NSE4_FGT-6.2 Online Practice Questions and Answers

A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.

What is required in the SSL VPN configuration to meet these requirements?

A. Different SSL VPN realms for each group.

B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.

C. Two firewall policies with different captive portals.

D. Different virtual SSL VPN IP addresses for each group.

Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

A. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.

B. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPSec.

C. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.

D. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

A. A phase 2 configuration is not required.

B. This VPN cannot be used as part of a hub-and-spoke topology.

C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

D. The IPsec firewall policies must be placed at the top of the list.

An administrator is running the following sniffer command:

diagnose sniffer packet any "host 10.0.2.10" 3

What information will be included in the sniffer output? (Choose three.)

A. IP header

B. Ethernet header

C. Packet payload

D. Application header

E. Interface name

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

A. Log downloads from the GUI are limited to the current filter view

B. Log backups from the CLI cannot be restored to another FortiGate.

C. Log backups from the CLI can be configured to upload to FTP as a scheduled time

D. Log downloads from the GUI are stored as LZ4 compressed files.

You have tasked to design a new IPsec deployment with the following criteria:

1.

There are two HQ sues that all satellite offices must connect to

2.

The satellite offices do not need to communicate directly with other satellite offices

3.

No dynamic routing will be used

4.

The design should minimize the number of tunnels being configured.

Which topology should be used to satisfy all of the requirements?

A. Partial mesh

B. Hub-and-spoke

C. Fully meshed

D. Redundant

Which statement regarding the firewall policy authentication timeout is true?

A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

A. SMTP.Login.Brute.Force

B. IMAP.Login.brute.Force

C. ip_src_session

D. Location: server Protocol: SMTP

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

A. Addicting.Games is allowed based on the Application Overrides configuration.

B. Addicting.Games is blocked on the Filter Overrides configuration.

C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Learn.

D. Addcting.Games is allowed based on the Categories configuration.

Which two statements about antivirus scanning mode are true? (Choose two.)

A. In proxy-based inspection mode, antivirus buffers the whole file for scanning, before sending it to the client.

B. In full scan flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

C. In proxy-based inspection mode, files bigger than the buffer size are scanned.

D. In quick scan mode, you can configure antivirus profiles to use any of the available antivirus signature databases.