1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE 4 - FortiOS 6.2

Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet Fortinet Certifications NSE4_FGT-6.2 Questions & Answers

  • Question 111:

    Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

    A. Firewall service

    B. User or user group

    C. IP Pool

    D. FQDN address

  • Question 112:

    View the exhibit.

    Which users and user groups are allowed access to the network through captive portal?

    A. Users and groups defined in the firewall policy.

    B. Only individual users ?not groups ?defined in the captive portal configuration

    C. Groups defined in the captive portal configuration

    D. All users

  • Question 113:

    View the exhibit.

    Why is the administrator getting the error shown in the exhibit?

    A. The administrator must first enter the command edit global.

    B. The administrator admin does not have the privileges required to configure global settings.

    C. The global settings cannot be configured from the root VDOM context.

    D. The command config system global does not exist in FortiGate.

  • Question 114:

    How does FortiGate select the central SNAT policy that is applied to a TCP session?

    A. It selects the SNAT policy specified in the configuration of the outgoing interface.

    B. It selects the first matching central SNAT policy, reviewing from top to bottom.

    C. It selects the central SNAT policy with the lowest priority.

    D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

  • Question 115:

    Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

    A. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.

    B. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPSec.

    C. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.

    D. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

  • Question 116:

    Which of the following statements about converse mode are true? (Choose two.)

    A. FortiGate stops sending files to FortiSandbox for inspection.

    B. FortiGate stops doing RPF checks over incoming packets.

    C. Administrators cannot change the configuration.

    D. Administrators can access the FortiGate only through the console port.

  • Question 117:

    Which one of the following processes is involved in updating IPS from FortiGuard?

    A. FortiGate IPS update requests are sent using UDP port 443.

    B. Protocol decoder update requests are sent to service.fortiguard.net.

    C. IPS signature update requests are sent to update.fortiguard.net.

    D. IPS engine updates can only be obtained using push updates.

  • Question 118:

    What FortiGate components are tested during the hardware test? (Choose three.)

    A. Administrative access

    B. HA heartbeat

    C. CPU

    D. Hard disk

    E. Network interfaces

  • Question 119:

    Which statements correctly describe transparent mode operation? (Choose three.)

    A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.

    B. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.

    C. The transparent FortiGate is visible to network hosts in an IP traceroute.

    D. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.

    E. FortiGate acts as transparent bridge and forwards traffic at Layer 2.

  • Question 120:

    View the exhibit.

    Which of the following statements are correct? (Choose two.)

    A. This setup requires at least two firewall policies with the action set to IPsec.

    B. Dead peer detection must be disabled to support this type of IPsec setup.

    C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

    D. This is a redundant IPsec setup.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.