Fortinet NSE4_FGT-6.0 Free Practice Questions

NEW QUESTION 1
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

• A. hourly
• B. real tune
• C. on-demand
• D. store-and-upload

Answer: BD

NEW QUESTION 2
An administrator needs to strengthen the security for SSL VPN access. Which of the following statements are best practices to do so? (Choose three.)

• A. Configure split tunneling for content inspection.
• B. Configure host restrictions by IP or MAC address.
• C. Configure two-factor authentication using security certificates.
• D. Configure SSL offloading to a content processor (FortiASIC).
• E. Configure a client integrity check (host-check).

Answer: CDE

NEW QUESTION 3
Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

• A. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.
• B. If the VPN is configured as route-based, there must be at least one firewall policy with the action set toIPSec.
• C. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Addressor Dynamic DNS in the other peer.
• D. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

Answer: BC

NEW QUESTION 4
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

• A. The NetSessionEnum function is used to track user logoffs.
• B. WMI polling can increase bandwidth usage in large networks.
• C. The collector agent uses a Windows API to query DCs for user logins.
• D. The collector agent do not need to search any security event logs.

Answer: BC

NEW QUESTION 5
View the exhibit.


What does this raw log indicate? (Choose two.)

• A. FortiGate blocked the traffic.
• B. type indicates that a security event was recorded.
• C. 10.0.1.20 is the IP address for lavito.tk.
• D. policyid indicates that traffic went through the IPS firewall policy.

Answer: BD

NEW QUESTION 6
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

• A. Log downloads from the GUI are limited to the current log filter view
• B. Log backups from the CLI cannot be restored to another FortiGate.
• C. Log backups from the CLI can be configured to upload to FTP at a scheduled time
• D. Log downloads from the GUI are stored as LZ4 compressed files.

Answer: BC

NEW QUESTION 7
During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

• A. Authentication.
• B. Data integrity.
• C. Non-repudiation.
• D. Signature verification.

Answer: D

NEW QUESTION 8
Which statement is true regarding the policy ID number of a firewall policy?

• A. Defines the order in which rules are processed.
• B. Represents the number of objects used in the firewall policy.
• C. Required to modify a firewall policy using the CLI.
• D. Changes when firewall policies are reordered.

Answer: C

NEW QUESTION 9
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

• A. To delete intermediary NAT devices in the tunnel path.
• B. To dynamically change phase 1 negotiation mode aggressive mode.
• C. To encapsulation ESP packets in UDP packets using port 4500.
• D. To force a new DH exchange with each phase 2 rekey.

Answer: AC

NEW QUESTION 10
An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?

• A. FortiGate needs to be switched to NGFW mode.
• B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.
• C. Proxy options are no longer available starting in FortiOS 5.6.
• D. FortiGate is in flow-based inspection mode.

Answer: D

NEW QUESTION 11
An administrator has configured central DNAT and virtual IPs. Which of the following can be selected in the firewall policy Destination field?

• A. A VIP group
• B. The mapped IP address object of the VIP object
• C. A VIP object
• D. An IP pool

Answer: C

NEW QUESTION 12
Which is a requirement for creating an inter-VDOM link between two VDOMs?

• A. The inspection mode of at least one VDOM must be proxy-based.
• B. At least one of the VDOMs must operate in NAT mode.
• C. The inspection mode of both VDOMs must match.
• D. Both VDOMs must operate in NAT mode.

Answer: A

NEW QUESTION 13
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?

• A. It must be configured in a static route using the sdwan virtual interface.
• B. It must be provided in the SD-WAN member interface configuration.
• C. It must be configured in a policy-route using the sdwan virtual interface.
• D. It must be learned automatically through a dynamic routing protocol.

Answer: A

NEW QUESTION 14
Which of the following SD-WAN load –balancing method use interface weight value to distribute traffic? (Choose two.)

• A. Source IP
• B. Spillover
• C. Volume
• D. Session

Answer: CD

NEW QUESTION 15
Examine the routing database shown in the exhibit, and then answer the following question:

Which of the following statements are correct? (Choose two.)

• A. The port3 default route has the highest distance.
• B. The port3 default route has the lowest metric.
• C. There will be eight routes active in the routing table.
• D. The port1 and port2 default routes are active in the routing table.

Answer: AD

NEW QUESTION 16
If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?

• A. The Services field removes the requirement of creating multiple VIPs for different services.
• B. The Services field is used when several VIPs need to be bundled into VIP groups.
• C. The Services field does not allow source NAT and destination NAT to be combined in the same policy.
• D. The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a single computer.

Answer: A

NEW QUESTION 17
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

• A. Firewall service
• B. User or user group
• C. IP Pool
• D. FQDN address

Answer: BC

NEW QUESTION 18
Which of the following static routes are not maintained in the routing table? (Choose two.)

• A. Named Address routes
• B. Dynamic routes
• C. ISDB routes
• D. Policy routes

Answer: BD

NEW QUESTION 19
An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

• A. Both interfaces must belong to the same forward domain.
• B. The role of the VLAN10 interface must be set to server.
• C. Both interfaces must have the same VLAN ID.
• D. Both interfaces must be in different VDOMs.

Answer: A

NEW QUESTION 20
Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.)

• A. Priority
• B. Metric
• C. Distance
• D. Cost

Answer: AC

NEW QUESTION 21
......