Fortinet NSE4 NSE4_FGT-6.2 Questions & Answers

• Question 131:

  An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.

  

  Where must the proxy address be used?

  A. As the source in a firewall policy.

  B. As the source in a proxy policy.

  C. As the destination in a firewall policy.

  D. As the destination in a proxy policy.

  Correct Answer: B

• Question 132:

  Which statement is true regarding SSL VPN timers? (Choose two.)

  A. Allow to mitigate DoS attacks from partial HTTP requests.

  B. SSL VPN settings do not have customizable timers.

  C. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.

  D. Prevent SSL VPN users from being logged out because of high network latency.

  Correct Answer: AD

• Question 133:

  Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.)

  A. Priority

  B. Metric

  C. Distance

  D. Cost

  Correct Answer: AC

• Question 134:

  View the exhibit.

  

  Based on this output, which statements are correct? (Choose two.)

  A. The all VDOM is not synchronized between the primary and secondary FortiGate devices.

  B. The root VDOM is not synchronized between the primary and secondary FortiGate devices.

  C. The global configuration is synchronized between the primary and secondary FortiGate devices.

  D. The FortiGate devices have three VDOMs.

  Correct Answer: BC

• Question 135:

  An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)

  A. Configure split tunneling for content inspection.

  B. Configure host restrictions by IP or MAC address.

  C. Configure two-factor authentication using security certificates.

  D. Configure SSL offloading to a content processor (FortiASIC).

  E. Configure a client integrity check (host-check).

  Correct Answer: CDE

• Question 136:

  Which statement about FortiGuard services for FortiGate is true?

  A. The web filtering database is downloaded locally on FortiGate.

  B. Antivirus signatures are downloaded locally on FortiGate.

  C. FortiGate downloads IPS updates using UDP port 53 or 8888.

  D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.

  Correct Answer: B

• Question 137:

  An administrator is investigating a report of users having intermittent issues with browsing the web. The administrator ran diagnostics and received the output shown in the exhibit.

  

  Examine the diagnostic output shown exhibit. Which of the following options is the most likely cause of this issue?

  A. NAT port exhaustion

  B. High CPU usage

  C. High memory usage

  D. High session timeout value

  Correct Answer: A

• Question 138:

  An administrator has configured central DNAT and virtual IPs. Which of the following can be selected in the firewall policy Destination field?

  A. A VIP group

  B. The mapped IP address object of the VIP object

  C. A VIP object

  D. An IP pool

  Correct Answer: C

• Question 139:

  A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.

  What is required in the SSL VPN configuration to meet these requirements?

  A. Different SSL VPN realms for each group.

  B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.

  C. Two firewall policies with different captive portals.

  D. Different virtual SSL VPN IP addresses for each group.

  Correct Answer: A

• Question 140:

  Which statements about a One-to-One IP pool are true? (Choose two.)

  A. It is used for destination NAT.

  B. It allows the fixed mapping of an internal address range to an external address range.

  C. It does not use port address translation.

  D. It allows the configuration of ARP replies.

  Correct Answer: CD