Rebirth NSE4_FGT-6.0 Study Guides 2020

2020 Fortinet Official New Released NSE4_FGT-6.0 ♥♥

Our pass rate is high to 98.9% and the similarity percentage between our NSE4_FGT-6.0 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE4_FGT-6.0 exam in just one try? I am currently studying for the Fortinet NSE4_FGT-6.0 exam. Latest Fortinet NSE4_FGT-6.0 Test exam practice questions and answers, Try Fortinet NSE4_FGT-6.0 Brain Dumps First.

Free demo questions for Fortinet NSE4_FGT-6.0 Exam Dumps Below:

Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

  • A. Warning
  • B. Exempt
  • C. Allow
  • D. Learn

Answer: AC

Which statements correctly describe transparent mode operation? (Choose three.)

  • A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
  • B. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
  • C. The transparent FortiGate is visible to network hosts in an IP traceroute.
  • D. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • E. FortiGate acts as transparent bridge and forwards traffic at Layer 2.

Answer: BDE

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

  • A. remote user’s public IP address
  • B. The public IP address of the FortiGate device.
  • C. The remote user’s virtual IP address.
  • D. The internal IP address of the FotiGate device.

Answer: D

Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

  • A. If the DHCP method fails, browsers will try the DNS method.
  • B. The browser needs to be preconfigured with the DHCP server’s IP address.
  • C. The browser sends a DHCPONFORM request to the DHCP server.
  • D. The DHCP server provides the PAC file for download.

Answer: AC

Which statements about a One-to-One IP pool are true? (Choose two.)

  • A. It is used for destination NAT.
  • B. It allows the fixed mapping of an internal address range to an external address range.
  • C. It does not use port address translation.
  • D. It allows the configuration of ARP replies.

Answer: BC

An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.
NSE4_FGT-6.0 dumps exhibit
Where must the proxy address be used?

  • A. As the source in a firewall policy.
  • B. As the source in a proxy policy.
  • C. As the destination in a firewall policy.
  • D. As the destination in a proxy policy.

Answer: B

An administrator wants to configure a FortiGate as a DNS server FortiGate must use us DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you UM?

  • A. Recursive
  • B. Non-recursive
  • C. Forward to primary and secondary DNS
  • D. Forward to system DNS

Answer: A

Which of the following statements about NTLM authentication are correct? (Choose two.)

  • A. It is useful when users log in to DCs that are not monitored by a collector agent.
  • B. It takes over as the primary authentication method when configured alongside FSSO.
  • C. Multi-domain environments require DC agents on every domain controller.
  • D. NTLM-enabled web browsers are required.

Answer: AD

By default, when logging to disk, when does FortiGate delete logs?

  • A. 30 days
  • B. 1 year
  • C. Never
  • D. 7 days

Answer: D

What FortiGate configuration is required to actively prompt users for credentials?

  • A. You must enable one or more protocols that support active authentication on a firewall policy
  • B. You must position the firewall policy for active authentication before a firewall policy foe passive authentication.
  • C. You must assign users to a group for active authentication
  • D. You must enable the Authentication setting on the firewall policy

Answer: C

When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

  • A. Connected monitored ports > HA uptime > priority > serial number
  • B. Priority > Connected monitored ports > HA uptime > serial number
  • C. Connected monitored ports > priority > HA uptime > serial number
  • D. HA uptime > priority > Connected monitored ports > serial number

Answer: C

Which action can be applied to each filter in the application control profile?

  • A. Block, monitor, warning, and quarantine
  • B. Allow, monitor, block and learn
  • C. Allow, block, authenticate, and warning
  • D. Allow, monitor, block, and quarantine

Answer: D

An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?

  • A. FortiGate needs to be switched to NGFW mode.
  • B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.
  • C. Proxy options are no longer available starting in FortiOS 5.6.
  • D. FortiGate is in flow-based inspection mode.

Answer: D

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

  • A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  • B. ADVPN is only supported with IKEv2.
  • C. Tunnels are negotiated dynamically between spokes.
  • D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: AC

What is the limitation of using a URL list and application control on the same firewall policy, in NCFW policy-based mode?

  • A. It limits the scope of application control to the browser-based technology category only.
  • B. It limits the scope of application control to scan application traffic based on application category only.
  • C. It limits the scope of application control to scan application traffic using parent signatures only
  • D. It limits the scope of application control to scan application traffic on DNS protocol only.

Answer: D

NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?

  • A. Web filtering
  • B. Antivirus
  • C. Web proxy
  • D. Application control

Answer: C

An administrator is investigating a report of users having intermittent issues with browsing the web. The administrator ran diagnostics and received the output shown in the exhibit.
NSE4_FGT-6.0 dumps exhibit
Examine the diagnostic output shown exhibit. Which of the following options is the most likely cause of this issue?

  • A. NAT port exhaustion
  • B. High CPU usage
  • C. High memory usage
  • D. High session timeout value

Answer: C

Which is the correct description of a hash result as it relates to digital certificates?

  • A. A unique value used to verify the input data
  • B. An output value that is used to identify the person or deuce that authored the input data.
  • C. An obfuscation used to mask the input data.
  • D. An encrypted output value used to safe-guard die input data

Answer: A

Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

  • A. Lookup is done on the trust packet from the session originator
  • B. Lookup is done on the last packet sent from the re spender
  • C. Lookup is done on every packet, regardless of direction
  • D. Lookup is done on the trust reply packet from the re spender

Answer: AB

An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices Winch configuration steps must be performed on both devices to support this scenario? (Choose three.)

  • A. Define the phase 1 parameters, without enabling IPsec interface mode
  • B. Define the phase 2 parameters.
  • C. Set the phase 2 encapsulation method to transport mode
  • D. Define at least one firewall policy, with the action set to IPsec.
  • E. Define a route to the remote network over the IPsec tunnel.

Answer: CDE

How does FortiGate verify the login credentials of a remote LDAP user?

  • A. FortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server.
  • B. FortiGate sends the user-entered credentials to the LDAP server for authentication.
  • C. FortiGate queries the LDAP server for credentials.
  • D. FortiGate queries its own database for credentials.

Answer: B

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

  • A. Traffic to botnet servers
  • B. Traffic to inappropriate web sites
  • C. Server information disclosure attacks
  • D. Credit card data leaks
  • E. SQL injection attacks

Answer: ACE

Examine the exhibit, which contains a session diagnostic output.
NSE4_FGT-6.0 dumps exhibit
Which of the following statements about the session diagnostic output is true?

  • A. The session is in ESTABLISHED state.
  • B. The session is in LISTEN state.
  • C. The session is in TIME_WAIT state.
  • D. The session is in CLOSE_WAIT state.

Answer: A

An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward. What step is required for this configuration?

  • A. Configure an SSL VPN realm for clients to use the port forward bookmark.
  • B. Configure the client application to forward IP traffic through FortiClient.
  • C. Configure the virtual IP address to be assigned t the SSL VPN users.
  • D. Configure the client application to forward IP traffic to a Java applet proxy.

Answer: D


100% Valid and Newest Version NSE4_FGT-6.0 Questions & Answers shared by Certleader, Get Full Dumps HERE: (New 126 Q&As)