Renewal NSE4_FGT-6.2 Guidance 2021

NEW QUESTION 1
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

• A. It limits the scope of application control to the browser-based technology category only.
• B. It limits the scope of application control to scan application traffic based on application category only.
• C. It limits the scope of application control to scan application traffic using parent signatures only
• D. It limits the scope of application control to scan application traffic on DNS protocol only.

Answer: B

NEW QUESTION 2
Examine the following web filtering log.

Which statement about the log message is true?

• A. The action for the category Games is set to block.
• B. The usage quota for the IP address 10.0.1.10 has expired
• C. The name of the applied web filter profile is default.
• D. The web site miniclip.com matches a static URL filter whose action is set to Warning.

Answer: C

NEW QUESTION 3
View the certificate shown to the exhibit, and then answer the following question:

The CA issued this certificate to which entity?

• A. A root CA
• B. A person
• C. A bridge CA
• D. A subordinate CA

Answer: A

NEW QUESTION 4
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

What are the expected actions if traffic matches this IPS sensor? (Choose two.)

• A. The sensor will gather a packet log for all matched traffic.
• B. The sensor will not block attackers matching the A32S.Botnet signature.
• C. The sensor will block all attacks for Windows servers.
• D. The sensor will reset all connections that match these signatures.

Answer: BC

NEW QUESTION 5
Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

• A. Browsers can be configured to retrieve this PAC file from the FortiGate.
• B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
• C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
• D. Any web request fortinet.com is allowed to bypass the proxy.

Answer: AD

NEW QUESTION 6
View the exhibit. Which of the following statements is true regarding the configuration settings?

Response:

• A. When a remote user accesses https://10.200.1.1:443, the FortiGate login page appears.
• B. When a remote user accesses https://10.200.1.1:443, the FortiGate login page appears.
• C. When a remote user accesses http: //10.200.1.1 :443, the FortiGate login page appears.
• D. When a remote user accesses http: /110.200.1.1:443, the SSL VPN login page appears.
• E. The settings are invali
• F. The administrator settings and the SSL VPN settings cannot use the same port.

Answer: B

NEW QUESTION 7
What files are sent to FortiSandbox for inspection in flow-based inspection mode?

• A. All suspicious files that do not have their hash value in the FortiGuard antivirus signature database.
• B. All suspicious files that are above the defined oversize limit value in the protocol options.
• C. All suspicious files that match patterns defined in the antivirus profile.
• D. All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus profile.

Answer: C

NEW QUESTION 8
Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)

• A. The root VDOM is the management VDOM by default.
• B. A FortiGate device has 64 VDOMs, created by default.
• C. Each VDOM maintains its own system time.
• D. Each VDOM maintains its own routing table.

Answer: AD

NEW QUESTION 9
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

• A. Warning
• B. Exempt
• C. Allow
• D. Learn

Answer: AC

NEW QUESTION 10
What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

• A. Services defined in the firewall policy.
• B. Incoming and outgoing interfaces
• C. Highest to lowest priority defined in the firewall policy.
• D. Lowest to highest policy ID number.

Answer: AB

NEW QUESTION 11
Examine the network diagram shown in the exhibit, then answer the following question:

Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

• A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]
• B. 0.0.0.0/0 [20/0] via 10.4.200.2, port2
• C. 10.4.200.0/30 is directly connected, port2
• D. 172.16.32.0/24 is directly connected, port1

Answer: D

NEW QUESTION 12
An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?

• A. FortiGate needs to be switched to NGFW mode.
• B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.
• C. Proxy options are no longer available starting in FortiOS 5.6.
• D. FortiGate is in flow-based inspection mode.

Answer: D

NEW QUESTION 13
View the exhibit.

Why is the administrator getting the error shown in the exhibit?

• A. The administrator must first enter the command edit global.
• B. The administrator admin does not have the privileges required to configure global settings.
• C. The global settings cannot be configured from the root VDOM context.
• D. The command config system global does not exist in FortiGate.

Answer: C

NEW QUESTION 14
Which one of the following processes is involved in updating IPS from FortiGuard?

• A. FortiGate IPS update requests are sent using UDP port 443.
• B. Protocol decoder update requests are sent to service.fortiguard.net.
• C. IPS signature update requests are sent to update.fortiguard.net.
• D. IPS engine updates can only be obtained using push updates.

Answer: C

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ports-and-protocols-54/07-FortiGuard.htm

NEW QUESTION 15
A team manager has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effective option to support this request?

• A. Implement a web filter category override for the specified website.
• B. Implement web filter authentication for the specified website
• C. Implement web filter quotas for the specified website.
• D. Implement DNS filter for the specified website.

Answer: A

NEW QUESTION 16
A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.
What is required in the SSL VPN configuration to meet these requirements?

• A. Different SSL VPN realms for each group.
• B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.
• C. Two firewall policies with different captive portals.
• D. Different virtual SSL VPN IP addresses for each group.

Answer: A

NEW QUESTION 17
View the exhibit:

Whichhe FortiGate handle web proxy traffic rue? (Choose two.)

• A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
• B. port-VLAN1 is the native VLAN for the port1 physical interface.
• C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
• D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

Answer: AC

NEW QUESTION 18
Which statements about DNS filter profiles are true? (Choose two.)

• A. They can inspect HTTP traffic.
• B. They can redirect blocked requests to a specific portal.
• C. They can block DNS requests to known botnet command and control servers.
• D. They must be applied in firewall policies with SSL inspection enabled.

Answer: BC

NEW QUESTION 19
A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?

• A. It can create administrator accounts with access to the same VDOM.
• B. It cannot have access to more than one VDOM.
• C. It can reset the password for the admin account.
• D. It can upgrade the firmware on the FortiGate device.

Answer: B

NEW QUESTION 20
Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

• A. It is allowed, but with no inspection
• B. It is allowed and inspected as long as the inspection is flow based
• C. It is dropped.
• D. It is allowed and inspected, as long as the only inspection required is antivirus.

Answer: A

NEW QUESTION 21
An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward. What step is required for this configuration?

• A. Configure an SSL VPN realm for clients to use the port forward bookmark.
• B. Configure the client application to forward IP traffic through FortiClient.
• C. Configure the virtual IP address to be assigned t the SSL VPN users.
• D. Configure the client application to forward IP traffic to a Java applet proxy.

Answer: D

NEW QUESTION 22
View the exhibit:

The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

• A. Run a sniffer in the web server.
• B. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.
• C. Capture the traffic using an external sniffer connected to port1.
• D. Execute a debug flow.

Answer: D

Explanation:
Step 1: Routing table check (in NAT mode)Step 2: Verify is services are opened (if access to the FortiGate)Step 3: Sniffer traceStep 4: Debug flowStep 5: Session list

NEW QUESTION 23
......