NSE4_FGT-6.2 Exam Questions - Online Test


NSE4_FGT-6.2 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

surepassexam.com

Exambible offers free demo for NSE4_FGT-6.2 exam. "Fortinet NSE 4 - FortiOS 6.2", also known as NSE4_FGT-6.2 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE4_FGT-6.2 exam, will help you answer those questions. The NSE4_FGT-6.2 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE4_FGT-6.2 exams and revised by experts!

Free demo questions for Fortinet NSE4_FGT-6.2 Exam Dumps Below:

NEW QUESTION 1
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?

  • A. A.-192.168.3.0/24B.192.168.2.0/24C.192.168.1.0/24D.192.168.0.0/8

Answer: B

NEW QUESTION 2
Which statements about antivirus scanning mode are true? (Choose two.)

  • A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.
  • B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.
  • C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.
  • D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.

Answer: AB

Explanation:
A: Buffers the whole file, packets sent to the client after scan finishes
B: When the antivirus profile is operating in flow-based inspection mode, two scanning mode options are available: full scan mode and quick scan mode.(Normal extended, or extreme-depending on what is configured in the CLI).

NEW QUESTION 3
Which of the following SD-WAN load –balancing method use interface weight value to distribute traffic? (Choose two.)

  • A. Source IP
  • B. Spillover
  • C. Volume
  • D. Session

Answer: CD

NEW QUESTION 4
Examine the exhibit, which contains a session diagnostic output.
NSE4_FGT-6.2 dumps exhibit
Which of the following statements about the session diagnostic output is true?

  • A. The session is in ESTABLISHED state.
  • B. The session is in LISTEN state.
  • C. The session is in TIME_WAIT state.
  • D. The session is in CLOSE_WAIT state.

Answer: A

NEW QUESTION 5
Which statement about FortiGuard services for FortiGate is true?

  • A. The web filtering database is downloaded locally on FortiGate.
  • B. Antivirus signatures are downloaded locally on FortiGate.
  • C. FortiGate downloads IPS updates using UDP port 53 or 8888.
  • D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.

Answer: B

NEW QUESTION 6
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

  • A. Enable Event Logging.
  • B. Enable a web filter security profile on the Full Access firewall policy.
  • C. Enable Log Allowed Traffic on the Full Access firewall policy.
  • D. Enable disk logging.

Answer: BC

NEW QUESTION 7
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

  • A. It limits the scope of application control to the browser-based technology category only.
  • B. It limits the scope of application control to scan application traffic based on application category only.
  • C. It limits the scope of application control to scan application traffic using parent signatures only
  • D. It limits the scope of application control to scan application traffic on DNS protocol only.

Answer: B

NEW QUESTION 8
An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?

  • A. tcp_port_scan
  • B. ip_dst_session
  • C. udp_flood
  • D. ip_src_session

Answer: A

Explanation:
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Security%20Policies/DoS%20Pr

NEW QUESTION 9
Examine the exhibit, which contains a virtual IP and firewall policy configuration.
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

  • A. 10.200.1.10
  • B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
  • C. 10.200.1.1
  • D. 10.0.1.254

Answer: C

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Virtual%20IPs.

NEW QUESTION 10
Examine the routing database shown in the exhibit, and then answer the following question:
NSE4_FGT-6.2 dumps exhibit
Which of the following statements are correct? (Choose two.)

  • A. The port3 default route has the highest distance.
  • B. The port3 default route has the lowest metric.
  • C. There will be eight routes active in the routing table.
  • D. The port1 and port2 default routes are active in the routing table.

Answer: AD

NEW QUESTION 11
View the following exhibit, which shows the firewall policies and the object uses in the firewall policies.
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
The administrator is using the Policy Lookup feature and has entered the search create shown in the following exhibit.
NSE4_FGT-6.2 dumps exhibit
Which of the following will be highlighted based on the input criteria?

  • A. Policy with ID1.
  • B. Policies with ID 2 and 3.
  • C. Policy with ID 5.
  • D. Policy with ID 4.

Answer: A

NEW QUESTION 12
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.
NSE4_FGT-6.2 dumps exhibit
What are the expected actions if traffic matches this IPS sensor? (Choose two.)

