1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE 4 - FortiOS 6.2

Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet NSE4 NSE4_FGT-6.2 Questions & Answers

  • Question 11:

    Which two statements about virtual domains (VDOMs) are true? (Choose two.)

    A. Transparent mode and NAT mode VDOMs cannot be combined on the same FortiGate.

    B. Each VDOM can be configured with different system hostnames.

    C. Different VLAN subinterfaces of the same physical interface can be assigned to different VDOMs.

    D. Each VDOM has its own routing table.

  • Question 12:

    The FSSO collector agent set to advanced access mode for the Windows Active Directory uses which convention?

    A. LDAP

    B. Windows

    C. RSSO

    D. NTLM

  • Question 13:

    Which two statements about antivirus scanning mode are true? (Choose two.)

    A. In proxy-based inspection mode, antivirus buffers the whole file for scanning, before sending it to the client.

    B. In full scan flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

    C. In proxy-based inspection mode, files bigger than the buffer size are scanned.

    D. In quick scan mode, you can configure antivirus profiles to use any of the available antivirus signature databases.

  • Question 14:

    In an HA cluster operating in active-active mode, which path is taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

    A. Client > secondary FortiGate > primary FortiGate > web server

    B. Client > primary FortiGate > secondary FortiGate > primary FortiGate > web server

    C. Client > primary FortiGate > secondary FortiGate > web server

    D. Client > secondary FortiGate > web server

  • Question 15:

    Examine the FortiGate configuration:

    What will happen to unauthenticated users when an active authentication policy is followed by a fall through policy without authentication?

    A. The user must log in again to authenticate.

    B. The user will be denied access to resources without authentication.

    C. The user will not be prompted for authentication.

    D. User authentication happens at an interface level.

  • Question 16:

    Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

    A. FG-traffic VDOM

    B. Root VDOM

    C. Customer VDOM

    D. Global VDOM

  • Question 17:

    View the exhibit.

    A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

    A. Addicting.Games is allowed based on the Application Overrides configuration.

    B. Addicting.Games is blocked on the Filter Overrides configuration.

    C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Learn.

    D. Addcting.Games is allowed based on the Categories configuration.

  • Question 18:

    Examine this network diagram:

    Examine this explicit web proxy configuration:

    What filter can be used in the command diagnose sniffer packet to capture the traffic between the client and the explicit web proxy?

    A. `host 10.0.0.50 and port 8080'

    B. `host 10.0.0.50 and port 80'

    C. `host 192.168.0.2 and port 8080'

    D. `host 192.168.0.1 and port 80'

  • Question 19:

    Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

    A. Lookup is done on the first packet from the session originator

    B. Lookup is done on the last packet sent from the responder

    C. Lookup is done on every packet, regardless of direction

    D. Lookup is done on the first reply packet from the responder

  • Question 20:

    Which of the following statements about central NAT are true? (Choose two.)

    A. IP tool references must be removed from existing firewall policies before enabling central NAT.

    B. Central NAT can be enabled or disabled from the CLI only.

    C. Source NAT, using central NAT does not require a central SNAT policy.

    D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.