Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

NSE4_FGT-62 by Fortinet - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A It limits the scope of application control to scan traffic based on the browser-based technology category only.
B It limits the scope of application control to scan application traffic based on application category only.
C It limits the scope of application control to scan application traffic using parent signatures only
D It limits the scope of application control to scan application traffic on DNS protocol only.

Question 4

Refer to the exhibit.

Question Image

The exhibit shows FortiGate configuration and the output of the debug command.
Based on the diagnostic output, how is the FortiGate handling the traffic for new sessions that require proxy based inspection?

A It is allowed, but with no inspection.
B It is allowed and inspected, as long as the only inspection required is antivirus.
C It is dropped.
D It is allowed and inspected, as long as the inspection is flow based.

Question 5

Refer to the exhibits.

Question Image

The exhibits contain a network diagram and virtual IP and firewall policy configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/32?

A Any available IP address in the WAN (port1) subnet 10.200.1.0/24
B 10.200.1.10
C 10.200.1.1
D 10.0.1.254

Question 6

During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

A Signature verification
B Authentication
C Data integrity
D Non-deniability

Question 7

Refer to the exhibits.

Question Image

The exhibits show the IPS sensor and DoS policy configuration.
When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

A ip_src_session
B IMAP.Login.Brute.Force
C Location: server Protocol:SMTP
D SMTP.Login.Brute.Force

Question 8

Examine the FortiGate configuration:

Question Image

What will happen to unauthenticated users when an active authentication policy is followed by a fall through policy without authentication?

A The user must log in again to authenticate.
B The user will be denied access to resources without authentication.
C The user will not be prompted for authentication.
D User authentication happens at an interface level.

Question 9

NGFW mode allows policy-based configuration for most inspection rules.
Which security profile configuration does not change when you enable policy-based inspection?

A Application control
B Web filtering
C Web proxy
D Antivirus

Question 10

How do you format the FortiGate flash disk?

A Execute the CLI command execute formatlogdisk.
B Select the format boot device option from the BIOS menu.
C Load the hardware test (HQIP) image.
D Load a debug FortiOS image.

Question 11

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A Subject Key Identifier value
B SMMIE Capabilities value
C Subject value
D Subject Alternative Name value

Question 12

Refer to the exhibit.

Question Image

Based on the firewall configuration shown in the exhibit, which two statements about application control behavior are true? (Choose two.)

A Access to browser-based Social.Media applications will be blocked.
B Access to mobile social media applications will be blocked.
C Access to all applications in the Social.Media category will be blocked.
D Access to all unknown applications will be allowed.

Question 13

Which two statements correctly describe how FortiGate performs route lookup, when searching for a suitable gateway? (Choose two.)

A Lookup is done on the first packet from the session originator
B Lookup is done on the last packet sent from the responder
C Lookup is done on every packet, regardless of direction
D Lookup is done on the first reply packet from the responder

Question 14

Which two statements about central NAT are true? (Choose two.)

A SNAT using central NAT does not require a central SNAT policy.
B Central NAT can be enabled or disabled from the CLI only.
C IP pool references must be removed from existing firewall policies, before enabling central NAT.
D DNAT using central NAT requires a VIP object as the destination address in a firewall policy.

Question 15

Which two statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

A WMI polling can increase bandwidth usage in large networks.
B The NetSessionEnum function is used to track user logoffs.
C The collector agent does not need to search any security event logs.
D The collector agent uses a Windows API to query DCs for user logins.

Question 16

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

A FortiManager
B Root FortiGate
C FortiAnalyzer
D Downstream FortiGate

Question 17

Refer to the exhibit.

Question Image

Given the output of the # diagnose sys ha checksum cluster command shown in the exhibit, which two statements are correct? (Choose two.)

A The all VDOM is not synchronized between the primary and secondary FortiGate devices.
B The global configuration is synchronized between the primary and secondary FortiGate devices.
C The root VDOM is not synchronized between the primary and secondary FortiGate devices.
D The FortiGate devices have three VDOMs.

Question 18

The FSSO collector agent set to advanced access mode for the Windows Active Directory uses which convention?

A LDAP
B Windows
C RSSO
D NTLM

Question 19

Which two conditions are required for establishing an IPsec VPN between two FortiGate devices? (Choose two.)

A If the VPN is configured as policy-based in one peer, it must also be configured as policy-based in the other peer.
B If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.
C If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.
D If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPsec.

Question 20

An administrator has configured central DNAT and virtual IPs.
Which object can be selected in the firewall policy Destination field?

A The mapped IP address object of the VIP object
B A VIP group object
C A VIP object
D An IP pool object

Question 21

An administrator wants to throttle the total volume of SMTP sessions to their email server.
Which DoS sensor can the administrator use to achieve this?

A ip_src_session
B ip_dst_session
C udp_flood
D tcp_port_scan

Question 22

What is required to create an inter-VDOM link between two VDOMs?

A At least one of the VDOMs must operate in NAT mode.
B Both VDOMs must operate in NAT mode.
C The inspection mode of at least one VDOM must be NGFW policy-based.
D The inspection mode of both VDOMs must match.

Question 23

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

A The remote user's virtual IP address
B The public IP address of the FortiGate device
C The remote user's public IP address
D The internal IP address of the FortiGate device

Question 24

When override is enabled, which option shows the process and selection criteria that is used to elect the primary FortiGate in an HA cluster?

A Connected monitored ports > HA uptime > priority > serial number
B HA uptime > priority > Connected monitored ports > serial number
C Priority > Connected monitored ports > HA uptime > serial number
D Connected monitored ports > priority > HA uptime > serial number

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 5 • Questions 1-25 of 116

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which two static routes are not maintained in the routing table? (Choose two.)

A Dynamic routes
B Policy routes
C Named Address routes
D ISDB routes

Which two actions are valid for a FortiGuard category-based filter, in a web filter profile, for a firewall policy in proxy-based inspection mode? (Choose two.)

A Learn
B Exempt
C Allow
D Warning

NSE4_FGT-62Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

That's the end of the Preview