• Home
  • Articles
  • [Dec 07, 2021] Pass Fortinet NSE 4 NSE4_FGT-6.4 Exam With 165 Questions [Q19-Q43]

[Dec 07, 2021] Pass Fortinet NSE 4 NSE4_FGT-6.4 Exam With 165 Questions [Q19-Q43]

Share

[Dec 07, 2021] Pass Fortinet NSE 4 NSE4_FGT-6.4 Exam With  165 Questions

Ultimate Guide to Prepare Free Fortinet NSE4_FGT-6.4 Exam Questions & Answer


Understanding functional and technical aspects of Network Security Professional (Fortinet NSE4_FGT-6.4) Professional Exam

The following will be dicussed in FORTINET NSE4_FGT-6.4 dumps:

  • Artificial Intelligence (AI)
  • Privacy Ethics
  • Global Privacy Practices
  • Web Filtering
  • Privacy Law
  • Privacy Practices
  • Mental Privacy
  • Firewall Authentication
  • Internet of Things
  • Firewall Policies
  • Intrusion Prevention and Denial of Service
  • Antivirus
  • Social Media Privacy

 

NEW QUESTION 19
Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

  • A. It authenticates the traffic using the authentication scheme SCHEME2.
  • B. It always authorizes the traffic without requiring authentication.
  • C. It authenticates the traffic using the authentication scheme SCHEME1.
  • D. It drops the traffic.

Answer: C

Explanation:
Explanation
"What happens to traffic that requires authorization, but does not match any authentication rule? The active and passive SSO schemes to use for those cases is defined under config authentication setting"

 

NEW QUESTION 20
Examine the network diagram shown in the exhibit, then answer the following question:

Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

  • A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]
  • B. 0.0.0.0/0 [20/0] via 10.4.200.2, port2
  • C. 172.16.32.0/24 is directly connected, port1
  • D. 10.4.200.0/30 is directly connected, port2

Answer: C

 

NEW QUESTION 21
Which three methods are used by the collector agent for AD polling? (Choose three.)

  • A. WinSecLog
  • B. Novell API
  • C. FortiGate polling
  • D. WMI
  • E. NetAPI

Answer: A,D,E

 

NEW QUESTION 22
Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

  • A. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
  • B. FortiGate SN FGVM010000064692 has the higher HA priority.
  • C. FortiGate devices are not in sync because one device is down.
  • D. FortiGate SN FGVM010000065036 HA uptime has been reset.

Answer: A,D

 

NEW QUESTION 23
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

  • A. FortiSandbox
  • B. FortiAnalyzer
  • C. FortiSIEM
  • D. FortiCloud
  • E. FortiCache

Answer: A,B,C

 

NEW QUESTION 24
Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings.
In this scenario, which statement is true?

  • A. Apple FaceTime belongs to the custom monitored filter.
  • B. The category of Apple FaceTime is being monitored.
  • C. Apple FaceTime belongs to the custom blocked filter.
  • D. The category of Apple FaceTime is being blocked.

Answer: A

 

NEW QUESTION 25
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection?
(Choose two.)

  • A. The CA extension must be set to TRUE.
  • B. The keyUsage extension must be set to keyCertSign.
  • C. The common name on the subject field must use a wildcard name.
  • D. The issuer must be a public CA.

Answer: A,B

 

NEW QUESTION 26
Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

  • A. On HQ-FortiGate, enable Auto-negotiate.
  • B. On Remote-FortiGate, set Seconds to 43200.
  • C. On HQ-FortiGate, enable Diffie-Hellman Group 2.
  • D. On HQ-FortiGate, set Encryption to AES256.

Answer: C

 

NEW QUESTION 27
Refer to the exhibit.

Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

  • A. The session is in FTN_WAIT state.
  • B. The session is in FIN_ACK state.
  • C. The session is in SYN_SEXT state.
  • D. The session is in ESTABLISHED state.

