|Exam Name||:||Fortinet NSE4 - FortiOS 6.2|
|Questions and Answers||:||119 Q & A|
|Updated On||:||Click to Check Update|
|PDF Download Mirror||:||NSE4_FGT-6.2 Brain Dump|
|Get Full Version||:||Pass4sure NSE4_FGT-6.2 Full Version|
Question #111 Section 1
HTTP public key pinning (HPKP) can be an obstacle to implementing full SSL inspection. In which two ways can you resolve this problem? (Choose two.)
Enable Allow Invalid SSL Certificates for the relevant security profile.
Exempt those web sites that use HPKP from full SSL inspection.
Install the CA certificate (that is required to verify the web server certificate) in the certificate stores of users' computers.
Use a web browser that does not support HPKP.
Question #112 Section 1
A company needs to provide SSL VPN access to two user groups. The company also needs to display a different welcome message for each group, on the SSL VPN login.
To meet these requirements, what is required in the SSL VPN configuration?
Different virtual SSL VPN IP addresses for each group
Two separate SSL VPNs in different interfaces mapping the same ssl.root
Two firewall policies with different captive portals
Different SSL VPN realms for each group
Question #113 Section 1
Which two route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.)
Question #114 Section 1
Which two statements are true when using WPAD with the DHCP discovery method? (Choose two.)
If the DHCP method fails, browsers will try the DNS method.
The browser sends a DHCPINFORM request to the DHCP server.
The DHCP server provides the PAC file for download.
The browser needs to be preconfigured with the DHCP server IP address.
Question #115 Section 1 Refer to the exhibit.
Based on the firewall configuration shown in the exhibit, which two statements about application control behavior are true? (Choose two.)
Access to browser-based Social.Media applications will be blocked.
Access to mobile social media applications will be blocked.
Access to all applications in the Social.Media category will be blocked.
Access to all unknown applications will be allowed.
Question #116 Section 1
Which two statements about SSL VPN timers are true? (Choose two.)
SSL VPN settings do not have customizable timers.
SSL VPN timers prevent SSL VPN users from being logged out because of high network latency.
SSL VPN timers disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
SSL VPN timers allow to mitigate DoS attacks from partial HTTP requests.
Question #117 Section 1 Refer to the exhibit.
The exhibit contains a session diagnostic output.
Which statement about the session diagnostic output is true?
The session is in CLOSE_WAIT state.
The session is in TIME_WAIT state.
The session is in LISTEN state.
The session is in ESTABLISHED state.
Question #118 Section 1 Refer to the exhibit.
The exhibit shows a raw log and firewall policies.
What information does this raw log provide? (Choose two.)
type indicates that a security event was recorded.
FortiGate blocked the traffic.
10.0.1.20 is the IP address for lavito.tk.
policyid indicates that traffic went through the IPS firewall policy.
Question #119 Section 1
Which two statements about virtual domains (VDOMs) are true? (Choose two.)
A FortiGate device has 64 VDOMs, created by default.
The root VDOM is the management VDOM, by default.
Each VDOM maintains its own system time.
Each VDOM maintains its own routing table.