CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE4_FGT-6.2 Dumps Questions Answers

Page: 1 / 5
Total 140 questions
Get NSE4_FGT-6.2 Full Access Download NSE4_FGT-6.2 PDF

Fortinet NSE 4 - FortiOS 6.2 Questions and Answers

Question 1

View the exhibit.

Based on the configuration shown in the exhibit, what statements about application control behavior are true? (Choose two.)

Options:

A.

Access to all unknown applications will be allowed.

B.

Access to browser-based Social.Media applications will be blocked.

C.

Access to mobile social media applications will be blocked.

D.

Access to all applications in Social.Media category will be blocked.

Buy Now
Question 2

Which statements about DNS filter profiles are true? (Choose two.)

Options:

A.

They can inspect HTTP traffic.

B.

They can redirect blocked requests to a specific portal.

C.

They can block DNS requests to known botnet command and control servers.

D.

They must be applied in firewall policies with SSL inspection enabled.

Question 3

An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)

Options:

A.

Configure split tunneling for content inspection.

B.

Configure host restrictions by IP or MAC address.

C.

Configure two-factor authentication using security certificates.

D.

Configure SSL offloading to a content processor (FortiASIC).

E.

Configure a client integrity check (host-check).

Question 4

View the exhibit. Which of the following statements is true regarding the configuration settings?

Response:

Options:

A.

When a remote user accesses https://10.200.1.1:443, the FortiGate login page appears.

B.

When a remote user accesses https://10.200.1.1:443, the FortiGate login page appears.

C.

When a remote user accesses http: //10.200.1.1 :443, the FortiGate login page appears.

D.

When a remote user accesses http: /110.200.1.1:443, the SSL VPN login page appears.

E.

The settings are invalid. The administrator settings and the SSL VPN settings cannot use the same port.

Question 5

Examine the routing database shown in the exhibit, and then answer the following question:

Which of the following statements are correct? (Choose two.)

Options:

A.

The port3 default route has the highest distance.

B.

The port3 default route has the lowest metric.

C.

There will be eight routes active in the routing table.

D.

The port1 and port2 default routes are active in the routing table.

Question 6

HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could resolve this problem? (Choose two.)

Options:

A.

Enable Allow Invalid SSL Certificates for the relevant security profile.

B.

Change web browsers to one that does not support HPKP.

C.

Exempt those web sites that use HPKP from full SSL inspection.

D.

Install the CA certificate (that is required to verify the web server certificate) stores of users’ computers.

Question 7

Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

What are the expected actions if traffic matches this IPS sensor? (Choose two.)

Options:

A.

The sensor will gather a packet log for all matched traffic.

B.

The sensor will not block attackers matching the A32S.Botnet signature.

C.

The sensor will block all attacks for Windows servers.

D.

The sensor will reset all connections that match these signatures.

Question 8

Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

Options:

A.

If the DHCP method fails, browsers will try the DNS method.

B.

The browser needs to be preconfigured with the DHCP server’s IP address.

C.

The browser sends a DHCPONFORM request to the DHCP server.

D.

The DHCP server provides the PAC file for download.

Question 9

An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?

Options:

A.

FortiGate needs to be switched to NGFW mode.

B.

Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.

C.

Proxy options are no longer available starting in FortiOS 5.6.

D.

FortiGate is in flow-based inspection mode.

Question 10

View the certificate shown to the exhibit, and then answer the following question:

The CA issued this certificate to which entity?

Options:

A.

A root CA

B.

A person

C.

A bridge CA

D.

A subordinate CA

Question 11

Which statements about HA for FortiGate devices are true? (Choose two.)

Options:

A.

Sessions handled by proxy-based security profiles cannot be synchronized.

B.

Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.

C.

HA management interface settings are synchronized between cluster members.

D.

Heartbeat interfaces are not required on the primary device.

Question 12

Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

Options:

A.

It is allowed, but with no inspection

B.

It is allowed and inspected as long as the inspection is flow based

C.

It is dropped.

D.

It is allowed and inspected, as long as the only inspection required is antivirus.

Question 13

View the exhibit.

A user behind the FortiGate is trying to go to (Addicting Games). Based on this configuration, which statement is true?

Options:

A.

Addicting.Games is allowed based on the Application Overrides configuration.

B.

Addicting.Games is blocked on the Filter Overrides configuration.

C.

Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D.

Addcting.Games is allowed based on the Categories configuration.

Question 14

An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Options:

A.

A phase 2 configuration is not required.

B.

This VPN cannot be used as part of a hub-and-spoke topology.

C.

A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

D.

The IPsec firewall policies must be placed at the top of the list.

Question 15

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides

(client and server) have terminated the session?

Options:

A.

To remove the NAT operation.

B.

To generate logs

C.

To finish any inspection operations.

D.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Question 16

How do you format the FortiGate flash disk?

Options:

A.

Load a debug FortiOS image.

B.

Load the hardware test (HQIP) image.

C.

Execute the CLI command execute formatlogdisk.

D.

Select the format boot device option from the BIOS menu.

Question 17

Refer to the exhibit.

The exhibits show a network diagram and the explicit web proxy configuration.

In the command diagnose sniffer packet, what filter can you use to capture the traffic between the

client and the explicit web proxy?

Options:

A.

‘host 192.168.0.2 and port 8080’

B.

‘host 10.0.0.50 and port 80’

C.

‘host 192.168.0.1 and port 80’

D.

‘host 10.0.0.50 and port 8080’

Question 18

A team manager has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effective option to support this request?

Options:

A.

Implement a web filter category override for the specified website.

B.

Implement web filter authentication for the specified website

C.

Implement web filter quotas for the specified website.

D.

Implement DNS filter for the specified website.

Question 19

You have tasked to design a new IPsec deployment with the following criteria:

* All satellite offices must connect to the two HQ sites.

* The satellite offices do not need to communicate directly with other satellite offices.

* Backup VPN is not required.

* The design should minimize the number of tunnels being configured.

Which topology should be used to satisfy all of the requirements?

Options:

A.

Partial mesh

B.

Hub-and-spoke

C.

Fully meshed

D.

Redundant

Question 20

Which of the following static routes are not maintained in the routing table?

Options:

A.

Named Address routes

B.

Dynamic routes

C.

ISDB routes

D.

Policy routes

Question 21

Refer to the exhibit.

The exhibits show the firewall policies and the objects used in the firewall policies. The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.

Based on the input criteria, which of the following will be highlighted?

Options:

A.

The policy with ID 1

B.

The policy with ID 5

C.

The policies with ID 2 and 3

D.

The policy with ID 4

Exam Detail
Vendor: Fortinet
Certification: Fortinet Other Certification
Exam Code: NSE4_FGT-6.2
Exam Name: Fortinet NSE 4 - FortiOS 6.2
Last Update: Dec 21, 2024
NSE4_FGT-6.2 Question Answers
Page: 1 / 5
Total 140 questions
Get NSE4_FGT-6.2 Full Access Download NSE4_FGT-6.2 PDF