1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE 4 - FortiOS 6.2

Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet Fortinet Certifications NSE4_FGT-6.2 Questions & Answers

  • Question 91:

    If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

    A. A CRL

    B. A person

    C. A subordinate CA

    D. A root CA

  • Question 92:

    Examine the exhibit, which shows the partial output of an IKE real-time debug.

    Which of the following statement about the output is true?

    A. The VPN is configured to use pre-shared key authentication.

    B. Extended authentication (XAuth) was successful.

    C. Remote is the host name of the remote IPsec peer.

    D. Phase 1 went down.

  • Question 93:

    An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

    A. A phase 2 configuration is not required.

    B. This VPN cannot be used as part of a hub-and-spoke topology.

    C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

    D. The IPsec firewall policies must be placed at the top of the list.

  • Question 94:

    An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?

    A. FortiGate needs to be switched to NGFW mode.

    B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.

    C. Proxy options are no longer available starting in FortiOS 5.6.

    D. FortiGate is in flow-based inspection mode.

  • Question 95:

    Which statements about HA for FortiGate devices are true? (Choose two.)

    A. Sessions handled by proxy-based security profiles cannot be synchronized.

    B. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.

    C. HA management interface settings are synchronized between cluster members.

    D. Heartbeat interfaces are not required on the primary device.

  • Question 96:

    Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

    What are the expected actions if traffic matches this IPS sensor? (Choose two.)

    A. The sensor will gather a packet log for all matched traffic.

    B. The sensor will not block attackers matching the A32S.Botnet signature.

    C. The sensor will block all attacks for Windows servers.

    D. The sensor will reset all connections that match these signatures.

  • Question 97:

    How can you block or allow to Twitter using a firewall policy?

    A. Configure the Destination field as Internet Service objects for Twitter.

    B. Configure the Action field as Learn and select Twitter.

    C. Configure the Service field as Internet Service objects for Twitter.

    D. Configure the Source field as Internet Service objects for Twitter.

  • Question 98:

    When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

    A. Connected monitored ports > HA uptime > priority > serial number

    B. Priority > Connected monitored ports > HA uptime > serial number

    C. Connected monitored ports > priority > HA uptime > serial number

    D. HA uptime > priority > Connected monitored ports > serial number

  • Question 99:

    Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

    A. Include the group of guest users in a policy.

    B. Extend timeout timers.

    C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.

    D. Ensure all firewalls allow the FSSO required ports.

  • Question 100:

    Examine the exhibit, which shows the output of a web filtering real time debug.

    Why is the site www.bing.com being blocked?

    A. The web site www.bing.com is categorized by FortiGuard as Malicious Websites.

    B. The user has not authenticated with the FortiGate yet.

    C. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.

    D. The rating for the web site www.bing.com has been locally overridden to a category that is being blocked.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.