NSE4_FGT-6.2 Guide

Certified NSE4_FGT-6.2 Prep 2021

Exam Code: NSE4_FGT-6.2 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet NSE 4 - FortiOS 6.2
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4_FGT-6.2 Exam.

Check NSE4_FGT-6.2 free dumps before getting the full version:

NEW QUESTION 1
When using WPAD DNS method, which FQDN format do browsers use to query the DNS server?

  • A. srv_proxy.<local-domain>/wpad.dat
  • B. srv_tcp.wpad.<local-domain>
  • C. wpad.<local-domain>
  • D. proxy.<local-domain>.wpad

Answer: C

Explanation:
https://help.fortinet.com/fortiproxy/11/Content/Admin%20Guides/FPX-AdminGuide/600_Objects/607_Web-pr

NEW QUESTION 2
Which statement is true regarding SSL VPN timers? (Choose two.)

  • A. Allow to mitigate DoS attacks from partial HTTP requests.
  • B. SSL VPN settings do not have customizable timers.
  • C. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
  • D. Prevent SSL VPN users from being logged out because of high network latency.

Answer: AD

NEW QUESTION 3
Which statements correctly describe transparent mode operation? (Choose three.)

  • A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
  • B. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
  • C. The transparent FortiGate is visible to network hosts in an IP traceroute.
  • D. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • E. FortiGate acts as transparent bridge and forwards traffic at Layer 2.

Answer: BDE

NEW QUESTION 4
Examine the routing database shown in the exhibit, and then answer the following question:
NSE4_FGT-6.2 dumps exhibit
Which of the following statements are correct? (Choose two.)

  • A. The port3 default route has the highest distance.
  • B. The port3 default route has the lowest metric.
  • C. There will be eight routes active in the routing table.
  • D. The port1 and port2 default routes are active in the routing table.

Answer: AD

NEW QUESTION 5
What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

  • A. Services defined in the firewall policy.
  • B. Incoming and outgoing interfaces
  • C. Highest to lowest priority defined in the firewall policy.
  • D. Lowest to highest policy ID number.

Answer: AB

NEW QUESTION 6
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

  • A. remote user’s public IP address
  • B. The public IP address of the FortiGate device.
  • C. The remote user’s virtual IP address.
  • D. The internal IP address of the FortiGate device.

Answer: D

Explanation:
Source IP seen by the remote resources is FortiGate’s internal IP address and not the user’s IP address

NEW QUESTION 7
Examine the exhibit, which shows the output of a web filtering real time debug.
NSE4_FGT-6.2 dumps exhibit
Why is the site www.bing.com being blocked?

  • A. The web site www.bing.com is categorized by FortiGuard as Malicious Websites.
  • B. The user has not authenticated with the FortiGate yet.
  • C. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.
  • D. The rating for the web site www.bing.com has been locally overridden to a category that is being blocked.

Answer: D

NEW QUESTION 8
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

  • A. Include the group of guest users in a policy.
  • B. Extend timeout timers.
  • C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
  • D. Ensure all firewalls allow the FSSO required ports.

Answer: AD

NEW QUESTION 9
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.
NSE4_FGT-6.2 dumps exhibit
When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

  • A. SMTP.Login.Brute.Force
  • B. IMAP.Login.brute.Force
  • C. ip_src_session
  • D. Location: server Protocol: SMTP

Answer: B

NEW QUESTION 10
An administrator wants to create a policy-based IPsec VPN tunnel betweeb two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)

  • A. Define the phase 1 parameters, without enabling IPsec interface mode
  • B. Define the phase 2 parameters.
  • C. Set the phase 2 encapsulation method to transport mode
  • D. Define at least one firewall policy, with the action set to IPsec.
  • E. Define a route to the remote network over the IPsec tunnel.

Answer: ABD

Explanation:
A) FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf —> “Enable to reate route-based. Disable to create policy-based.”
B)
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/Defining_VPN_Policies/Defin
—> “Specify the Phase 2 parameters”
D) FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf —> “In a policy-based configuration, only one firewall policy with the action IPsec is usually requerid”

NEW QUESTION 11
Which statement about FortiGuard services for FortiGate is true?

