Exam Code: NSE4_FGT-6.2 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet NSE 4 - FortiOS 6.2
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4_FGT-6.2 Exam.
Check NSE4_FGT-6.2 free dumps before getting the full version:
NEW QUESTION 1
When using WPAD DNS method, which FQDN format do browsers use to query the DNS server?
- A. srv_proxy.<local-domain>/wpad.dat
- B. srv_tcp.wpad.<local-domain>
- C. wpad.<local-domain>
- D. proxy.<local-domain>.wpad
Answer: C
Explanation:
https://help.fortinet.com/fortiproxy/11/Content/Admin%20Guides/FPX-AdminGuide/600_Objects/607_Web-pr
NEW QUESTION 2
Which statement is true regarding SSL VPN timers? (Choose two.)
- A. Allow to mitigate DoS attacks from partial HTTP requests.
- B. SSL VPN settings do not have customizable timers.
- C. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
- D. Prevent SSL VPN users from being logged out because of high network latency.
Answer: AD
NEW QUESTION 3
Which statements correctly describe transparent mode operation? (Choose three.)
- A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
- B. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
- C. The transparent FortiGate is visible to network hosts in an IP traceroute.
- D. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
- E. FortiGate acts as transparent bridge and forwards traffic at Layer 2.
Answer: BDE
NEW QUESTION 4
Examine the routing database shown in the exhibit, and then answer the following question:
Which of the following statements are correct? (Choose two.)
- A. The port3 default route has the highest distance.
- B. The port3 default route has the lowest metric.
- C. There will be eight routes active in the routing table.
- D. The port1 and port2 default routes are active in the routing table.
Answer: AD
NEW QUESTION 5
What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)
- A. Services defined in the firewall policy.
- B. Incoming and outgoing interfaces
- C. Highest to lowest priority defined in the firewall policy.
- D. Lowest to highest policy ID number.
Answer: AB
NEW QUESTION 6
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
- A. remote user’s public IP address
- B. The public IP address of the FortiGate device.
- C. The remote user’s virtual IP address.
- D. The internal IP address of the FortiGate device.
Answer: D
Explanation:
Source IP seen by the remote resources is FortiGate’s internal IP address and not the user’s IP address
NEW QUESTION 7
Examine the exhibit, which shows the output of a web filtering real time debug.
Why is the site www.bing.com being blocked?
- A. The web site www.bing.com is categorized by FortiGuard as Malicious Websites.
- B. The user has not authenticated with the FortiGate yet.
- C. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.
- D. The rating for the web site www.bing.com has been locally overridden to a category that is being blocked.
Answer: D
NEW QUESTION 8
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)
- A. Include the group of guest users in a policy.
- B. Extend timeout timers.
- C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
- D. Ensure all firewalls allow the FSSO required ports.
Answer: AD
NEW QUESTION 9
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.
When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?
- A. SMTP.Login.Brute.Force
- B. IMAP.Login.brute.Force
- C. ip_src_session
- D. Location: server Protocol: SMTP
Answer: B
NEW QUESTION 10
An administrator wants to create a policy-based IPsec VPN tunnel betweeb two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)
- A. Define the phase 1 parameters, without enabling IPsec interface mode
- B. Define the phase 2 parameters.
- C. Set the phase 2 encapsulation method to transport mode
- D. Define at least one firewall policy, with the action set to IPsec.
- E. Define a route to the remote network over the IPsec tunnel.
Answer: ABD
Explanation:
A) FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf —> “Enable to reate route-based. Disable to create policy-based.”
B)
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/Defining_VPN_Policies/Defin
—> “Specify the Phase 2 parameters”
D) FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf —> “In a policy-based configuration, only one firewall policy with the action IPsec is usually requerid”
NEW QUESTION 11
Which statement about FortiGuard services for FortiGate is true?
- A. The web filtering database is downloaded locally on FortiGate.
- B. Antivirus signatures are downloaded locally on FortiGate.
- C. FortiGate downloads IPS updates using UDP port 53 or 8888.
- D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
Answer: B
NEW QUESTION 12
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
- A. Lookup is done on the first packet from the session originator
- B. Lookup is done on the last packet sent from the responder
- C. Lookup is done on every packet, regardless of direction
- D. Lookup is done on the trust reply packet from the responder
Answer: AB
NEW QUESTION 13
Which statement about the IP authentication header (AH) used by IPsec is true?
- A. AH does not provide any data integrity or encryption.
- B. AH does not support perfect forward secrecy.
- C. AH provides data integrity bur no encryption.
- D. AH provides strong data integrity but weak encryption.
Answer: C
NEW QUESTION 14
An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)
- A. Implement firewall authentication for all users that need access to fortinet.com.
- B. Manually install the FortiGate deep inspection certificate as a trusted CA.
- C. Configure fortinet.com access to bypass the IPS engine.
- D. Configure an SSL-inspection exemption for fortinet.com.
Answer: AD
NEW QUESTION 15
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
- A. By default, FortiGate uses WINS servers to resolve names.
- B. By default, the SSL VPN portal requires the installation of a client’s certificate.
- C. By default, split tunneling is enabled.
- D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.
Answer: D
NEW QUESTION 16
An administrator has configured the following settings:
What does the configuration do? (Choose two.)
- A. Reduces the amount of logs generated by denied traffic.
- B. Enforces device detection on all interfaces for 30 minutes.
- C. Blocks denied users for 30 minutes.
- D. Creates a session for traffic being denied.
Answer: AD
NEW QUESTION 17
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
- A. Traffic to botnetservers
- B. Traffic to inappropriate web sites
- C. Server information disclosure attacks
- D. Credit card data leaks
- E. SQL injection attacks
Answer: ACE
NEW QUESTION 18
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.
Where must the proxy address be used?
- A. As the source in a firewall policy.
- B. As the source in a proxy policy.
- C. As the destination in a firewall policy.
- D. As the destination in a proxy policy.
Answer: B
NEW QUESTION 19
View the exhibit.
What does this raw log indicate? (Choose two.)
- A. FortiGate blocked the traffic.
- B. type indicates that a security event was recorded.
- C. 10.0.1.20 is the IP address for lavito.tk.
- D. policyid indicates that traffic went through the IPS firewall policy.
Answer: AB
NEW QUESTION 20
Examine this output from a debug flow:
Why did the FortiGate drop the packet?
- A. The next-hop IP address is unreachable.
- B. It failed the RPF check.
- C. It matched an explicitly configured firewall policy with the action DENY.
- D. It matched the default implicit firewall policy.
Answer: D
NEW QUESTION 21
Which statement is true regarding the policy ID number of a firewall policy?
- A. Defines the order in which rules are processed.
- B. Represents the number of objects used in the firewall policy.
- C. Required to modify a firewall policy using the CLI.
- D. Changes when firewall policies are reordered.
Answer: C
NEW QUESTION 22
View the exhibit.
Based on this output, which statements are correct? (Choose two.)
- A. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
- B. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
- C. The global configuration is synchronized between the primary and secondary FortiGate devices.
- D. The FortiGate devices have three VDOMs.
Answer: BC
P.S. Easily pass NSE4_FGT-6.2 Exam with 129 Q&As Simply pass Dumps & pdf Version, Welcome to Download the Newest Simply pass NSE4_FGT-6.2 Dumps: https://www.simply-pass.com/Fortinet-exam/NSE4_FGT-6.2-dumps.html (129 New Questions)