1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE4_FGT-6.2 Online Practice Questions and Exam Preparation

NSE4_FGT-6.2 Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet NSE4_FGT-6.2 Online Questions & Answers

  • Question 131:

    Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

    A. This is known as many-to-one NAT.
    B. Source IP is translated to the outgoing interface IP.
    C. Connections are tracked using source port and source MAC address.
    D. Port address translation is not used.

  • Question 132:

    Examine this output from a debug flow:

    Which statements about the output are correct? (Choose two.)

    A. FortiGate received a TCP SYN/ACK packet.
    B. The source IP address of the packet was translated to 10.0.1.10.
    C. FortiGate routed the packet through port 3.
    D. The packet was allowed by the firewall policy with the ID 00007fc0.

  • Question 133:

    In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

    A. Client > primary FortiGate> secondary FortiGate> primary FortiGate> web server.
    B. Client > secondary FortiGate> web server.
    C. Clinet >secondary FortiGate> primary FortiGate> web server.
    D. Client> primary FortiGate> secondary FortiGate> web server.

  • Question 134:

    Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

    A. The public key of the web server certificate must be installed on the browser.
    B. The web-server certificate must be installed on the browser.
    C. The CA certificate that signed the web-server certificate must be installed on the browser.
    D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

  • Question 135:

    Which one of the following processes is involved in updating IPS from FortiGuard?

    A. FortiGate IPS update requests are sent using UDP port 443.
    B. Protocol decoder update requests are sent to service.fortiguard.net.
    C. IPS signature update requests are sent to update.fortiguard.net.
    D. IPS engine updates can only be obtained using push updates.

  • Question 136:

    Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:

    An administrator has added the following static route on FGTI.

    Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

    A. The new route's destination subnet overlaps an existing route.
    B. The new route's Distance value should be higher than 10.
    C. The Gateway IP address is not in the same subnet as port1.
    D. The Priority is 0, which means that this route will remain inactive.

  • Question 137:

    Which of the following statements about central NAT are true? (Choose two.)

    A. IP tool references must be removed from existing firewall policies before enabling central NAT.
    B. Central NAT can be enabled or disabled from the CLI only.
    C. Source NAT, using central NAT does not require a central SNAT policy.
    D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

  • Question 138:

    Which statement about FortiGuard services for FortiGate is true?

    A. The web filtering database is downloaded locally on FortiGate.
    B. Antivirus signatures are downloaded locally on FortiGate.
    C. FortiGate downloads IPS updates using UDP port 53 or 8888.
    D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.

  • Question 139:

    Consider a new IPsec deployment with the following criteria:

    All satellite offices must connect to the two HQ sites.

    The satellite offices do not need to communicate directly with other satellite offices.

    Backup VPN is not required.

    The design should minimize the number of tunnels being configured.

    Which topology should you use to satisfy all of the requirements?

    A. Partial mesh
    B. Redundant
    C. Full mesh
    D. Hub-and-spoke

  • Question 140:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

    A. remote user's public IP address
    B. The public IP address of the FortiGate device.
    C. The remote user's virtual IP address.
    D. The internal IP address of the FortiGate device.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.