Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-6.2

Fortinet NSE4_FGT-6.2 Exam
Fortinet NSE 4 - FortiOS 6.2 (Page 4 )

Updated On: 7-Feb-2026
Page 4 of 29
PDF with 132 Questions

You have tasked to design a new IPsec deployment with the following criteria:
* All satellite offices must connect to the two HQ sites.
* The satellite offices do not need to communicate directly with other satellite offices.
* Backup VPN is not required.
* The design should minimize the number of tunnels being configured.
Which topology should be used to satisfy all of the requirements?

  1. Partial mesh
  2. Hub-and-spoke
  3. Fully meshed
  4. Redundant

Answer(s): B



What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

  1. Services defined in the firewall policy.
  2. Incoming and outgoing interfaces
  3. Highest to lowest priority defined in the firewall policy.
  4. Lowest to highest policy ID number.

Answer(s): A,B



You are configuring the root FortiGate to implement the security fabric. You are configuring port10 to communicate with a downstream FortiGate. View the default Edit Interface in the exhibit below:



When configuring the root FortiGate to communicate with a downstream FortiGate, which settings are required to be configured? (Choose two.)

  1. Device detection enabled.
  2. Administrative Access: FortiTelemetry.
  3. IP/Network Mask.
  4. Role: Security Fabric.

Answer(s): B,C



Which of the following statements about NTLM authentication are correct? (Choose two.)

  1. It is useful when users log in to DCs that are not monitored by a collector agent.
  2. It takes over as the primary authentication method when configured alongside FSSO.
  3. Multi-domain environments require DC agents on every domain controller.
  4. NTLM-enabled web browsers are required.

Answer(s): A,D


Reference:

https://www.fortinetguru.com/2016/07/configuring-authenticated-access/12/



Examine the network diagram shown in the exhibit, and then answer the following question:



A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24.
Which of the following static routes will satisfy this requirement on FGT1? (Choose two.)

  1. 172.20.2.0/24 (1/0) via 10.10.1.2, port1 [0/0]
  2. 172.20.2.0/24 (25/0) via 10.10.3.2, port3 [5/0]
  3. 172.20.2.0/24 (1/150) via 10.10.1.2, port3 [10/0]
  4. 172.20.2.0/24 (1/150) via 10.30.3.2, port3 [10/0]

Answer(s): C,D






Post your Comments and Discuss Fortinet NSE4_FGT-6.2 exam prep with other Community members:

Join the NSE4_FGT-6.2 Discussion