  • A. The sensor will gather a packet log for all matched traffic.
  • B. The sensor will not block attackers matching the A32S.Botnet signature.
  • C. The sensor will block all attacks for Windows servers.
  • D. The sensor will reset all connections that match these signatures.

Answer: BC

NEW QUESTION 13
Which action can be applied to each filter in the application control profile?

  • A. Block, monitor, warning, and quarantine
  • B. Allow, monitor, block and learn
  • C. Allow, block, authenticate, and warning
  • D. Allow, monitor, block, and quarantine

Answer: D

NEW QUESTION 14
Examine the network diagram shown in the exhibit, then answer the following question:
NSE4_FGT-6.2 dumps exhibit
Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

  • A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]
  • B. 0.0.0.0/0 [20/0] via 10.4.200.2, port2
  • C. 10.4.200.0/30 is directly connected, port2
  • D. 172.16.32.0/24 is directly connected, port1

Answer: D

NEW QUESTION 15
Which of the following statements about NTLM authentication are correct? (Choose two.)

  • A. It is useful when users log in to DCs that are not monitored by a collector agent.
  • B. It takes over as the primary authentication method when configured alongside FSSO.
  • C. Multi-domain environments require DC agents on every domain controller.
  • D. NTLM-enabled web browsers are required.

Answer: AD

Explanation:
https://www.fortinetguru.com/2021/07/configuring-authenticated-access/12/

NEW QUESTION 16
Examine the two static routes shown in the exhibit, then answer the following question.
NSE4_FGT-6.2 dumps exhibit
Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

  • A. FortiGate will load balance all traffic across both routes.
  • B. FortiGate will use the port1 route as the primary candidate.
  • C. FortiGate will route twice as much traffic to the port2 route
  • D. FortiGate will only actuate the port1 route in the routing table

Answer: B

Explanation:
“If multiple static routes have the same distance, they are all active; however, only the one with the lowest priority is considered the best path.”

NEW QUESTION 17
View the exhibit.
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
What does this raw log indicate? (Choose two.)

  • A. FortiGate blocked the traffic.
  • B. type indicates that a security event was recorded.
  • C. 10.0.1.20 is the IP address for lavito.tk.
  • D. policyid indicates that traffic went through the IPS firewall policy.

Answer: AB

NEW QUESTION 18
Examine the exhibit, which shows the partial output of an IKE real-time debug.
NSE4_FGT-6.2 dumps exhibit
Which of the following statement about the output is true?

  • A. The VPN is configured to use pre-shared key authentication.
  • B. Extended authentication (XAuth) was successful.
  • C. Remote is the host name of the remote IPsec peer.
  • D. Phase 1 went down.

Answer: A

NEW QUESTION 19
Refer to the following exhibit.
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
Why is FortiGate not blocking the test file over FTP download?

  • A. Deep-inspection must be enabled for FortiGate to fully scan FTP traffic.
  • B. FortiGate needs to be operating in flow-based inspection mode in order to scan FTP traffic.
  • C. The FortiSandbox signature database is required to successfully scan FTP traffic.
  • D. The proxy options profile needs to scan FTP traffic on a non-standard port.

Answer: D

NEW QUESTION 20
A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?

  • A. It can create administrator accounts with access to the same VDOM.
  • B. It cannot have access to more than one VDOM.
  • C. It can reset the password for the admin account.
  • D. It can upgrade the firmware on the FortiGate device.

Answer: B

NEW QUESTION 21
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.
NSE4_FGT-6.2 dumps exhibit
NSE4_FGT-6.2 dumps exhibit
An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine
whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?

  • A. The IPS filter is missing the Protocol: HTTPS option.
  • B. The HTTPS signatures have not been added to the sensor.
  • C. A DoS policy should be used, instead of an IPS sensor.
  • D. A DoS policy should be used, instead of an IPS sensor.
  • E. The firewall policy is not using a full SSL inspection profile.

Answer: E

NEW QUESTION 22
......

P.S. Easily pass NSE4_FGT-6.2 Exam with 129 Q&As DumpSolutions Dumps & pdf Version, Welcome to Download the Newest DumpSolutions NSE4_FGT-6.2 Dumps: https://www.dumpsolutions.com/NSE4_FGT-6.2-dumps/ (129 New Questions)