NSE4_FGT-6.2 Online Practice Questions and Answers

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A. The public key of the web server certificate must be installed on the browser.

B. The web-server certificate must be installed on the browser.

C. The CA certificate that signed the web-server certificate must be installed on the browser.

D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

Which statements about DNS filter profiles are true? (Choose two.)

A. They can inspect HTTP traffic.

B. They can redirect blocked requests to a specific portal.

C. They can block DNS requests to known botnet command and control servers.

D. They must be applied in firewall policies with SSL inspection enabled.

An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?

A. Phase 1 negotiations will skip preshared key exchange.

B. Only digital certificates will be accepted as an authentication method in phase 1.C

C. Dialup clients must provide a username and password for authentication.

D. Dialup clients must provide their local ID during phase 2 negotiations.

Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

A. Include the group of guest users in a policy.

B. Extend timeout timers.

C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.

D. Ensure all firewalls allow the FSSO required ports.

A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?

A. It can create administrator accounts with access to the same VDOM.

B. It cannot have access to more than one VDOM.

C. It can reset the password for the admin account.

D. It can upgrade the firmware on the FortiGate device.

What information is flushed when the chunk-size value is changed in the config dlp settings?

A. The database for DLP document fingerprinting

B. The supported file types in the DLP filters

C. The archived files and messages

D. The file name patterns in the DLP filters

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A. Browsers can be configured to retrieve this PAC file from the FortiGate.

B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

C. All requests not sent to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D. Any web request fortinet.com is allowed to bypass the proxy.

Examine the following web filtering log.

Which statement about the log message is true?

A. The action for the category Games is set to block.

B. The usage quota for the IP address 10.0.1.10 has expired

C. The name of the applied web filter profile is default.

D. The web site miniclip.com matches a static URL filter whose action is set to Warning.

Which of the following are valid actions for FortiGuard category based filter in a web filter profile in proxy-based inspection mode? (Choose two.)

A. Warning

B. Exempt

C. Allow

D. Learn

Which statement about the IP authentication header (AH) used by IPsec is true?

A. AH does not provide any data integrity or encryption.

B. AH does not support perfect forward secrecy.

C. AH provides data integrity bur no encryption.

D. AH provides strong data integrity but weak encryption.