NSE4_FGT-6.2 Fortinet NSE 4 - FortiOS 6.2 Questions and Answers

The firmware image must be manually uploaded to each FortiGate.

Only secondary FortiGate devices are rebooted.

Uninterruptable upgrade is enabled by default.

Traffic load balancing is temporally disabled while upgrading the firmware.

It always authorizes the traffic without requiring authentication.

It drops the traffic.

It authenticates the traffic using the authentication scheme SCHEME2.

It authenticates the traffic using the authentication scheme SCHEME1.

The action for the category Games is set to block.

The usage quota for the IP address 10.0.1.10 has expired

The name of the applied web filter profile is default.

The web site miniclip.com matches a static URL filter whose action is set to Warning.

Implement a web filter category override for the specified website.

Implement web filter authentication for the specified website

Implement web filter quotas for the specified website.

Implement DNS filter for the specified website.

The sensor will gather a packet log for all matched traffic.

The sensor will not block attackers matching the A32S.Botnet signature.

The sensor will block all attacks for Windows servers.

The sensor will reset all connections that match these signatures.

FortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server.

FortiGate sends the user-entered credentials to the LDAP server for authentication.

FortiGate queries the LDAP server for credentials.

FortiGate queries its own database for credentials.

The new route’s destination subnet overlaps an existing route.

The new route’s Distance value should be higher than 10.

The Gateway IP address is not in the same subnet as port1.

The Priority is 0, which means that this route will remain inactive.

The port3 default route has the highest distance.

The port3 default route has the lowest metric.

There will be eight routes active in the routing table.

The port1 and port2 default routes are active in the routing table.

Implement firewall authentication for all users that need access to fortinet.com.

Manually install the FortiGate deep inspection certificate as a trusted CA.

Configure fortinet.com access to bypass the IPS engine.

Configure an SSL-inspection exemption for fortinet.com.

They can inspect HTTP traffic.

They can redirect blocked requests to a specific portal.

They can block DNS requests to known botnet command and control servers.

They must be applied in firewall policies with SSL inspection enabled.

Include the group of guest users in a policy.

Extend timeout timers.

Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.

Ensure all firewalls allow the FSSO required ports.

A VIP group

The mapped IP address object of the VIP object

A VIP object

An IP pool

If the DHCP method fails, browsers will try the DNS method.

The browser needs to be preconfigured with the DHCP server’s IP address.

The browser sends a DHCPONFORM request to the DHCP server.

The DHCP server provides the PAC file for download.

A unique value used to verify the input data

An output value that is used to identify the person or deduce that authored the input data.

An obfuscation used to mask the input data.

An encrypted output value used to safe-guard the input data

The VPN is configured to use pre-shared key authentication.

Extended authentication (XAuth) was successful.

Remote is the host name of the remote IPsec peer.

Phase 1 went down.

To remove the NAT operation.

To generate logs

To finish any inspection operations.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Traffic to botnetservers

Traffic to inappropriate web sites

Server information disclosure attacks

Credit card data leaks

SQL injection attacks

FG-traffic VDOM

Root VDOM

Customer VDOM

Global VDOM