CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE4_FGT-6.4 Dumps Questions Answers

Page: 1 / 6
Total 165 questions
Get NSE4_FGT-6.4 Full Access Download NSE4_FGT-6.4 PDF

Fortinet NSE 4 - FortiOS 6.4 Questions and Answers

Question 1

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

Options:

A.

Full Content inspection

B.

Proxy-based inspection

C.

Certificate inspection

D.

Flow-based inspection

Buy Now
Question 2

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

Options:

A.

remote user’s public IP address

B.

The public IP address of the FortiGate device.

C.

The remote user’s virtual IP address.

D.

The internal IP address of the FortiGate device.

Question 3

Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

Options:

A.

Fabric Coverage

B.

Automated Response

C.

Security Posture

D.

Optimization

Question 4

Examine the following web filtering log.

Which statement about the log message is true?

Options:

A.

The action for the category Games is set to block.

B.

The usage quota for the IP address 10.0.1.10 has expired

C.

The name of the applied web filter profile is default.

D.

The web site miniclip.com matches a static URL filter whose action is set to Warning.

Question 5

Refer to the exhibit.

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10 .0.1.254. /24.

The first firewall policy has NAT enabled using IP Pool.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

Options:

A.

10.200.1.1

B.

10.200.3.1

C.

10.200.1.100

D.

10.200.1.10

Question 6

Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?

Options:

A.

Root VDOM

B.

FG-traffic VDOM

C.

Customer VDOM

D.

Global VDOM

Question 7

An administrator must disable RPF check to investigate an issue.

Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Options:

A.

Enable asymmetric routing, so the RPF check will be bypassed.

B.

Disable the RPF check at the FortiGate interface level for the source check.

C.

Disable the RPF check at the FortiGate interface level for the reply check.

D.

Enable asymmetric routing at the interface level.

Question 8

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

Options:

A.

hard-timeout

B.

auth-on-demand

C.

soft-timeout

D.

new-session

E.

Idle-timeout

Question 9

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

Options:

A.

A CRL

B.

A person

C.

A subordinate CA

D.

A root CA

Question 10

Which two statements are correct about SLA targets? (Choose two.)

Options:

A.

You can configure only two SLA targets per one Performance SLA.

B.

SLA targets are optional.

C.

SLA targets are required for SD-WAN rules with a Best Quality strategy.

D.

SLA targets are used only when referenced by an SD-WAN rule.

Question 11

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

Options:

A.

System event logs

B.

Forward traffic logs

C.

Local traffic logs

D.

Security logs

Question 12

A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.

What is the reason for the failed virus detection by FortiGate?

Options:

A.

Application control is not enabled

B.

SSL/SSH Inspection profile is incorrect

C.

Antivirus profile configuration is incorrect

D.

Antivirus definitions are not up to date

Question 13

Refer to the exhibit.

Which contains a network diagram and routing table output.

The Student is unable to access Webserver.

What is the cause of the problem and what is the solution for the problem?

Options:

A.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

B.

The first reply packet for Student failed the RPF check.

This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

C.

The first reply packet for Student failed the RPF check.

This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.

D.

The first packet sent from Student failed the RPF check.

This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.

Question 14

How do you format the FortiGate flash disk?

Options:

A.

Load a debug FortiOS image.

B.

Load the hardware test (HQIP) image.

C.

Execute the CLI command execute formatlogdisk.

D.

Select the format boot device option from the BIOS menu.

Question 15

Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

Options:

A.

The signature setting uses a custom rating threshold.

B.

The signature setting includes a group of other signatures.

C.

Traffic matching the signature will be allowed and logged.

D.

Traffic matching the signature will be silently dropped and logged.

Question 16

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

Options:

A.

The firewall policy performs the full content inspection on the file.

B.

The flow-based inspection is used, which resets the last packet to the user.

C.

The volume of traffic being inspected is too high for this model of FortiGate.

D.

The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

Question 17

Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

Options:

A.

This is known as many-to-one NAT.

B.

Source IP is translated to the outgoing interface IP.

C.

Connections are tracked using source port and source MAC address.

D.

Port address translation is not used.

Question 18

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

Options:

A.

Implement a web filter category override for the specified website

B.

Implement a DNS filter for the specified website.

C.

Implement web filter quotas for the specified website

D.

Implement web filter authentication for the specified website.

Question 19

An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Options:

A.

The strict RPF check is run on the first sent and reply packet of any new session.

B.

Strict RPF checks the best route back to the source using the incoming interface.

C.

Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.

D.

Strict RPF allows packets back to sources with all active routes.

Question 20

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides

(client and server) have terminated the session?

Options:

A.

To remove the NAT operation.

B.

To generate logs

C.

To finish any inspection operations.

D.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Question 21

Which statement regarding the firewall policy authentication timeout is true?

Options:

A.

It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP.

B.

It is a hard timeout. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired.

C.

It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC.

D.

It is a hard timeout. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired.

Question 22

An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Options:

A.

A phase 2 configuration is not required.

B.

This VPN cannot be used as part of a hub-and-spoke topology.

C.

A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

D.

The IPsec firewall policies must be placed at the top of the list.

Question 23

Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

Options:

A.

The SSL inspection needs to be a deep content inspection.

B.

Force access to Facebook using the HTTP service.

C.

Additional application signatures are required to add to the security policy.

D.

Add Facebook in the URL category in the security policy.

Question 24

An administrator needs to increase network bandwidth and provide redundancy.

What interface type must the administrator select to bind multiple FortiGate interfaces?

Options:

A.

VLAN interface

B.

Software Switch interface

C.

Aggregate interface

D.

Redundant interface

Exam Detail
Vendor: Fortinet
Certification: Fortinet Other Certification
Exam Code: NSE4_FGT-6.4
Exam Name: Fortinet NSE 4 - FortiOS 6.4
Last Update: Dec 22, 2024
NSE4_FGT-6.4 Question Answers
Page: 1 / 6
Total 165 questions
Get NSE4_FGT-6.4 Full Access Download NSE4_FGT-6.4 PDF