1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE 4 - FortiOS 6.2

Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet Fortinet Certifications NSE4_FGT-6.2 Questions & Answers

  • Question 121:

    You are configuring the root FortiGate to implement the security fabric. You are configuring port10 to communicate with a downstream FortiGate. View the default Edit Interface in the exhibit below: When configuring the root FortiGate to communicate with a downstream FortiGate, which settings are required to be configured? (Choose two.)

    A. Device detection enabled.

    B. Administrative Access: FortiTelemetry.

    C. IP/Network Mask.

    D. Role: Security Fabric.

  • Question 122:

    Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)

    A. The root VDOM is the management VDOM by default.

    B. A FortiGate device has 64 VDOMs, created by default.

    C. Each VDOM maintains its own system time.

    D. Each VDOM maintains its own routing table.

  • Question 123:

    An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?

    A. Phase 1 negotiations will skip preshared key exchange.

    B. Only digital certificates will be accepted as an authentication method in phase 1.C

    C. Dialup clients must provide a username and password for authentication.

    D. Dialup clients must provide their local ID during phase 2 negotiations.

  • Question 124:

    An administrator has configured two VLAN interfaces:

    A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

    A. Both interfaces must belong to the same forward domain.

    B. The role of the VLAN10 interface must be set to server.

    C. Both interfaces must have the same VLAN ID.

    D. Both interfaces must be in different VDOMs.

  • Question 125:

    Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

    A. The NetSessionEnum function is used to track user logoffs.

    B. WMI polling can increase bandwidth usage in large networks.

    C. The collector agent uses a Windows API to query DCs for user logins.

    D. The collector agent do not need to search any security event logs.

  • Question 126:

    Which statements about DNS filter profiles are true? (Choose two.)

    A. They can inspect HTTP traffic.

    B. They can redirect blocked requests to a specific portal.

    C. They can block DNS requests to known botnet command and control servers.

    D. They must be applied in firewall policies with SSL inspection enabled.

  • Question 127:

    Which of the following services can be inspected by the DLP profile? (Choose three.)

    A. NFS

    B. FTP

    C. IMAP

    D. CIFS

    E. HTTP-POST

  • Question 128:

    Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

    A. The public key of the web server certificate must be installed on the browser.

    B. The web-server certificate must be installed on the browser.

    C. The CA certificate that signed the web-server certificate must be installed on the browser.

    D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

  • Question 129:

    When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?

    A. It must be configured in a static route using the sdwan virtual interface.

    B. It must be provided in the SD-WAN member interface configuration.

    C. It must be configured in a policy-route using the sdwan virtual interface.

    D. It must be learned automatically through a dynamic routing protocol.

  • Question 130:

    Which statement is true regarding the policy ID number of a firewall policy?

    A. Defines the order in which rules are processed.

    B. Represents the number of objects used in the firewall policy.

    C. Required to modify a firewall policy using the CLI.

    D. Changes when firewall policies are reordered.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.