Fortinet NSE4 NSE4_FGT-6.2 Questions & Answers

• Question 41:

  Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

  A. The firmware image must be manually uploaded to each FortiGate.

  B. Only secondary FortiGate devices are rebooted.

  C. Uninterruptable upgrade is enabled by default.

  D. Traffic load balancing is temporally disabled while upgrading the firmware.

  Correct Answer: BD

• Question 42:

  Examine this PAC file configuration.

  

  Which of the following statements are true? (Choose two.)

  A. Browsers can be configured to retrieve this PAC file from the FortiGate.

  B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

  C. All requests not sent to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

  D. Any web request fortinet.com is allowed to bypass the proxy.

  Correct Answer: AD

• Question 43:

  Which statement about DLP on FortiGate is true?

  A. It can archive files and messages.

  B. It can be applied to a firewall policy in a flow-based VDOM

  C. Traffic shaping can be applied to DLP sensors.

  D. Files can be sent to FortiSandbox for detecting DLP threats.

  Correct Answer: A

• Question 44:

  What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

  A. Traffic to botnetservers

  B. Traffic to inappropriate web sites

  C. Server information disclosure attacks

  D. Credit card data leaks

  E. SQL injection attacks

  Correct Answer: ACE

• Question 45:

  When using WPAD DNS method, which FQDN format do browsers use to query the DNS server?

  A. srv_proxy./wpad.dat

  B. srv_tcp.wpad.

  C. wpad.

  D. proxy..wpad

  Correct Answer: C

• Question 46:

  Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

  

  An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine

  whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is

  still not generating any IPS logs for the HTTPS traffic.

  What is a possible reason for this?

  A. The IPS filter is missing the Protocol: HTTPS option.

  B. The HTTPS signatures have not been added to the sensor.

  C. A DoS policy should be used, instead of an IPS sensor.

  D. The firewall policy is not using a full SSL inspection profile.

  Correct Answer: D

• Question 47:

  On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

  A. hourly

  B. real time

  C. on-demand

  D. store-and-upload

  Correct Answer: BD

• Question 48:

  Examine this FortiGate configuration:

  

  Examine the output of the following debug command:

  

  Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

  A. It is allowed, but with no inspection

  B. It is allowed and inspected as long as the inspection is flow based

  C. It is dropped.

  D. It is allowed and inspected, as long as the only inspection required is antivirus.

  Correct Answer: A

• Question 49:

  Which Statements about virtual domains (VDOMs) arc true? (Choose two.)

  A. Transparent mode and NAT/Route mode VDOMs cannot be combined on the same FortiGate.

  B. Each VDOM can be configured with different system hostnames.

  C. Different VLAN sub-interface of the same physical interface can be assigned to different VDOMs.

  D. Each VDOM has its own routing table.

  Correct Answer: CD

• Question 50:

  Which is the correct description of a hash result as it relates to digital certificates?

  A. A unique value used to verify the input data

  B. An output value that is used to identify the person or device that authored the input data.

  C. An obfuscation used to mask the input data.

  D. An encrypted output value used to safe-guard the input data

  Correct Answer: A