Free NSE4_FGT-6.2 Exam Braindumps

You are configuring the root FortiGate to implement the security fabric. You are configuring port10 to communicate with a downstream FortiGate. View the default Edit Interface in the exhibit below:

When configuring the root FortiGate to communicate with a downstream FortiGate, which settings are required to be configured? (Choose two.)

  1. Device detection enabled.
  2. Administrative Access: FortiTelemetry.
  3. IP/Network Mask.
  4. Role: Security Fabric.

Answer(s): B,C



Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

  1. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.
  2. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPSec.
  3. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.
  4. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

Answer(s): B,C



How does FortiGate select the central SNAT policy that is applied to a TCP session?

  1. It selects the SNAT policy specified in the configuration of the outgoing interface.
  2. It selects the first matching central SNAT policy, reviewing from top to bottom.
  3. It selects the central SNAT policy with the lowest priority.
  4. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Answer(s): B



Which one of the following processes is involved in updating IPS from FortiGuard?

  1. FortiGate IPS update requests are sent using UDP port 443.
  2. Protocol decoder update requests are sent to service.fortiguard.net.
  3. IPS signature update requests are sent to update.fortiguard.net.
  4. IPS engine updates can only be obtained using push updates.

Answer(s): C



Which statements correctly describe transparent mode operation? (Choose three.)

  1. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
  2. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
  3. The transparent FortiGate is visible to network hosts in an IP traceroute.
  4. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  5. FortiGate acts as transparent bridge and forwards traffic at Layer 2.

Answer(s): B,D,E