Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam NSE4_FGT-7.2 Topic 1 Question 21 Discussion

Actual exam question for Fortinet's NSE4_FGT-7.2 exam
Question #: 21
Topic #: 1
[All NSE4_FGT-7.2 Questions]

What are two features of the NGFW policy-based mode? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

C) NGFW policy-based mode policies support only flow inspection. This is correct.This is a feature of the NGFW policy-based mode, according to the Fortinet documentation 'Profile-based NGFW vs policy-based NGFW'1. The documentation states that ''In policy-based NGFW mode, you can only select flow inspection. Proxy inspection is not supported.''

D) NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy. This is correct.This is a feature of the NGFW policy-based mode, according to the Fortinet documentation 'Profile-based NGFW vs policy-based NGFW'1. The documentation states that ''In policy-based NGFW mode, you allow applications and URL categories to be used directly in security policies, without requiring web filter or application control profiles.''


by Nobuko at Dec 26, 2023, 09:55 PM

Limited Time Offer

25%

Off

Get Premium NSE4_FGT-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cassi
24 days ago
Good point. Limiting it to just global application could be a drawback. Though I suppose the trade-off might be easier management if it's a one-size-fits-all kind of deal. Still, flexibility is always nice.
upvoted 0 times
...
Candra
25 days ago
But wait, don't we also need to consider the global vs. VDOM application? I'm not sure about option B. Wouldn't it be better if the policy-based mode could be applied to individual VDOMs as well?
upvoted 0 times
...
Mozell
26 days ago
I agree, A and D sound like the best options. The policy-based mode seems designed to simplify firewall management by integrating more functionality directly into the policies. That could be a real time-saver for administrators.
upvoted 0 times
Candra
6 days ago
It's possible. Organizations with specific VDOM requirements may find that limitation restrictive.
upvoted 0 times
...
Karima
7 days ago
C) NGFW policy-based mode policies support only flow inspection.
upvoted 0 times
...
Jonell
8 days ago
Do you think the global application limitation could be a drawback for some organizations?
upvoted 0 times
...
Clorinda
9 days ago
B) NGFW policy-based mode can only be applied globally and not on individual VDOMs
upvoted 0 times
...
Paola
10 days ago
I think you're right. Having those features integrated into the policies does seem like a time-saver.
upvoted 0 times
...
Harrison
11 days ago
D) NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
upvoted 0 times
...
Verona
12 days ago
A) NGFW policy-based mode does not require the use of central source NAT policy.
upvoted 0 times
...
...
Desmond
27 days ago
Hmm, this NGFW policy-based mode question seems a bit tricky. I'm not entirely sure about the specifics, but I'm leaning towards options A and D. The 'no central source NAT policy' and the ability to create applications and web filtering directly in the policy sound like useful features.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77