13 January, 2020

Fortinet NSE 4 – FortiOS 6.0 NSE4_FGT-6.0 Training Materials

It is impossible to pass Fortinet NSE4_FGT-6.0 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Fortinet NSE4_FGT-6.0 practice questions. You will get a surprising result by our Renew Fortinet NSE 4 – FortiOS 6.0 practice guides.

Page: 1 / 10

Total 126 questions Full Exam Access

Question 1

An employee connects to the https://example.com on the Internet using a web browser. The web server’s certificate was signed by a private internal CA. The FortiGate that is inspecting this traffic is configured for full SSL inspection.
This exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the policy that is invoked in this instance. All other settings are set to defaults. No certificates have been imported into FortiGate. View the exhibit and answer the question that follows.
NSE4_FGT-6.0 dumps exhibit

Which certificate is presented to the employee’s web browser?

The web server’s certificate.

The user’s personal certificate signed by a private internal CA.

A certificate signed by Fortinet_CA_SSL.

A certificate signed by Fortinet_CA_Untrusted.

Question 2

Examine this output from a debug flow:
NSE4_FGT-6.0 dumps exhibit

Why did the FortiGate drop the packet?

The next-hop IP address is unreachable.

It failed the RPF check.

It matched an explicitly configured firewall policy with the action DENY.

It matched the default implicit firewall policy.

Question 3

Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

Include the group of guest users in a policy.

Extend timeout timers.

Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.

Ensure all firewalls allow the FSSO required ports.

Question 4

Examine this FortiGate configuration:
NSE4_FGT-6.0 dumps exhibit

Examine the output of the following debug command:
NSE4_FGT-6.0 dumps exhibit

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

It is allowed, but with no inspection

It is allowed and inspected as long as the inspection is flow based

It is dropped.

It is allowed and inspected, as long as the only inspection required is antivirus.

Question 5

An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward. What step is required for this configuration?

Configure an SSL VPN realm for clients to use the port forward bookmark.

Configure the client application to forward IP traffic through FortiClient.

Configure the virtual IP address to be assigned t the SSL VPN users.

Configure the client application to forward IP traffic to a Java applet proxy.

Question 6

Examine the network diagram shown in the exhibit, then answer the following question:
NSE4_FGT-6.0 dumps exhibit

Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?
A)
NSE4_FGT-6.0 dumps exhibit

Option A

Option B

Option C

Option D

Question 7

Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.

If the VPN is configured as route-based, there must be at least one firewall policy with the action set toIPSec.

If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Addressor Dynamic DNS in the other peer.

If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

Question 8

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

The firmware image must be manually uploaded to each FortiGate.

Only secondary FortiGate devices are rebooted.

Uninterruptable upgrade is enabled by default.

Traffic load balancing is temporally disabled while upgrading the firmware.

Question 9

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

ADVPN is only supported with IKEv2.

Tunnels are negotiated dynamically between spokes.

Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Question 10

View the exhibit.
NSE4_FGT-6.0 dumps exhibit

Based on the configuration shown in the exhibit, what statements about application control behavior are true? (Choose two.)

Access to all unknown applications will be allowed.

Access to browser-based Social.Media applications will be blocked.

Access to mobile social media applications will be blocked.

Access to all applications in Social.Media category will be blocked.

Question 11

Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.
NSE4_FGT-6.0 dumps exhibit

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

SMTP.Login.Brute.Force

IMAP.Login.brute.Force

ip_src_session

Location: server Protocol: SMTP

Question 12

Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

Firewall service

User or user group

IP Pool

FQDN address

Question 13

Examine the IPS sensor configuration and forward traffic logs shown in the exhibit; then, answer the question below.
NSE4_FGT-6.0 dumps exhibit

An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.
What is a possible reason for this?

The IPS filter is missing the Protocol: HTTPS option.

The HTTPS signatures have not been added to the sensor.

A DoS policy should be used, instead of an IPS sensor.

The firewall policy is not using a full SSL inspection profile.

Question 14

How does FortiGate select the central SNAT policy that is applied to a TCP session?

It selects the SNAT policy specified in the configuration of the outgoing interface.

It selects the first matching central SNAT policy, reviewing from top to bottom.

It selects the central SNAT policy with the lowest priority.

It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Question 15

If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A CRL

A person

A subordinate CA

A root CA

Question 16

Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

To delete intermediary NAT devices in the tunnel path.

To dynamically change phase 1 negotiation mode aggressive mode.

To encapsulation ESP packets in UDP packets using port 4500.

To force a new DH exchange with each phase 2 rekey.

Question 17

Which statements about antivirus scanning mode are true? (Choose two.)

In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.

In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.

In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.

In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.

Question 18

How do you format the FortiGate flash disk?

Load a debug FortiOS image.

Load the hardware test (HQIP) image.

Execute the CLI command execute formatlogdisk.

Select the format boot device option from the BIOS menu.

Question 19

Which statements about DNS filter profiles are true? (Choose two.)

They can inspect HTTP traffic.

They can redirect blocked requests to a specific portal.

They can block DNS requests to known botnet command and control servers.

They must be applied in firewall policies with SSL inspection enabled.

Question 20

Examine the two static routes shown in the exhibit, then answer title following question.
NSE4_FGT-6.0 dumps exhibit

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

FortiGate will load balance all traffic across both routes.

FortiGate will use the port1 route as the primary candidate.

FortiGate will route twice as much traffic to the port2 route

FortiGate will only actuate the portl route m tlie routing table

Question 21

How does FortiGate verify the login credentials of a remote LDAP user?

FortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server.

FortiGate sends the user-entered credentials to the LDAP server for authentication.

FortiGate queries the LDAP server for credentials.

FortiGate queries its own database for credentials.

Page: 1 / 10

Total 126 questions Full Exam Access