  • A. The web filtering database is downloaded locally on FortiGate.
  • B. Antivirus signatures are downloaded locally on FortiGate.
  • C. FortiGate downloads IPS updates using UDP port 53 or 8888.
  • D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.

Answer: B

NEW QUESTION 12
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

  • A. Lookup is done on the first packet from the session originator
  • B. Lookup is done on the last packet sent from the responder
  • C. Lookup is done on every packet, regardless of direction
  • D. Lookup is done on the trust reply packet from the responder

Answer: AB

NEW QUESTION 13
Which statement about the IP authentication header (AH) used by IPsec is true?

  • A. AH does not provide any data integrity or encryption.
  • B. AH does not support perfect forward secrecy.
  • C. AH provides data integrity bur no encryption.
  • D. AH provides strong data integrity but weak encryption.

Answer: C

NEW QUESTION 14
An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

  • A. Implement firewall authentication for all users that need access to fortinet.com.
  • B. Manually install the FortiGate deep inspection certificate as a trusted CA.
  • C. Configure fortinet.com access to bypass the IPS engine.
  • D. Configure an SSL-inspection exemption for fortinet.com.

Answer: AD

NEW QUESTION 15
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

  • A. By default, FortiGate uses WINS servers to resolve names.
  • B. By default, the SSL VPN portal requires the installation of a client’s certificate.
  • C. By default, split tunneling is enabled.
  • D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.

Answer: D

NEW QUESTION 16
An administrator has configured the following settings:
NSE4_FGT-6.2 dumps exhibit
What does the configuration do? (Choose two.)

  • A. Reduces the amount of logs generated by denied traffic.
  • B. Enforces device detection on all interfaces for 30 minutes.
  • C. Blocks denied users for 30 minutes.
  • D. Creates a session for traffic being denied.

Answer: AD

NEW QUESTION 17
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

  • A. Traffic to botnetservers
  • B. Traffic to inappropriate web sites
  • C. Server information disclosure attacks
  • D. Credit card data leaks
  • E. SQL injection attacks

Answer: ACE

NEW QUESTION 18
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.
NSE4_FGT-6.2 dumps exhibit
Where must the proxy address be used?

  • A. As the source in a firewall policy.
  • B. As the source in a proxy policy.
  • C. As the destination in a firewall policy.
  • D. As the destination in a proxy policy.

Answer: B

NEW QUESTION 19
View the exhibit.
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
What does this raw log indicate? (Choose two.)

  • A. FortiGate blocked the traffic.
  • B. type indicates that a security event was recorded.
  • C. 10.0.1.20 is the IP address for lavito.tk.
  • D. policyid indicates that traffic went through the IPS firewall policy.

Answer: AB

NEW QUESTION 20
Examine this output from a debug flow:
NSE4_FGT-6.2 dumps exhibit
Why did the FortiGate drop the packet?

  • A. The next-hop IP address is unreachable.
  • B. It failed the RPF check.
  • C. It matched an explicitly configured firewall policy with the action DENY.
  • D. It matched the default implicit firewall policy.

Answer: D

NEW QUESTION 21
Which statement is true regarding the policy ID number of a firewall policy?

  • A. Defines the order in which rules are processed.
  • B. Represents the number of objects used in the firewall policy.
  • C. Required to modify a firewall policy using the CLI.
  • D. Changes when firewall policies are reordered.

Answer: C

NEW QUESTION 22
View the exhibit.
NSE4_FGT-6.2 dumps exhibit
Based on this output, which statements are correct? (Choose two.)

  • A. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
  • B. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
  • C. The global configuration is synchronized between the primary and secondary FortiGate devices.
  • D. The FortiGate devices have three VDOMs.

Answer: BC

NEW QUESTION 23
......

P.S. Easily pass NSE4_FGT-6.2 Exam with 129 Q&As Simply pass Dumps & pdf Version, Welcome to Download the Newest Simply pass NSE4_FGT-6.2 Dumps: https://www.simply-pass.com/Fortinet-exam/NSE4_FGT-6.2-dumps.html (129 New Questions)


To know more about the NSE4_FGT-6.2, click here.

Tagged as : Fortinet NSE4_FGT-6.2 Dumps, Download NSE4_FGT-6.2 pdf, NSE4_FGT-6.2 VCE, NSE4_FGT-6.2 pass4sure, examcollection NSE4_FGT-6.2