1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE 4 - FortiOS 6.2

Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet NSE4 NSE4_FGT-6.2 Questions & Answers

  • Question 21:

    Which of the following static routes are not maintained in the routing table?

    A. Named Address routes

    B. Dynamic routes

    C. ISDB routes

    D. Policy routes

  • Question 22:

    Examine the network diagram shown in the exhibit, and then answer the following question:

    A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24. Which of the following static routes will satisfy this requirement on FGT1? (Choose two.)

    A. 172.20.2.0/24 (1/0) via 10.10.1.2, port1 [0/0]

    B. 172.20.2.0/24 (25/0) via 10.30.3.2, port3 [5/0]

    C. 172.20.2.0/24 (25/0) via 10.10.1.2, port1 [5/0]

    D. 172.20.2.0/24 (1/150) via 10.30.3.2, port3 [10/0]

  • Question 23:

    What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

    A. Services defined in the firewall policy.

    B. Incoming and outgoing interfaces

    C. Highest to lowest priority defined in the firewall policy.

    D. Lowest to highest policy ID number.

  • Question 24:

    View the exhibit.

    VDOM1 is operating in transparent mode VDOM2 is operating in NAT Route mode. There is an inteface VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1. What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

    A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.

    B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.

    C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.

    D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

  • Question 25:

    Which statement about the IP authentication header (AH) used by IPsec is true?

    A. AH does not provide any data integrity or encryption.

    B. AH does not support perfect forward secrecy.

    C. AH provides data integrity bur no encryption.

    D. AH provides strong data integrity but weak encryption.

  • Question 26:

    If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?

    A. The Services field removes the requirement of creating multiple VIPs for different services.

    B. The Services field is used when several VIPs need to be bundled into VIP groups.

    C. The Services field does not allow source NAT and destination NAT to be combined in the same policy.

    D. The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a single computer.

  • Question 27:

    An administrator wants to configure a FortiGate as a DNS server. FotiGate must use a DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS methods must you use?

    A. Recursive

    B. Non-recursive

    C. Forward to primary and secondary DNS

    D. Forward to system DNS

  • Question 28:

    Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

    When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

    A. SMTP.Login.Brute.Force

    B. IMAP.Login.brute.Force

    C. ip_src_session

    D. Location: server Protocol: SMTP

  • Question 29:

    Which of the following are valid actions for FortiGuard category based filter in a web filter profile in proxy-based inspection mode? (Choose two.)

    A. Warning

    B. Exempt

    C. Allow

    D. Learn

  • Question 30:

    How do you format the FortiGate flash disk?

    A. Load a debug FortiOS image.

    B. Load the hardware test (HQIP) image.

    C. Execute the CLI command execute formatlogdisk.

    D. Select the format boot device option from the BIOS menu.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.