1. Home
  2. Fortinet
  3. NSE4_FGT-6.2

Fortinet NSE4_FGT-6.2 Online Practice Questions and Exam Preparation

NSE4_FGT-6.2 Exam Details

  • Exam Code
    :NSE4_FGT-6.2
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.2
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :142 Q&As
  • Last Updated
    :Jul 10, 2023

Fortinet NSE4_FGT-6.2 Online Questions & Answers

  • Question 71:

    Which of the following statements about NTLM authentication are correct? (Choose two.)

    A. It is useful when users log in to DCs that are not monitored by a collector agent.
    B. It takes over as the primary authentication method when configured alongside FSSO.
    C. Multi-domain environments require DC agents on every domain controller.
    D. NTLM-enabled web browsers are required.

  • Question 72:

    An administrator wants to create a policy-based IPsec VPN tunnel betweeb two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)

    A. Define the phase 1 parameters, without enabling IPsec interface mode
    B. Define the phase 2 parameters.
    C. Set the phase 2 encapsulation method to transport mode
    D. Define at least one firewall policy, with the action set to IPsec.
    E. Define a route to the remote network over the IPsec tunnel.

  • Question 73:

    Which statement about the policy ID number of a firewall policy is true?

    A. It is required to modify a firewall policy using the CLI.
    B. It represents the number of objects used in the firewall policy.
    C. It changes when firewall policies are reordered.
    D. It defines the order in which rules are processed.

  • Question 74:

    What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

    A. Traffic to botnetservers
    B. Traffic to inappropriate web sites
    C. Server information disclosure attacks
    D. Credit card data leaks
    E. SQL injection attacks

  • Question 75:

    Examine the following web filtering log.

    Which statement about the log message is true?

    A. The action for the category Games is set to block.
    B. The usage quota for the IP address 10.0.1.10 has expired
    C. The name of the applied web filter profile is default.
    D. The web site miniclip.com matches a static URL filter whose action is set to Warning.

  • Question 76:

    An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)

    A. Configure split tunneling for content inspection.
    B. Configure host restrictions by IP or MAC address.
    C. Configure two-factor authentication using security certificates.
    D. Configure SSL offloading to a content processor (FortiASIC).
    E. Configure a client integrity check (host-check).

  • Question 77:

    An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?

    A. Phase 1 negotiations will skip preshared key exchange.
    B. Only digital certificates will be accepted as an authentication method in phase 1.C
    C. Dialup clients must provide a username and password for authentication.
    D. Dialup clients must provide their local ID during phase 2 negotiations.

  • Question 78:

    An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

    A. The interface has been configured for one-arm sniffer.
    B. The interface is a member of a virtual wire pair.
    C. The operation mode is transparent.
    D. The interface is a member of a zone.
    E. Captive portal is enabled in the interface.

  • Question 79:

    You are configuring the root FortiGate to implement the security fabric. You are configuring port10 to communicate with a downstream FortiGate. View the default Edit Interface in the exhibit below:

    When configuring the root FortiGate to communicate with a downstream FortiGate, which settings are required to be configured? (Choose two.)

    A. Device detection enabled.
    B. Administrative Access: FortiTelemetry.
    C. IP/Network Mask.
    D. Role: Security Fabric.

  • Question 80:

    Which of the following SD-WAN load ç’ªalancing method use interface weight value to distribute traffic? (Choose two.)

    A. Source IP
    B. Spillover
    C. Volume
    D. Session

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.2 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.