Answer: D

 

NEW QUESTION 28
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

  • A. Security Posture
  • B. Fabric Coverage
  • C. Automated Response
  • D. Optimization

Answer: A

 

NEW QUESTION 29
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

  • A. Web application firewall
  • B. Denial of Service
  • C. Application control
  • D. Antivirus

Answer: A

 

NEW QUESTION 30
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

  • A. Policy lookup will be disabled.
  • B. By Sequence view will be disabled.
  • C. Interface Pair view will be disabled.
  • D. Search option will be disabled

Answer: A

 

NEW QUESTION 31
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

  • A. SMTP.Login.Brute.Force
  • B. ip_src_session
  • C. IMAP.Login.brute.Force
  • D. Location: server Protocol: SMTP

Answer: C

 

NEW QUESTION 32
Which statement about the policy ID number of a firewall policy is true?
D18912E1457D5D1DDCBD40AB3BF70D5D

  • A. It represents the number of objects used in the firewall policy.
  • B. It is required to modify a firewall policy using the CLI.
  • C. It defines the order in which rules are processed.
  • D. It changes when firewall policies are reordered.

Answer: B

 

NEW QUESTION 33
Refer to the exhibit.



The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

  • A. Disable match-vip in the Deny policy.
  • B. Enable match vip in the Deny policy.
  • C. Set the Destination address as Web_server in the Deny policy.
  • D. Set the Destination address as Deny_IP in the Allow-access policy.

Answer: A,D

 

NEW QUESTION 34
Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

  • A. Destination defined as Internet Services in the firewall policy.
  • B. Lowest to highest policy ID number.
  • C. Highest to lowest priority defined in the firewall policy.
  • D. Services defined in the firewall policy.
  • E. Source defined as Internet Services in the firewall policy.

Answer: A,D,E

 

NEW QUESTION 35
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

  • A. NGFW mode
  • B. FortiGuaid update servers
  • C. Operating mode
  • D. System time

Answer: A,C

 

NEW QUESTION 36
View the exhibit.

Which of the following statements are correct? (Choose two.)

  • A. Dead peer detection must be disabled to support this type of IPsec setup.
  • B. This is a redundant IPsec setup.
  • C. This setup requires at least two firewall policies with the action set to IPsec.
  • D. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

Answer: B,D

 

NEW QUESTION 37
Refer to the exhibits.


The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

  • A. Change the Server IP address.
  • B. Change the idle-timeout.
  • C. Change the SSL VPN portal to the tunnel.
  • D. Change the SSL VPN port on the client.

Answer: C

 

NEW QUESTION 38
Refer to the exhibit.

Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

  • A. The session is in FTN_WAIT state.
  • B. The session is in FIN_ACK state.
  • C. The session is in SYN_SEXT state.
  • D. The session is in ESTABLISHED state.

Answer: D

 

NEW QUESTION 39
Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

  • A. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
  • B. Any web request fortinet.com is allowed to bypass the proxy.
  • C. Browsers can be configured to retrieve this PAC file from the FortiGate.
  • D. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

Answer: B,C

 

NEW QUESTION 40
View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

  • A. Addcting.Games is allowed based on the Categories configuration.
  • B. Addicting.Games is allowed based on the Application Overrides configuration.
  • C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
  • D. Addicting.Games is blocked on the Filter Overrides configuration.

Answer: B

 

NEW QUESTION 41
An administrator has configured the following settings:

What are the two results of this configuration? (Choose two.)

  • A. The number of logs generated by denied traffic is reduced.
  • B. Device detection on all interfaces is enforced for 30 minutes.
  • C. Denied users are blocked for 30 minutes.
  • D. A session for denied traffic is created.

Answer: A,D

 

NEW QUESTION 42
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration?
(Choose three.)

  • A. The IP version of the sources and destinations in a policy must match.
  • B. The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
  • C. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
  • D. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
  • E. The IP version of the sources and destinations in a firewall policy must be different.

Answer: C,D,E

 

NEW QUESTION 43
......

Pass NSE4_FGT-6.4 Tests Engine pdf - All Free Dumps: https://www.testkingfree.com/Fortinet/NSE4_FGT-6.4-practice-exam-dumps.html

Related Articles

more
Fortinet NSE4_FGT-6.4 Certification Practice Exam