Exam Details
Exam Code
:NSE4_FGT-6.2Exam Name
:Fortinet NSE 4 - FortiOS 6.2Certification
:Fortinet CertificationsVendor
:FortinetTotal Questions
:142 Q&AsLast Updated
:Jul 10, 2023
Fortinet Fortinet Certifications NSE4_FGT-6.2 Questions & Answers
-
Question 101:
Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?
A. It always authorizes the traffic without requiring authentication.
B. It drops the traffic.
C. It authenticates the traffic using the authentication scheme SCHEME2.
D. It authenticates the traffic using the authentication scheme SCHEME1.
-
Question 102:
An employee connects to the https://example.com on the Internet using a web browser. The web server's certificate was signed by a private internal CA. The FortiGate that is inspecting this traffic is configured for full SSL inspection.
This exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the policy that is invoked in this instance. All other settings are set to defaults. No certificates have been imported into FortiGate. View the exhibit and answer the question that follows.
Which certificate is presented to the employee's web browser?
A. The web server's certificate.
B. The user's personal certificate signed by a private internal CA.
C. A certificate signed by Fortinet_CA_SSL.
D. A certificate signed by Fortinet_CA_Untrusted.
-
Question 103:
Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)
A. They can be configured in both NAT/Route and transparent operation modes.
B. They support L2TP-over-IPsec.
C. They require two firewall policies: one for each directions of traffic flow.
D. They support GRE-over-IPsec.
-
Question 104:
View the exhibit:
The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:
What should be done next to troubleshoot the problem?
A. Run a sniffer in the web server.
B. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
C. Capture the traffic using an external sniffer connected to port1.
D. Execute a debug flow.
-
Question 105:
Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?
A. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
B. FortiGate is able to handle NATed connections only in aggressive mode.
C. FortiClient only supports aggressive mode.
D. Main mode does not support XAuth for user authentication.
-
Question 106:
Examine this output from a debug flow:
Why did the FortiGate drop the packet?
A. The next-hop IP address is unreachable.
B. It failed the RPF check.
C. It matched an explicitly configured firewall policy with the action DENY.
D. It matched the default implicit firewall policy.
-
Question 107:
NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?
A. Web filtering
B. Antivirus
C. Web proxy
D. Application control
-
Question 108:
During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?
A. Authentication.
B. Data integrity.
C. Non-repudiation.
D. Signature verification.
-
Question 109:
An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?
A. tcp_port_scan
B. ip_dst_session
C. udp_flood
D. ip_src_session
-
Question 110:
Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:
An administrator has added the following static route on FGTI.
Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?
A. The new route's destination subnet overlaps an existing route.
B. The new route's Distance value should be higher than 10.
C. The Gateway IP address is not in the same subnet as port1.
D. The Priority is 0, which means that this route will remain inactive.
Related Exams:
FCP_FAZ_AD-7.4
FCP - FortiAnalyzer 7.4 AdministratorFCP_FGT_AD-7.4
FCP - FortiGate 7.4 AdministratorFCP_FGT_AD-7.6
FortiGate 7.6 Administrator FCP_FGT_AD-7.6FCP_WCS_AD-7.4
FCP - AWS Cloud Security 7.4 AdministratorFCSS_EFW_AD-7.4
FCSS - Enterprise Firewall 7.4 AdministratorFCSS_NST_SE-7.4
FCSS - Network Security 7.4 Support EngineerFCSS_SASE_AD-24
FCSS - FortiSASE 24 AdministratorNSE4_FGT-5.6
Fortinet NSE 4 - FortiOS 5.6NSE4_FGT-6.0
Fortinet NSE 4 - FortiOS 6.0NSE4_FGT-6.4
Fortinet NSE 4 - FortiOS 6.4
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.