NSE4_FGT-6.2 Exam Questions

What filter can be used to the command diagnose sniffer packet to capture the traffic between the client and the explicit web proxy?

View the exhibit. VDOM1 is operating in transparent mode VDOM2 is operating in NAT Route mode. There is an inter- VDOM link between both VDOMs. A client workstation with the IP add...

Which of the following statements are correct? (Choose two.)

What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

Which of the following static routes are not maintained in the routing table? (Choose two.)

Which statements about virtual domains (VDOMs) are true? (Choose two.)

An administrator wants to configure a FortiGate as a DNS server FortiGate must use DNS database first, and then relay all irresolvable queries to an external DNS server. Which of t...

What files are sent to FortiSandbox for inspection in flow-based inspection mode?

Which statements about a One-to-One IP pool are true? (Choose two.)

A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for each group. What is requi...

An administrator is investigating a report of users having intermittent issues with browsing the web. The administrator ran diagnostics and received the output shown in the exhibit...

An administrator has configured central DNAT and virtual IPs. Which of the following can be selected in the firewall policy Destination field?

An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)

Which statement about FortiGuard services for FortiGate is true?

Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.)

View the exhibit. Based on this output, which statements are correct? (Choose two.)

What statement is true regarding the policy ID number of a firewall policy?

An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose. Where must the proxy address be used?

Which statement is true regarding SSL VPN timers? (Choose two.)

An administrator has configured two VLAN interfaces: config system interface edit "VLAN10" set vdom "VDOM1" set forward-domain 100 set role lan set interface "port9" set vlanid 10...

HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could help resolve this problem? (Choose two.)

View the exhibit. What does this raw log indicate? (Choose two.)

Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

Examine the routing table shown in the exhibit, and then answer the following question: Which of the following statements are correct? (Choose two.)

If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?

An administrator is running the following sniffer command: `diagnose sniffer packet any 'host 10.0.2.10' 3` What information will be included in the sniffer output? (Choose three.)

Which of the following statements about the FSSO collector agent timers is true?

A FortiGate has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?

Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-based?

By default, when logging to disk, when does FortiGate delete logs?

Examine the exhibit, which contains a session diagnostic output. Which of the following statements about the session diagnostic output is true?

Examine the exhibit, which shows the output of a web filtering real time debug.

View the exhibit: Which of the following statements are true?

Examine the network diagram shown in the exhibit, then answer the following question: Which one of the following routes is the best candidate route for FGTI1 to route traffic from...

An administrator has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effect...

Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

Which statements about antivirus scanning mode are true? (Choose two.)

In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session and the correspo...

An administrator has configured the following settings: `config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end` What does the...

The chunk-size explanation is flushed when the chunk-size value is changed in the config dlp settings?

What is the correct description of a hash result as it relates to digital certificates?

Examine this FortiGate configuration: config system global set av-failopen pass end Examine the output of the following debug command: # diagnose hardware sysinfo conserve memory c...

Which of the following statements describe FortiGates routelab lookup behavior when searching for a suitable gateway? (Choose two)

Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?

Which of the following services can be inspected by the DLP profile? (Choose three.)

Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

Which statements about DNS filter profiles are true? (Choose two.)

An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?

When configuring the root FortiGate to communicate with a downstream FortiGate, which two settings must you configure? (Choose two.)