1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE4_FGT-6.2 Online Practice Questions and Exam Preparation

NSE4_FGT-6.2 Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet NSE4_FGT-6.2 Online Questions & Answers

  • Question 51:

    Which statements about a One-to-One IP pool are true? (Choose two.)

    A. It is used for destination NAT.
    B. It allows the fixed mapping of an internal address range to an external address range.
    C. It does not use port address translation.
    D. It allows the configuration of ARP replies.

  • Question 52:

    Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

    A. It recommends the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
    B. ADVPN is only supported with IKEv2.
    C. IPSec tunnels are negotiated dynamically between spokes.
    D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

  • Question 53:

    Examine this PAC file configuration.

    Which of the following statements are true? (Choose two.)

    A. Browsers can be configured to retrieve this PAC file from the FortiGate.
    B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
    C. All requests not sent to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
    D. Any web request fortinet.com is allowed to bypass the proxy.

  • Question 54:

    Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

    A. Log downloads from the GUI are limited to the current filter view
    B. Log backups from the CLI cannot be restored to another FortiGate.
    C. Log backups from the CLI can be configured to upload to FTP as a scheduled time
    D. Log downloads from the GUI are stored as LZ4 compressed files.

  • Question 55:

    Examine the exhibit, which shows the partial output of an IKE real-time debug.

    Which of the following statement about the output is true?

    A. The VPN is configured to use pre-shared key authentication.
    B. Extended authentication (XAuth) was successful.
    C. Remote is the host name of the remote IPsec peer.
    D. Phase 1 went down.

  • Question 56:

    Which statement about DLP on FortiGate is true?

    A. It can archive files and messages.
    B. It can be applied to a firewall policy in a flow-based VDOM
    C. Traffic shaping can be applied to DLP sensors.
    D. Files can be sent to FortiSandbox for detecting DLP threats.

  • Question 57:

    Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

    A. If the DHCP method fails, browsers will try the DNS method.
    B. The browser needs to be preconfigured with the DHCP server's IP address.
    C. The browser sends a DHCPINFORM request to the DHCP server.
    D. The DHCP server provides the PAC file for download.

  • Question 58:

    An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

    A. Implement firewall authentication for all users that need access to fortinet.com.
    B. Manually install the FortiGate deep inspection certificate as a trusted CA.
    C. Configure fortinet.com access to bypass the IPS engine.
    D. Configure an SSL-inspection exemption for fortinet.com.

  • Question 59:

    View the exhibit.

    Which users and user groups are allowed access to the network through captive portal?

    A. Users and groups defined in the firewall policy.
    B. Only individual users ?not groups ?defined in the captive portal configuration
    C. Groups defined in the captive portal configuration
    D. All users

  • Question 60:

    A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups. What is required in the SSL VPN configuration to meet these requirements?

    A. Different SSL VPN realms for each group.
    B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.
    C. Two firewall policies with different captive portals.
    D. Different virtual SSL VPN IP addresses for each group.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.