Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Note! The NSE4_FGT-6.2 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the NSE4_FGT-7.2 Exam.

NSE4_FGT-6.2 Fortinet NSE 4 - FortiOS 6.2 Questions and Answers

Questions 4

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Options:

A.

The firmware image must be manually uploaded to each FortiGate.

B.

Only secondary FortiGate devices are rebooted.

C.

Uninterruptable upgrade is enabled by default.

D.

Traffic load balancing is temporally disabled while upgrading the firmware.

Buy Now
Questions 5

Examine this FortiGate configuration:

NSE4_FGT-6.2 Question 5

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

Options:

A.

It always authorizes the traffic without requiring authentication.

B.

It drops the traffic.

C.

It authenticates the traffic using the authentication scheme SCHEME2.

D.

It authenticates the traffic using the authentication scheme SCHEME1.

Buy Now
Questions 6

Examine the following web filtering log.

NSE4_FGT-6.2 Question 6

Which statement about the log message is true?

Options:

A.

The action for the category Games is set to block.

B.

The usage quota for the IP address 10.0.1.10 has expired

C.

The name of the applied web filter profile is default.

D.

The web site miniclip.com matches a static URL filter whose action is set to Warning.

Buy Now
Questions 7

A team manager has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effective option to support this request?

Options:

A.

Implement a web filter category override for the specified website.

B.

Implement web filter authentication for the specified website

C.

Implement web filter quotas for the specified website.

D.

Implement DNS filter for the specified website.

Buy Now
Questions 8

Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

NSE4_FGT-6.2 Question 8

What are the expected actions if traffic matches this IPS sensor? (Choose two.)

Options:

A.

The sensor will gather a packet log for all matched traffic.

B.

The sensor will not block attackers matching the A32S.Botnet signature.

C.

The sensor will block all attacks for Windows servers.

D.

The sensor will reset all connections that match these signatures.

Buy Now
Questions 9

How does FortiGate verify the login credentials of a remote LDAP user?

Options:

A.

FortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server.

B.

FortiGate sends the user-entered credentials to the LDAP server for authentication.

C.

FortiGate queries the LDAP server for credentials.

D.

FortiGate queries its own database for credentials.

Buy Now
Questions 10

Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:

NSE4_FGT-6.2 Question 10

An administrator has added the following static route on FGTI.

NSE4_FGT-6.2 Question 10

Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

Options:

A.

The new route’s destination subnet overlaps an existing route.

B.

The new route’s Distance value should be higher than 10.

C.

The Gateway IP address is not in the same subnet as port1.

D.

The Priority is 0, which means that this route will remain inactive.

Buy Now
Questions 11

Examine the routing database shown in the exhibit, and then answer the following question:

NSE4_FGT-6.2 Question 11

Which of the following statements are correct? (Choose two.)

Options:

A.

The port3 default route has the highest distance.

B.

The port3 default route has the lowest metric.

C.

There will be eight routes active in the routing table.

D.

The port1 and port2 default routes are active in the routing table.

Buy Now
Questions 12

An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

Options:

A.

Implement firewall authentication for all users that need access to fortinet.com.

B.

Manually install the FortiGate deep inspection certificate as a trusted CA.

C.

Configure fortinet.com access to bypass the IPS engine.

D.

Configure an SSL-inspection exemption for fortinet.com.

Buy Now
Questions 13

Which statements about DNS filter profiles are true? (Choose two.)

Options:

A.

They can inspect HTTP traffic.

B.

They can redirect blocked requests to a specific portal.

C.

They can block DNS requests to known botnet command and control servers.

D.

They must be applied in firewall policies with SSL inspection enabled.

Buy Now
Questions 14

Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

Options:

A.

Include the group of guest users in a policy.

B.

Extend timeout timers.

C.

Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.

D.

Ensure all firewalls allow the FSSO required ports.

Buy Now
Questions 15

An administrator has configured central DNAT and virtual IPs. Which of the following can be selected in the firewall policy Destination field?

Options:

A.

A VIP group

B.

The mapped IP address object of the VIP object

C.

A VIP object

D.

An IP pool

Buy Now
Questions 16

Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

Options:

A.

If the DHCP method fails, browsers will try the DNS method.

B.

The browser needs to be preconfigured with the DHCP server’s IP address.

C.

The browser sends a DHCPONFORM request to the DHCP server.

D.

The DHCP server provides the PAC file for download.

Buy Now
Questions 17

Which is the correct description of a hash result as it relates to digital certificates?

Options:

A.

A unique value used to verify the input data

B.

An output value that is used to identify the person or deduce that authored the input data.

C.

An obfuscation used to mask the input data.

D.

An encrypted output value used to safe-guard the input data

Buy Now
Questions 18

Examine the exhibit, which shows the partial output of an IKE real-time debug.

NSE4_FGT-6.2 Question 18

Which of the following statement about the output is true?

Options:

A.

The VPN is configured to use pre-shared key authentication.

B.

Extended authentication (XAuth) was successful.

C.

Remote is the host name of the remote IPsec peer.

D.

Phase 1 went down.

Buy Now
Questions 19

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides

(client and server) have terminated the session?

Options:

A.

To remove the NAT operation.

B.

To generate logs

C.

To finish any inspection operations.

D.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Buy Now
Questions 20

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Options:

A.

Traffic to botnetservers

B.

Traffic to inappropriate web sites

C.

Server information disclosure attacks

D.

Credit card data leaks

E.

SQL injection attacks

Buy Now
Questions 21

Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

Options:

A.

FG-traffic VDOM

B.

Root VDOM

C.

Customer VDOM

D.

Global VDOM

Buy Now
Exam Code: NSE4_FGT-6.2
Exam Name: Fortinet NSE 4 - FortiOS 6.2
Last Update: Nov 30, 2023
Questions: 140
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 24 Nov 2024