March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Fortinet NSE4_FGT-6.2 Fortinet NSE 4 - FortiOS 6.2 Exam Practice Test

Demo: 21 questions
Total 140 questions

Fortinet NSE 4 - FortiOS 6.2 Questions and Answers

Question 1

Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

Options:

A.

It is allowed, but with no inspection

B.

It is allowed and inspected as long as the inspection is flow based

C.

It is dropped.

D.

It is allowed and inspected, as long as the only inspection required is antivirus.

Question 2

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides

(client and server) have terminated the session?

Options:

A.

To remove the NAT operation.

B.

To generate logs

C.

To finish any inspection operations.

D.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Question 3

An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward. What step is required for this configuration?

Options:

A.

Configure an SSL VPN realm for clients to use the port forward bookmark.

B.

Configure the client application to forward IP traffic through FortiClient.

C.

Configure the virtual IP address to be assigned t the SSL VPN users.

D.

Configure the client application to forward IP traffic to a Java applet proxy.

Question 4

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

Options:

A.

Warning

B.

Exempt

C.

Allow

D.

Learn

Question 5

Which of the following static routes are not maintained in the routing table?

Options:

A.

Named Address routes

B.

Dynamic routes

C.

ISDB routes

D.

Policy routes

Question 6

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

Options:

A.

To delete intermediary NAT devices in the tunnel path.

B.

To dynamically change phase 1 negotiation mode aggressive mode.

C.

To encapsulation ESP packets in UDP packets using port 4500.

D.

To force a new DH exchange with each phase 2 rekey.

Question 7

Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

Options:

A.

By default, FortiGate uses WINS servers to resolve names.

B.

By default, the SSL VPN portal requires the installation of a client’s certificate.

C.

By default, split tunneling is enabled.

D.

By default, the admin GUI and SSL VPN portal use the same HTTPS port.

Question 8

What FortiGate components are tested during the hardware test? (Choose three.)

Options:

A.

Administrative access

B.

HA heartbeat

C.

CPU

D.

Hard disk

E.

Network interfaces

Question 9

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Options:

A.

Traffic to botnetservers

B.

Traffic to inappropriate web sites

C.

Server information disclosure attacks

D.

Credit card data leaks

E.

SQL injection attacks

Question 10

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Options:

A.

The firmware image must be manually uploaded to each FortiGate.

B.

Only secondary FortiGate devices are rebooted.

C.

Uninterruptable upgrade is enabled by default.

D.

Traffic load balancing is temporally disabled while upgrading the firmware.

Question 11

Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

Options:

A.

FG-traffic VDOM

B.

Root VDOM

C.

Customer VDOM

D.

Global VDOM

Question 12

Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-based? (Choose two.)

Options:

A.

FortiGuard Quotas

B.

Static URL

C.

Search engines

D.

Rating option

Question 13

Examine the exhibit, which contains a session diagnostic output.

Which of the following statements about the session diagnostic output is true?

Options:

A.

The session is in ESTABLISHED state.

B.

The session is in LISTEN state.

C.

The session is in TIME_WAIT state.

D.

The session is in CLOSE_WAIT state.

Question 14

How does FortiGate select the central SNAT policy that is applied to a TCP session?

Options:

A.

It selects the SNAT policy specified in the configuration of the outgoing interface.

B.

It selects the first matching central SNAT policy, reviewing from top to bottom.

C.

It selects the central SNAT policy with the lowest priority.

D.

It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Question 15

What files are sent to FortiSandbox for inspection in flow-based inspection mode?

Options:

A.

All suspicious files that do not have their hash value in the FortiGuard antivirus signature database.

B.

All suspicious files that are above the defined oversize limit value in the protocol options.

C.

All suspicious files that match patterns defined in the antivirus profile.

D.

All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus profile.

Question 16

A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.

What is required in the SSL VPN configuration to meet these requirements?

Options:

A.

Different SSL VPN realms for each group.

B.

Two separate SSL VPNs in different interfaces mapping the same ssl.root.

C.

Two firewall policies with different captive portals.

D.

Different virtual SSL VPN IP addresses for each group.

Question 17

View the exhibit.

Based on this output, which statements are correct? (Choose two.)

Options:

A.

The all VDOM is not synchronized between the primary and secondary FortiGate devices.

B.

The root VDOM is not synchronized between the primary and secondary FortiGate devices.

C.

The global configuration is synchronized between the primary and secondary FortiGate devices.

D.

The FortiGate devices have three VDOMs.

Question 18

Which of the following statements about the FSSO collector agent timers is true?

Options:

A.

The workstation verify interval is used to periodically check of a workstation is still a domain member.

B.

The IP address change verify interval monitors the server IP address where the collector agent is installed, and the updates the collector agent configuration if it changes.

C.

The user group cache expiry is used to age out the monitored groups.

D.

The dead entry timeout interval is used to age out entries with an unverified status.

Question 19

Which statement about DLP on FortiGate is true?

Options:

A.

It can archive files and messages.

B.

It can be applied to a firewall policy in a flow-based VDOM

C.

Traffic shaping can be applied to DLP sensors.

D.

Files can be sent to FortiSandbox for detecting DLP threats.

Question 20

Which is the correct description of a hash result as it relates to digital certificates?

Options:

A.

A unique value used to verify the input data

B.

An output value that is used to identify the person or deduce that authored the input data.

C.

An obfuscation used to mask the input data.

D.

An encrypted output value used to safe-guard the input data

Question 21

An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.

Where must the proxy address be used?

Options:

A.

As the source in a firewall policy.

B.

As the source in a proxy policy.

C.

As the destination in a firewall policy.

D.

As the destination in a proxy policy.

Demo: 21 questions
Total 140 questions