Fortinet NSE 4 - FortiOS 6.2 NSE4_FGT-6.2 exam is new available for NSE 4 Certification. To prepare for the certification exam, we recommend that you can study PassQuestion NSE 4 Certification NSE4_FGT-6.2 Exam Questions to practice before your real test. PassQuestion will be the first time to provide you with exam information and NSE4_FGT-6.2 questions and answers to let you be fully prepared to ensure 100% pass Fortinet NSE4_FGT-6.2 exam.

NSE 4 Certification Exam Overview

The Network Security Professional designation recognizes your ability to install and manage the day-to-day configuration, monitoring, and operation of a FortiGate device to support specific corporate network security policies.We recommend NSE4_FGT-6.2 exam for network and security professionals who are involved in the day-to-day management, implementation, and administration of a security infrastructure using FortiGate devices

About the NSE 4 Exam

Fortinet NSE 4 - FortiOS 6.2
Exam series: NSE4_FGT-6.2
Number of questions: 70
Time allowed to complete: 120 minutes
Language: English and Japanese
Status: Available

Share Fortinet NSE 4 - FortiOS 6.2 NSE4_FGT-6.2 Free Questions

1.NGFW mode allows policy-based configuration for most inspection rules.
Which security profile’s configuration does not change when you enable policy-based inspection?
A. Web filtering
B. Antivirus
C. Web proxy
D. Application control
Answer: B

2.Which statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.
B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.
C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.
D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.
Answer: AB

3.View the exhibit.

Which of the following statements are correct? (Choose two.)
A. This setup requires at least two firewall policies with the action set to IPsec.
B. Dead peer detection must be disabled to support this type of IPsec setup.
C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
D. This is a redundant IPsec setup.
Answer: CD

4.An administrator needs to strengthen the security for SSL VPN access.
Which of the following statements are best practices to do so? (Choose three.)
A. Configure split tunneling for content inspection.
B. Configure host restrictions by IP or MAC address.
C. Configure two-factor authentication using security certificates.
D. Configure SSL offloading to a content processor (FortiASIC).
E. Configure a client integrity check (host-check).
Answer: BCE

5.Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic.
B. They can redirect blocked requests to a specific portal.
C. They can block DNS requests to known botnet command and control servers.
D. They must be applied in firewall policies with SSL inspection enabled.
Answer: BC

6.Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
A. To remove the NAT operation.
B. To generate logs
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
Answer: D