Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. Fortinet
  3. NSE4
  4. NSE4_FGT-6.2 - Fortinet NSE 4 - FortiOS 6.2
Note! Following NSE4_FGT-6.2 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is NSE4_FGT-7.2

NSE4_FGT-6.2 Exam Dumps - Fortinet NSE 4 - FortiOS 6.2

Go to page:
Question # 9

An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)

A.

Configure split tunneling for content inspection.

B.

Configure host restrictions by IP or MAC address.

C.

Configure two-factor authentication using security certificates.

D.

Configure SSL offloading to a content processor (FortiASIC).

E.

Configure a client integrity check (host-check).

Full Access
Question # 10

View the exhibit.

Based on this output, which statements are correct? (Choose two.)

A.

The all VDOM is not synchronized between the primary and secondary FortiGate devices.

B.

The root VDOM is not synchronized between the primary and secondary FortiGate devices.

C.

The global configuration is synchronized between the primary and secondary FortiGate devices.

D.

The FortiGate devices have three VDOMs.

Full Access
Question # 11

View the exhibit. Which of the following statements is true regarding the configuration settings?

Response:

A.

When a remote user accesses https://10.200.1.1:443, the FortiGate login page appears.

B.

When a remote user accesses https://10.200.1.1:443, the FortiGate login page appears.

C.

When a remote user accesses http: //10.200.1.1 :443, the FortiGate login page appears.

D.

When a remote user accesses http: /110.200.1.1:443, the SSL VPN login page appears.

E.

The settings are invalid. The administrator settings and the SSL VPN settings cannot use the same port.

Full Access
Question # 12

An administrator wants to create a policy-based IPsec VPN tunnel betweeb two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)

A.

Define the phase 1 parameters, without enabling IPsec interface mode

B.

Define the phase 2 parameters.

C.

Set the phase 2 encapsulation method to transport mode

D.

Define at least one firewall policy, with the action set to IPsec.

E.

Define a route to the remote network over the IPsec tunnel.

Full Access
Question # 13

Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

A.

In aggressive mode, the remote peers are able to provide their peer IDs in the first message.

B.

FortiGate is able to handle NATed connections only in aggressive mode.

C.

FortiClient only supports aggressive mode.

D.

Main mode does not support XAuth for user authentication.

Full Access
Question # 14

What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

A.

Services defined in the firewall policy.

B.

Incoming and outgoing interfaces

C.

Highest to lowest priority defined in the firewall policy.

D.

Lowest to highest policy ID number.

Full Access
Question # 15

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A.

It limits the scope of application control to the browser-based technology category only.

B.

It limits the scope of application control to scan application traffic based on application category only.

C.

It limits the scope of application control to scan application traffic using parent signatures only

D.

It limits the scope of application control to scan application traffic on DNS protocol only.

Full Access
Question # 16

Which of the following statements about central NAT are true? (Choose two.)

A.

IP tool references must be removed from existing firewall policies before enabling central NAT.

B.

Central NAT can be enabled or disabled from the CLI only.

C.

Source NAT, using central NAT, requires at least one central SNAT policy.

D.

Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps