NSE4 NSE4_FGT-6.4 Updated Exam

Fortinet NSE 4 - FortiOS 6.4 Questions and Answers

Question 17

Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

Options:

This is known as many-to-one NAT.

Source IP is translated to the outgoing interface IP.

Connections are tracked using source port and source MAC address.

Port address translation is not used.

Question 18

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

Options:

Implement a web filter category override for the specified website

Implement a DNS filter for the specified website.

Implement web filter quotas for the specified website

Implement web filter authentication for the specified website.

Question 19

An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

Options:

The strict RPF check is run on the first sent and reply packet of any new session.

Strict RPF checks the best route back to the source using the incoming interface.

Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.

Strict RPF allows packets back to sources with all active routes.

Question 20

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides

(client and server) have terminated the session?

Options:

To remove the NAT operation.

To generate logs

To finish any inspection operations.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Fortinet NSE 4 - FortiOS 6.4 Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce