in NAT mode."