BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE4_FGT-7.2 Topic 1 Question 21 Discussion

Actual exam question for Fortinet's NSE4_FGT-7.2 exam
Question #: 21
Topic #: 1
[All NSE4_FGT-7.2 Questions]

What are two features of the NGFW policy-based mode? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

C) NGFW policy-based mode policies support only flow inspection. This is correct.This is a feature of the NGFW policy-based mode, according to the Fortinet documentation 'Profile-based NGFW vs policy-based NGFW'1. The documentation states that ''In policy-based NGFW mode, you can only select flow inspection. Proxy inspection is not supported.''

D) NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy. This is correct.This is a feature of the NGFW policy-based mode, according to the Fortinet documentation 'Profile-based NGFW vs policy-based NGFW'1. The documentation states that ''In policy-based NGFW mode, you allow applications and URL categories to be used directly in security policies, without requiring web filter or application control profiles.''


by Nobuko at Dec 26, 2023, 09:55 PM

Limited Time Offer

25%

Off

Get Premium NSE4_FGT-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cassi
7 months ago
Good point. Limiting it to just global application could be a drawback. Though I suppose the trade-off might be easier management if it's a one-size-fits-all kind of deal. Still, flexibility is always nice.
upvoted 0 times
...
Candra
7 months ago
But wait, don't we also need to consider the global vs. VDOM application? I'm not sure about option B. Wouldn't it be better if the policy-based mode could be applied to individual VDOMs as well?
upvoted 0 times
...
Mozell
7 months ago
I agree, A and D sound like the best options. The policy-based mode seems designed to simplify firewall management by integrating more functionality directly into the policies. That could be a real time-saver for administrators.
upvoted 0 times
Candra
6 months ago
It's possible. Organizations with specific VDOM requirements may find that limitation restrictive.
upvoted 0 times
...
Karima
7 months ago
C) NGFW policy-based mode policies support only flow inspection.
upvoted 0 times
...
Jonell
7 months ago
Do you think the global application limitation could be a drawback for some organizations?
upvoted 0 times
...
Clorinda
7 months ago
B) NGFW policy-based mode can only be applied globally and not on individual VDOMs
upvoted 0 times
...
Paola
7 months ago
I think you're right. Having those features integrated into the policies does seem like a time-saver.
upvoted 0 times
...
Harrison
7 months ago
D) NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy
upvoted 0 times
...
Verona
7 months ago
A) NGFW policy-based mode does not require the use of central source NAT policy.
upvoted 0 times
...
...
Desmond
7 months ago
Hmm, this NGFW policy-based mode question seems a bit tricky. I'm not entirely sure about the specifics, but I'm leaning towards options A and D. The 'no central source NAT policy' and the ability to create applications and web filtering directly in the policy sound like useful features.
upvoted 0 times
...

Save Cancel