NSE4_FGT-6.2 Exam Questions
102 real NSE4_FGT-6.2 exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1
Examine the FortiGate configuration: config user settings set auth-on-demand implicitly end What will happen to unauthenticated users when an active authentication policy is follow...
- Question #2
Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?
- Question #3
When using WPAD DNS method, which FQDN format do browsers use to query the DNS server?
- Question #4
Consider a new IPsec deployment with the following criteria: - The satellite offices do not have a dedicated IPsec device. - The satellite offices do not need to communicate direct...
- Question #5
Refer to the exhibit. You are configuring the root FortiGate to implement the Security Fabric. You are configuring port10 to communicate with a downstream FortiGate. The exhibit sh...
- Question #7
Refer to the exhibit. A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used, at the same time, for all t...
- Question #8
On a FortiGate with a hard disk, how frequently can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)
- Question #9
Refer to the exhibit. Given the partial output of an IKE real-time debug shown in the exhibit, which statement about the output is true?
- Question #10
An administrator needs to create an SSL VPN connection for accessing an internal server using the bookmark, Port Forward. Which step must the administrator take to successfully ach...
- Question #12
Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
- Question #13
Examine this PAC file configuration. ``` function FindProxyForURL(url, host) { if (shExpMatch(url, "*.fortinet.com/*")) { return "DIRECT"; } else if (isInNet(host, "172.25.120.0",...
- Question #14
Which two statements correctly describe auto discovery VPN (ADVPN)? (Choose two.)
- Question #15
To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?
- Question #16
If the Issuer and Subject values are the same in a digital certificate, to which type of entity was the certificate issued?
- Question #17
Examine the output from a debug flow: ``` id=20085 trace_id=1 func=print_pkt_detail line=5363 msg="vd-root received a packet (proto=1, 10.0.1.10:1->10.200.1.254:2048)" from port3,...
- Question #18
An administrator has configured the following settings: ``` config system settings set ssl-ssh-profile deep-inspection end config system global set block-session-timer 30 end ``` W...
- Question #19
Refer to the exhibit. ``` date=2023-08-31 time=12:50:06 logid=0316013057 type=utm subtype=webfilter eventtype=ftgd_wfl level=warning vd=root policyid=1 sessionid=149645 users="" sr...
- Question #20
Which two statements about firewall policy NAT using the outgoing interface IP address with fixed port disabled are true? (Choose two.)
- Question #21
Which two actions are valid for a FortiGuard category-based filter, in a web filter profile, for a firewall policy in proxy-based inspection mode? (Choose two.)
- Question #22
An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?
- Question #23
When the inhibition of using a URL list and application control on the same firewall policy, in NGFW policy-based mode? Which statement about the scope of application control to sc...
- Question #24
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local qui...
- Question #25
Refer to the exhibits. The exhibits show the IPS sensor and DoS policy configuration. When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?
- Question #26
Which two of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
- Question #27
Given the FortiGate interfaces shown in the exhibit, which two statements about the FortiGate interfaces configuration in the exhibit are true? (Choose two.)
- Question #28
When attempting to an internal web server using a web-mode SSL VPN, bookmark, which IP address is used as the source of the HTTP request?
- Question #29
An administrator observes that the port1 interface cannot be configured with an IP address. What are three possible reasons for this? (Choose three.)
- Question #30
Refer to the exhibits. The exhibits contain a network diagram and virtual IP and firewall policy configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN...
- Question #31
Which statement about SSL VPN settings for an SSL VPN portal is true?
- Question #32
Which option accurately describes how FortiGate will handle these two routes to the same destination?
- Question #33
An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt, or not. What is a possible reaso...
- Question #34
Which SD-WAN load balancing methods use interface weight value to distribute traffic?
- Question #35
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
- Question #36
Which two of the following are purposes of NAT traversal in IPsec? (Choose two.)
- Question #37
Which two of the following statements correctly describes FortiGate route lookup behavior when searching for a suitable gateway? (Choose two)
- Question #38
Which two of the following statements about central NAT are true? (Choose two.)
- Question #39
An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices Which configuration steps must be performed on both devices to support this scenario?...
- Question #40
Which two of the following statements about NTLM authentication are correct? (Choose two.)
- Question #41
The CA issued this certificate to which entity?
- Question #42
You are tasked to design a new IPsec deployment with the following criteria: * There are two HQ sites that all satellite offices must connect to. * The satellite offices do not nee...
- Question #43
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
- Question #44
Which of the following conditions roust be met in order for a web browser to trust a web server certificate signed by a third-party CA?
- Question #45
Which statement about DLP on FortiGate is true?
- Question #46
What FortiGate configuration is required to actively prompt users for credentials?
- Question #48
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)
- Question #49
What is a requirement for creating an inter-VDOM link between two VDOMs?
- Question #50
What FortiGate components are tested during the hardware test? (Choose three.)
- Question #51
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
- Question #52
NGFW mode allows policy-based configured for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?
- Question #53
The Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?