Fortinet NSE4 NSE4_FGT-6.2 Questions & Answers

• Question 1:

  Which statement about the policy ID number of a firewall policy is true?

  A. It is required to modify a firewall policy using the CLI.

  B. It represents the number of objects used in the firewall policy.

  C. It changes when firewall policies are reordered.

  D. It defines the order in which rules are processed.

  Correct Answer: A

• Question 2:

  Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

  A. Subject Key Identifier value

  B. SMMIE Capabilities value

  C. Subject value

  D. Subject Alternative Name value

  Correct Answer: C

• Question 3:

  To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

  A. FortiManager

  B. Root FortiGate

  C. FortiAnalyzer

  D. Downstream FortiGate

  Correct Answer: B

• Question 4:

  Which two actions are valid for a FortiGuard category-based filter, in a web filter profile, for a firewall policy in proxy-based inspection mode? (Choose two.)

  A. Learn

  B. Exempt

  C. Allow

  D. Warning

  Correct Answer: BC

• Question 5:

  Refer to the exhibit.

  

  A user located behind the FortiGate device is trying to go to http://www.addictinggames.com (Addicting.Games). The exhibit shows the application detains and application control profile.

  Based on this configuration, which statement is true?

  A. Addicting.Games will be blocked, based on the Filter Overrides configuration.

  B. Addicting.Games will be allowed only if the Filter Overrides action is set to Learn.

  C. Addicting.Games will be allowed, based on the Categories configuration.

  D. Addicting.Games will be allowed, based on the Application Overrides configuration.

  Correct Answer: D

• Question 6:

  Which two static routes are not maintained in the routing table? (Choose two.)

  A. Dynamic routes

  B. Policy routes

  C. Named Address routes

  D. ISDB routes

  Correct Answer: CD

  Reference: https://help.fortinet.com/fadc/4-8-0/olh/Content/FortiADC/handbook/routing_static.htm

• Question 7:

  Which two statements about NTLM authentication are correct? (Choose two.)

  A. It requires DC agents on every domain controller when used in multidomain environments.

  B. It is useful when users log in to DCs that are not monitored by a collector agent.

  C. It requires NTLM-enabled web browsers.

  D. It takes over as the primary authentication method when configured alongside FSSO.

  Correct Answer: BC

  Reference: https://www.fortinetguru.com/2016/07/configuring-authenticated-access/12/

• Question 8:

  Consider a new IPsec deployment with the following criteria:

  All satellite offices must connect to the two HQ sites.

  The satellite offices do not need to communicate directly with other satellite offices.

  Backup VPN is not required.

  The design should minimize the number of tunnels being configured.

  Which topology should you use to satisfy all of the requirements?

  A. Partial mesh

  B. Redundant

  C. Full mesh

  D. Hub-and-spoke

  Correct Answer: D

• Question 9:

  A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not.

  Which configuration option is the most effective way to support this request?

  A. Implement web filter authentication for the specified website.

  B. Implement a web filter category override for the specified website.

  C. Implement DNS filter for the specified website.

  D. Implement web filter quotas for the specified website.

  Correct Answer: B

• Question 10:

  What three FortiGate components are tested during the hardware test? (Choose three.)

  A. CPU

  B. Administrative access

  C. HA heartbeat

  D. Hard disk

  E. Network interfaces

  Correct Answer: ADE