NSE4_FGT-6.2 Online Practice Questions and Answers

A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.

What is required in the SSL VPN configuration to meet these requirements?

A. Different SSL VPN realms for each group.

B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.

C. Two firewall policies with different captive portals.

D. Different virtual SSL VPN IP addresses for each group.

Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

A. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.

B. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPSec.

C. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.

D. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:

An administrator has added the following static route on FGTI.

Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

A. The new route's destination subnet overlaps an existing route.

B. The new route's Distance value should be higher than 10.

C. The Gateway IP address is not in the same subnet as port1.

D. The Priority is 0, which means that this route will remain inactive.

View the exhibit.

Based on the configuration shown in the exhibit, what statements about application control behavior are true? (Choose two.)

A. Access to all unknown applications will be allowed.

B. Access to browser-based Social.Media applications will be blocked.

C. Access to mobile social media applications will be blocked.

D. Access to all applications in Social.Media category will be blocked.

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. How must the administrator configure the local quick mode selector for site B?

A. 192.168.3.0/24

B. 192.168.2.0/24

C. 192.168.1.0/24

D. 192.168.0.0/8

You have tasked to design a new IPsec deployment with the following criteria:

1.

There are two HQ sues that all satellite offices must connect to

2.

The satellite offices do not need to communicate directly with other satellite offices

3.

No dynamic routing will be used

4.

The design should minimize the number of tunnels being configured.

Which topology should be used to satisfy all of the requirements?

A. Partial mesh

B. Hub-and-spoke

C. Fully meshed

D. Redundant

On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

A. hourly

B. real time

C. on-demand

D. store-and-upload

Which statement about DLP on FortiGate is true?

A. It can archive files and messages.

B. It can be applied to a firewall policy in a flow-based VDOM

C. Traffic shaping can be applied to DLP sensors.

D. Files can be sent to FortiSandbox for detecting DLP threats.

Which is a requirement for creating an inter-VDOM link between two VDOMs?

A. The inspection mode of at least one VDOM must be proxy-based.

B. At least one of the VDOMs must operate in NAT mode.

C. The inspection mode of both VDOMs must match.

D. Both VDOMs must operate in NAT mode.

Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

A. Lookup is done on the first packet from the session originator

B. Lookup is done on the last packet sent from the responder

C. Lookup is done on every packet, regardless of direction

D. Lookup is done on the first reply packet from the responder