Winter Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Note! NSE4_FGT-6.2 has been withdrawn. The new exam code is NSE4_FGT-7.2

NSE4_FGT-6.2 Practice Exam Questions with Answers Fortinet NSE 4 - FortiOS 6.2 Certification

Question # 6

View the exhibit:

NSE4_FGT-6.2 question answer

The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:

NSE4_FGT-6.2 question answer

What should be done next to troubleshoot the problem?

A.

Run a sniffer in the web server.

B.

Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.

C.

Capture the traffic using an external sniffer connected to port1.

D.

Execute a debug flow.

Full Access
Question # 7

By default, when logging to disk, when does FortiGate delete logs?

A.

30 days

B.

1 year

C.

Never

D.

7 days

Full Access
Question # 8

During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

A.

Authentication.

B.

Data integrity.

C.

Non-repudiation.

D.

Signature verification.

Full Access
Question # 9

Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

A.

If the DHCP method fails, browsers will try the DNS method.

B.

The browser needs to be preconfigured with the DHCP server’s IP address.

C.

The browser sends a DHCPONFORM request to the DHCP server.

D.

The DHCP server provides the PAC file for download.

Full Access
Question # 10

View the exhibit.

NSE4_FGT-6.2 question answer

Which users and user groups are allowed access to the network through captive portal?

A.

Users and groups defined in the firewall policy.

B.

Only individual users – not groups – defined in the captive portal configuration

C.

Groups defined in the captive portal configuration

D.

All users

Full Access
Question # 11

Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

A.

Include the group of guest users in a policy.

B.

Extend timeout timers.

C.

Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.

D.

Ensure all firewalls allow the FSSO required ports.

Full Access
Question # 12

Examine the routing database shown in the exhibit, and then answer the following question:

NSE4_FGT-6.2 question answer

Which of the following statements are correct? (Choose two.)

A.

The port3 default route has the highest distance.

B.

The port3 default route has the lowest metric.

C.

There will be eight routes active in the routing table.

D.

The port1 and port2 default routes are active in the routing table.

Full Access
Question # 13

When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

A.

Connected monitored ports > HA uptime > priority > serial number

B.

Priority > Connected monitored ports > HA uptime > serial number

C.

Connected monitored ports > priority > HA uptime > serial number

D.

HA uptime > priority > Connected monitored ports > serial number

Full Access
Question # 14

An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?

A.

Phase 1 negotiations will skip preshared key exchange.

B.

Only digital certificates will be accepted as an authentication method in phase 1.C

C.

Dialup clients must provide a username and password for authentication.

D.

Dialup clients must provide their local ID during phase 2 negotiations.

Full Access
Question # 15

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A.

The interface has been configured for one-arm sniffer.

B.

The interface is a member of a virtual wire pair.

C.

The operation mode is transparent.

D.

The interface is a member of a zone.

E.

Captive portal is enabled in the interface.

Full Access
Question # 16

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on

which device?

A.

FortiManager

B.

Root FortiGate

C.

FortiAnalyzer

D.

Downstream FortiGate

Full Access
Question # 17

Examine the exhibit, which contains a virtual IP and firewall policy configuration.

NSE4_FGT-6.2 question answer

NSE4_FGT-6.2 question answer

NSE4_FGT-6.2 question answer

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.

The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

A.

10.200.1.10

B.

Any available IP address in the WAN (port1) subnet 10.200.1.0/24

C.

10.200.1.1

D.

10.0.1.254

Full Access
Question # 18

Examine this FortiGate configuration:

NSE4_FGT-6.2 question answer

Examine the output of the following debug command:

NSE4_FGT-6.2 question answer

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

A.

It is allowed, but with no inspection

B.

It is allowed and inspected as long as the inspection is flow based

C.

It is dropped.

D.

It is allowed and inspected, as long as the only inspection required is antivirus.

Full Access
Question # 19

View the exhibit.

NSE4_FGT-6.2 question answer

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

A.

Addicting.Games is allowed based on the Application Overrides configuration.

B.

Addicting.Games is blocked on the Filter Overrides configuration.

C.

Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D.

Addcting.Games is allowed based on the Categories configuration.

Full Access
Question # 20

Which Statements about virtual domains (VDOMs) arc true? (Choose two.)

A.

Transparent mode and NAT/Route mode VDOMs cannot be combined on the same FortiGate.

B.

Each VDOM can be configured with different system hostnames.

C.

Different VLAN sub-interface of the same physical interface can be assigned to different VDOMs.

D.

Each VDOM has its own routing table.

Full Access
Question # 21

View the exhibit.

NSE4_FGT-6.2 question answer

VDOM1 is operating in transparent mode VDOM2 is operating in NAT Route mode. There is an inteface VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1.

What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

A.

A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.

B.

A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.

C.

One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.

D.

One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

Full Access