web analytics
FortiGate Enterprise Firewall Exam / NSE4_FGT-6.2 Dumps / NSE4_FGT-6.2 Exam Questions / NSE4_FGT-6.2 PDF Dumps / NSE4_FGT-6.2 VCE Dumps

[23-Apr-2020] New PassLeader FortiOS 6.2 NSE4_FGT-6.2 Dumps with VCE and PDF (New Questions)

PassLeader just published the NEWEST Fortinet NSE4_FGT-6.2 exam dumps! And, PassLeader offer two types of the NSE4_FGT-6.2 dumps — NSE4_FGT-6.2 VCE dumps and NSE4_FGT-6.2 PDF dumps, both VCE and PDF contain the NEWEST NSE4_FGT-6.2 exam questions, they will help you PASSING the Fortinet NSE4_FGT-6.2 exam easily! Now, get the NEWEST NSE4_FGT-6.2 dumps in VCE and PDF from PassLeaderhttps://www.passleader.com/nse4-fgt-6-2.html (130 Q&As Dumps)

What’s more, part of that PassLeader NSE4_FGT-6.2 dumps now are freehttps://drive.google.com/open?id=15PKUGl9gF7D0YjG0tgzGpxFfFVTro5_r

NEW QUESTION 1
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

A. To remove the NAT operation.
B. To generate logs.
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Answer: D

NEW QUESTION 2
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Traffic to botnet servers.
B. Traffic to inappropriate web sites.
C. Server information disclosure attacks.
D. Credit card data leaks.
E. SQL injection attacks.

Answer: CDE

NEW QUESTION 3
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

A. The firmware image must be manually uploaded to each FortiGate.
B. Only secondary FortiGate devices are rebooted.
C. Uninterruptable upgrade is enabled by default.
D. Traffic load balancing is temporally disabled while upgrading the firmware.

Answer: CD

NEW QUESTION 4
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A. A CRL
B. A person
C. A subordinate CA
D. A root CA

Answer: D

NEW QUESTION 5
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)

A. Source IP
B. Spillover
C. Volume
D. Session

Answer: CD

NEW QUESTION 6
What FortiGate components are tested during the hardware test? (Choose three.)

A. Administrative access
B. HA heartbeat
C. CPU
D. Hard disk
E. Network interfaces

Answer: CDE

NEW QUESTION 7
What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

A. Services defined in the firewall policy.
B. Incoming and outgoing interfaces.
C. Highest to lowest priority defined in the firewall policy.
D. Lowest to highest policy ID number.

Answer: AB

NEW QUESTION 8
Which statements about virtual domains (VDOMs) arc true? (Choose two.)

A. Transparent mode and NAT/Route mode VDOMs cannot be combined on the same FortiGate.
B. Each VDOM can be configured with different system hostnames.
C. Different VLAN sub-interfaces of the same physical interface can be assigned to different VDOMs.
D. Each VDOM has its own routing table.

Answer: CD

NEW QUESTION 9
Which statements about a One-to-One IP pool are true? (Choose two.)

A. It is used for destination NAT.
B. It allows the fixed mapping of an internal address range to an external address range.
C. It does not use port address translation.
D. It allows the configuration of ARP replies.

Answer: CD

NEW QUESTION 10
Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.)

A. Priority
B. Metric
C. Distance
D. Cost

Answer: AC

NEW QUESTION 11
Which statement is true regarding the policy ID number of a firewall policy?

A. Defines the order in which rules are processed.
B. Represents the number of objects used in the firewall policy.
C. Required to modify a firewall policy using the CLI.
D. Changes when firewall policies are reordered.

Answer: C

NEW QUESTION 12
How does FortiGate select the central SNAT policy that is applied to a TCP session?

A. It selects the SNAT policy specified in the configuration of the outgoing interface.
B. It selects the first matching central SNAT policy, reviewing from top to bottom.
C. It selects the central SNAT policy with the lowest priority.
D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Answer: B

NEW QUESTION 13
During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

A. Authentication.
B. Data integrity.
C. Non-repudiation.
D. Signature verification.

Answer: D

NEW QUESTION 14
An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?

A. tcp_port_scan
B. ip_dst_session
C. udp_flood
D. ip_src_session

Answer: B

NEW QUESTION 15
Which statements about HA for FortiGate devices are true? (Choose two.)

A. Sessions handled by proxy-based security profiles cannot be synchronized.
B. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.
C. HA management interface settings are synchronized between cluster members.
D. Heartbeat interfaces are not required on the primary device.

Answer: AB

NEW QUESTION 16
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

A. Enable Event Logging.
B. Enable a web filter security profile on the Full Access firewall policy.
C. Enable Log Allowed Traffic on the Full Access firewall policy.
D. Enable disk logging.

Answer: BC

NEW QUESTION 17
Which action can be applied to each filter in the application control profile?

A. Block, monitor, warning, and quarantine.
B. Allow, monitor, block and learn.
C. Allow, block, authenticate, and warning.
D. Allow, monitor, block, and quarantine.

Answer: D

NEW QUESTION 18
If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?

A. It notifies the administrator by sending an email.
B. It provides a DLP block replacement page with a link to download the file.
C. It blocks all future traffic for that IP address for a configured interval.
D. It archives the data for that IP address.

Answer: C

NEW QUESTION 19
Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-based?

A. FortiGuard Quotas
B. Static URL
C. Search engines
D. Rating option

Answer: D

NEW QUESTION 20
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

A. Log downloads from the GUI are limited to the current log filter view.
B. Log backups from the CLI cannot be restored to another FortiGate.
C. Log backups from the CLI can be configured to upload to FTP at a scheduled time.
D. Log downloads from the GUI are stored as LZ4 compressed files.

Answer: AB

NEW QUESTION 21
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

A. Include the group of guest users in a policy.
B. Extend timeout timers.
C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
D. Ensure all firewalls allow the FSSO required ports.

Answer: AD

NEW QUESTION 22
What information is flushed when the chunk-size value is changed in the config DLP settings?

A. The database for DLP document fingerprinting.
B. The supported file types in the DLP filters.
C. The archived files and messages.
D. The file name patterns in the DLP filters.

Answer: A

NEW QUESTION 23
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

A. hourly
B. real tune
C. on-demand
D. store-and-upload

Answer: BD

NEW QUESTION 24
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

A. Firewall service
B. User or user group
C. IP Pool
D. FQDN address

Answer: BD

NEW QUESTION 25
Which of the following services can be inspected by the DLP profile? (Choose three.)

A. NFS
B. FTP
C. IMAP
D. CIFS
E. HTTP-POST

Answer: BCE

NEW QUESTION 26
……


Learning the PassLeader NSE4_FGT-6.2 dumps with VCE and PDF for 100% passing Fortinet certificationhttps://www.passleader.com/nse4-fgt-6-2.html (130 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE4_FGT-6.2 dumps for freehttps://drive.google.com/open?id=15PKUGl9gF7D0YjG0tgzGpxFfFVTro5_r