Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Note! The NSE4_FGT-6.4 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the NSE4_FGT-7.2 Exam.

NSE4_FGT-6.4 Fortinet NSE 4 - FortiOS 6.4 Questions and Answers

Questions 4

Examine this PAC file configuration.

NSE4_FGT-6.4 Question 4

Which of the following statements are true? (Choose two.)

Options:

A.

Browsers can be configured to retrieve this PAC file from the FortiGate.

B.

Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

C.

All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D.

Any web request fortinet.com is allowed to bypass the proxy.

Buy Now
Questions 5

Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

Options:

A.

FG-traffic

B.

Mgmt

C.

FG-Mgmt

D.

Root

Buy Now
Questions 6

Refer to the exhibit.

NSE4_FGT-6.4 Question 6

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.

An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.

The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination https://www.fortinet.c om? (Choose two.)

Options:

A.

If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

B.

If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

C.

If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

D.

If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

Buy Now
Questions 7

Refer to the exhibit.

NSE4_FGT-6.4 Question 7

NSE4_FGT-6.4 Question 7

NSE4_FGT-6.4 Question 7

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.

How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

Options:

A.

If there is a full-through policy in place, users will not be prompted for authentication.

B.

Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.

C.

Authentication is enforced at a policy level; all users will be prompted for authentication.

D.

Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.

Buy Now
Questions 8

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.

Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

Options:

A.

set fortiguard anycast disable

B.

set protocol udp

C.

set webfilter-force-off disable

D.

set webfilter-cache disable

Buy Now
Questions 9

Refer to the exhibit.

NSE4_FGT-6.4 Question 9

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

Options:

A.

Change password

B.

Enable restrict access to trusted hosts

C.

Change Administrator profile

D.

Enable two-factor authentication

Buy Now
Questions 10

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

Options:

A.

By default, all interfaces are part of the same broadcast domain.

B.

The existing network IP schema must be changed when installing a transparent mode.

C.

Static routes are required to allow traffic to the next hop.

D.

FortiGate forwards frames without changing the MAC address.

Buy Now
Questions 11

Which two statements are correct about NGFW Policy-based mode? (Choose two.)

Options:

A.

NGFW policy-based mode does not require the use of central source NAT policy

B.

NGFW policy-based mode can only be applied globally and not on individual VDOMs

C.

NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy

D.

NGFW policy-based mode policies support only flow inspection

Buy Now
Questions 12

Which two statements about antivirus scanning mode are true? (Choose two.)

Options:

A.

In proxy-based inspection mode, files bigger than the buffer size are scanned.

B.

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

C.

In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.

D.

In flow-based inspection mode, files bigger than the buffer size are scanned.

Buy Now
Questions 13

Examine this output from a debug flow:

NSE4_FGT-6.4 Question 13

Why did the FortiGate drop the packet?

Options:

A.

The next-hop IP address is unreachable.

B.

It failed the RPF check.

C.

It matched an explicitly configured firewall policy with the action DENY.

D.

It matched the default implicit firewall policy.

Buy Now
Questions 14

Which three statements are true regarding session-based authentication? (Choose three.)

Options:

A.

HTTP sessions are treated as a single user.

B.

IP sessions from the same source IP address are treated as a single user.

C.

It can differentiate among multiple clients behind the same source IP address.

D.

It requires more resources.

E.

It is not recommended if multiple users are behind the source NAT

Buy Now
Questions 15

An administrator must disable RPF check to investigate an issue.

Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

Options:

A.

Enable asymmetric routing, so the RPF check will be bypassed.

B.

Disable the RPF check at the FortiGate interface level for the source check.

C.

Disable the RPF check at the FortiGate interface level for the reply check.

D.

Enable asymmetric routing at the interface level.

Buy Now
Questions 16

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

Options:

A.

hard-timeout

B.

auth-on-demand

C.

soft-timeout

D.

new-session

E.

Idle-timeout

Buy Now
Questions 17

Refer to the exhibit.

NSE4_FGT-6.4 Question 17

The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10 .0.1.254. /24.

The first firewall policy has NAT enabled using IP Pool.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

Options:

A.

10.200.1.1

B.

10.200.3.1

C.

10.200.1.100

D.

10.200.1.10

Buy Now
Questions 18

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

Options:

A.

Heartbeat interfaces have virtual IP addresses that are manually assigned.

B.

A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

C.

Virtual IP addresses are used to distinguish between cluster members.

D.

The primary device in the cluster is always assigned IP address 169.254.0.1.

Buy Now
Questions 19

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

Options:

A.

The firmware image must be manually uploaded to each FortiGate.

B.

Only secondary FortiGate devices are rebooted.

C.

Uninterruptable upgrade is enabled by default.

D.

Traffic load balancing is temporally disabled while upgrading the firmware.

Buy Now
Questions 20

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

Options:

A.

The public key of the web server certificate must be installed on the browser.

B.

The web-server certificate must be installed on the browser.

C.

The CA certificate that signed the web-server certificate must be installed on the browser.

D.

The private key of the CA certificate that signed the browser certificate must be installed on the browser.

Buy Now
Questions 21

Refer to the exhibit.

NSE4_FGT-6.4 Question 21

Which contains a Performance SLA configuration.

An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

Options:

A.

Participants configured are not SD-WAN members.

B.

There may not be a static route to route the performance SLA traffic.

C.

The Ping protocol is not supported for the public servers that are configured.

D.

You need to turn on the Enable probe packets switch.

Buy Now
Questions 22

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on

which device?

Options:

A.

FortiManager

B.

Root FortiGate

C.

FortiAnalyzer

D.

Downstream FortiGate

Buy Now
Questions 23

How do you format the FortiGate flash disk?

Options:

A.

Load a debug FortiOS image.

B.

Load the hardware test (HQIP) image.

C.

Execute the CLI command execute formatlogdisk.

D.

Select the format boot device option from the BIOS menu.

Buy Now
Questions 24

An administrator wants to configure timeouts for users. Regardless of the userג€™s behavior, the timer should start as soon as the user authenticates and expire after the configured value.

Which timeout option should be configured on FortiGate?

Options:

A.

auth-on-demand

B.

soft-timeout

C.

idle-timeout

D.

new-session

E.

hard-timeout

Buy Now
Exam Code: NSE4_FGT-6.4
Exam Name: Fortinet NSE 4 - FortiOS 6.4
Last Update: Dec 1, 2023
Questions: 165
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 11 Dec 2024