Fortinet NSE4_FGT-6.4 Free Practice Questions

NEW QUESTION 1
View the exhibit:

Which the FortiGate handle web proxy traffic rue? (Choose two.)

• A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
• B. port-VLAN1 is the native VLAN for the port1 physical interface.
• C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
• D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

Answer: AC

NEW QUESTION 2
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

• A. Subject Key Identifiervalue
• B. SMMIE Capabilitiesvalue
• C. Subjectvalue
• D. Subject Alternative Namevalue

Answer: C

NEW QUESTION 3
NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?

• A. Web filtering
• B. Antivirus
• C. Web proxy
• D. Application control

Answer: B

NEW QUESTION 4
To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?

• A. FortiManager
• B. Root FortiGate
• C. FortiAnalyzer
• D. Downstream FortiGate

Answer: B

NEW QUESTION 5
Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

• A. Change password
• B. Enable restrict access to trusted hosts
• C. Change Administrator profile
• D. Enable two-factor authentication

Answer: D

NEW QUESTION 6
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

• A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
• B. ADVPN is only supported with IKEv2.
• C. Tunnels are negotiated dynamically between spokes.
• D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: AC

NEW QUESTION 7
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

• A. System event logs
• B. Forward traffic logs
• C. Local traffic logs
• D. Security logs

Answer: A

NEW QUESTION 8
Refer to the exhibits.


Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)

• A. Administrators can access FortiGate only through the console port.
• B. FortiGate has entered conserve mode.
• C. FortiGate will start sending all files to FortiSandbox for inspection.
• D. Administrators cannot change the configuration.

Answer: CD

NEW QUESTION 9
Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

• A. port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs
• B. port1 is a native VLAN.
• C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
• D. Traffic between port2 and port2-vlan1 is allowed by default.

Answer: CD

NEW QUESTION 10
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

• A. Log downloads from the GUI are limited to the current filter view
• B. Log backups from the CLI cannot be restored to another FortiGate.
• C. Log backups from the CLI can be configured to upload to FTP as a scheduled time
• D. Log downloads from the GUI are stored as LZ4 compressed files.

Answer: AB

NEW QUESTION 11
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

• A. FortiCache
• B. FortiSIEM
• C. FortiAnalyzer
• D. FortiSandbox
• E. FortiCloud

Answer: BCD

NEW QUESTION 12
Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

• A. FortiGate will load balance all traffic across both routes.
• B. FortiGate will use the port1 route as the primary candidate.
• C. FortiGate will route twice as much traffic to the port2 route
• D. FortiGate will only actuate the port1 route in the routing table

Answer: B

Explanation:
“If multiple static routes have the same distance, they are all active; however, only the one with the lowest priority is considered the best path.”

NEW QUESTION 13
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

• A. The collector agent uses a Windows API to query DCs for user logins.
• B. NetAPI polling can increase bandwidth usage in large networks.
• C. The collector agent must search security event logs.
• D. The NetSessionEnum functionis user] to track user logouts.

Answer: A

NEW QUESTION 14
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

• A. FortiGate points the collector agent to use a remote LDAP server.
• B. FortiGate uses the AD server as the collector agent.
• C. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
• D. FortiGate queries AD by using the LDAP to retrieve user group information.

Answer: CD

NEW QUESTION 15
Which statement about the policy ID number of a firewall policy is true? D18912E1457D5D1DDCBD40AB3BF70D5D

• A. It is required to modify a firewall policy using the CLI.
• B. It represents the number of objects used in the firewall policy.
• C. It changes when firewall policies are reordered.
• D. It defines the order in which rules are processed.

Answer: A

NEW QUESTION 16
View the exhibit.

Which of the following statements are correct? (Choose two.)

• A. This setup requires at least two firewall policies with the action set to IPsec.
• B. Dead peer detection must be disabled to support this type of IPsec setup.
• C. The TunnelB route is the primary route for reaching the remote sit
• D. The TunnelA route is used only if the TunnelB VPN is down.
• E. This is a redundant IPsec setup.

Answer: CD

NEW QUESTION 17
An administrator Is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A. the local quick mode selector is 192.160.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

• A. 192.168.1.0/24
• B. 192.168.0.0/24
• C. 192.168.2.0/24
• D. 192.168.3.0/24

Answer: B

NEW QUESTION 18
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

• A. Add the support of NTLM authentication.
• B. Add useraccounts to Active Directory (AD).
• C. Add user accounts to the FortiGate group fitter.
• D. Add user accounts to the Ignore User List.

Answer: C

NEW QUESTION 19
......