1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE4_FGT-6.2 Online Practice Questions and Exam Preparation

NSE4_FGT-6.2 Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet NSE4_FGT-6.2 Online Questions & Answers

  • Question 121:

    Which two statements about virtual domains (VDOMs) are true? (Choose two.)

    A. Transparent mode and NAT mode VDOMs cannot be combined on the same FortiGate.
    B. Each VDOM can be configured with different system hostnames.
    C. Different VLAN subinterfaces of the same physical interface can be assigned to different VDOMs.
    D. Each VDOM has its own routing table.

  • Question 122:

    Which statement regarding the firewall policy authentication timeout is true?

    A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
    C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.
    D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

  • Question 123:

    Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

    When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

    A. SMTP.Login.Brute.Force
    B. IMAP.Login.brute.Force
    C. ip_src_session
    D. Location: server Protocol: SMTP

  • Question 124:

    An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?

    A. tcp_port_scan
    B. ip_dst_session
    C. udp_flood
    D. ip_src_session

  • Question 125:

    Examine this output from a debug flow:

    Why did the FortiGate drop the packet?

    A. The next-hop IP address is unreachable.
    B. It failed the RPF check.
    C. It matched an explicitly configured firewall policy with the action DENY.
    D. It matched the default implicit firewall policy.

  • Question 126:

    View the exhibit:

    Which statement about the exhibit is true? (Choose two.)

    A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
    B. port-VLAN1 is the native VLAN for the port1 physical interface.
    C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
    D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

  • Question 127:

    How does FortiGate select the central SNAT policy that is applied to a TCP session?

    A. It selects the SNAT policy specified in the configuration of the outgoing interface.
    B. It selects the first matching central SNAT policy, reviewing from top to bottom.
    C. It selects the central SNAT policy with the lowest priority.
    D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

  • Question 128:

    HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could resolve this problem? (Choose two.)

    A. Enable Allow Invalid SSL Certificates for the relevant security profile.
    B. Change web browsers to one that does not support HPKP.
    C. Exempt those web sites that use HPKP from full SSL inspection.
    D. Install the CA certificate (that is required to verify the web server certificate) stores of users' computers.

  • Question 129:

    View the exhibit.

    VDOM1 is operating in transparent mode VDOM2 is operating in NAT Route mode. There is an inteface VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP

    address 10.200.1.2/24 is connected to port1.

    What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

    A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.
    B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.
    C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.
    D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

  • Question 130:

    When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

    A. Connected monitored ports > HA uptime > priority > serial number
    B. Priority > Connected monitored ports > HA uptime > serial number
    C. Connected monitored ports > priority > HA uptime > serial number
    D. HA uptime > priority > Connected monitored ports > serial number

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.