Rebirth NSE4_FGT-6.0 Study Guides 2020
Our pass rate is high to 98.9% and the similarity percentage between our NSE4_FGT-6.0 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE4_FGT-6.0 exam in just one try? I am currently studying for the Fortinet NSE4_FGT-6.0 exam. Latest Fortinet NSE4_FGT-6.0 Test exam practice questions and answers, Try Fortinet NSE4_FGT-6.0 Brain Dumps First.
Free demo questions for Fortinet NSE4_FGT-6.0 Exam Dumps Below:
NEW QUESTION 1
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)
- A. Warning
- B. Exempt
- C. Allow
- D. Learn
NEW QUESTION 2
Which statements correctly describe transparent mode operation? (Choose three.)
- A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
- B. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
- C. The transparent FortiGate is visible to network hosts in an IP traceroute.
- D. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
- E. FortiGate acts as transparent bridge and forwards traffic at Layer 2.
NEW QUESTION 3
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
- A. remote user’s public IP address
- B. The public IP address of the FortiGate device.
- C. The remote user’s virtual IP address.
- D. The internal IP address of the FotiGate device.
NEW QUESTION 4
Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)
- A. If the DHCP method fails, browsers will try the DNS method.
- B. The browser needs to be preconfigured with the DHCP server’s IP address.
- C. The browser sends a DHCPONFORM request to the DHCP server.
- D. The DHCP server provides the PAC file for download.
NEW QUESTION 5
Which statements about a One-to-One IP pool are true? (Choose two.)
- A. It is used for destination NAT.
- B. It allows the fixed mapping of an internal address range to an external address range.
- C. It does not use port address translation.
- D. It allows the configuration of ARP replies.
NEW QUESTION 6
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.
Where must the proxy address be used?
- A. As the source in a firewall policy.
- B. As the source in a proxy policy.
- C. As the destination in a firewall policy.
- D. As the destination in a proxy policy.
NEW QUESTION 7
An administrator wants to configure a FortiGate as a DNS server FortiGate must use us DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you UM?
- A. Recursive
- B. Non-recursive
- C. Forward to primary and secondary DNS
- D. Forward to system DNS
NEW QUESTION 8
Which of the following statements about NTLM authentication are correct? (Choose two.)
- A. It is useful when users log in to DCs that are not monitored by a collector agent.
- B. It takes over as the primary authentication method when configured alongside FSSO.
- C. Multi-domain environments require DC agents on every domain controller.
- D. NTLM-enabled web browsers are required.
NEW QUESTION 9
By default, when logging to disk, when does FortiGate delete logs?
- A. 30 days
- B. 1 year
- C. Never
- D. 7 days
NEW QUESTION 10
What FortiGate configuration is required to actively prompt users for credentials?
- A. You must enable one or more protocols that support active authentication on a firewall policy
- B. You must position the firewall policy for active authentication before a firewall policy foe passive authentication.
- C. You must assign users to a group for active authentication
- D. You must enable the Authentication setting on the firewall policy
NEW QUESTION 11
When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?
- A. Connected monitored ports > HA uptime > priority > serial number
- B. Priority > Connected monitored ports > HA uptime > serial number
- C. Connected monitored ports > priority > HA uptime > serial number
- D. HA uptime > priority > Connected monitored ports > serial number
NEW QUESTION 12
Which action can be applied to each filter in the application control profile?
- A. Block, monitor, warning, and quarantine
- B. Allow, monitor, block and learn
- C. Allow, block, authenticate, and warning
- D. Allow, monitor, block, and quarantine
NEW QUESTION 13
An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?
- A. FortiGate needs to be switched to NGFW mode.
- B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.
- C. Proxy options are no longer available starting in FortiOS 5.6.
- D. FortiGate is in flow-based inspection mode.
NEW QUESTION 14
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
- A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
- B. ADVPN is only supported with IKEv2.
- C. Tunnels are negotiated dynamically between spokes.
- D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
NEW QUESTION 15
What is the limitation of using a URL list and application control on the same firewall policy, in NCFW policy-based mode?
- A. It limits the scope of application control to the browser-based technology category only.
- B. It limits the scope of application control to scan application traffic based on application category only.
- C. It limits the scope of application control to scan application traffic using parent signatures only
- D. It limits the scope of application control to scan application traffic on DNS protocol only.
NEW QUESTION 16
NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?
- A. Web filtering
- B. Antivirus
- C. Web proxy
- D. Application control
NEW QUESTION 17
An administrator is investigating a report of users having intermittent issues with browsing the web. The administrator ran diagnostics and received the output shown in the exhibit.
Examine the diagnostic output shown exhibit. Which of the following options is the most likely cause of this issue?
- A. NAT port exhaustion
- B. High CPU usage
- C. High memory usage
- D. High session timeout value
NEW QUESTION 18
Which is the correct description of a hash result as it relates to digital certificates?
- A. A unique value used to verify the input data
- B. An output value that is used to identify the person or deuce that authored the input data.
- C. An obfuscation used to mask the input data.
- D. An encrypted output value used to safe-guard die input data
NEW QUESTION 19
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
- A. Lookup is done on the trust packet from the session originator
- B. Lookup is done on the last packet sent from the re spender
- C. Lookup is done on every packet, regardless of direction
- D. Lookup is done on the trust reply packet from the re spender
NEW QUESTION 20
An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices Winch configuration steps must be performed on both devices to support this scenario? (Choose three.)
- A. Define the phase 1 parameters, without enabling IPsec interface mode
- B. Define the phase 2 parameters.
- C. Set the phase 2 encapsulation method to transport mode
- D. Define at least one firewall policy, with the action set to IPsec.
- E. Define a route to the remote network over the IPsec tunnel.
NEW QUESTION 21
How does FortiGate verify the login credentials of a remote LDAP user?
- A. FortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server.
- B. FortiGate sends the user-entered credentials to the LDAP server for authentication.
- C. FortiGate queries the LDAP server for credentials.
- D. FortiGate queries its own database for credentials.
NEW QUESTION 22
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
- A. Traffic to botnet servers
- B. Traffic to inappropriate web sites
- C. Server information disclosure attacks
- D. Credit card data leaks
- E. SQL injection attacks
NEW QUESTION 23
Examine the exhibit, which contains a session diagnostic output.
Which of the following statements about the session diagnostic output is true?
- A. The session is in ESTABLISHED state.
- B. The session is in LISTEN state.
- C. The session is in TIME_WAIT state.
- D. The session is in CLOSE_WAIT state.
NEW QUESTION 24
An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward. What step is required for this configuration?
- A. Configure an SSL VPN realm for clients to use the port forward bookmark.
- B. Configure the client application to forward IP traffic through FortiClient.
- C. Configure the virtual IP address to be assigned t the SSL VPN users.
- D. Configure the client application to forward IP traffic to a Java applet proxy.
NEW QUESTION 25
100% Valid and Newest Version NSE4_FGT-6.0 Questions & Answers shared by Certleader, Get Full Dumps HERE: https://www.certleader.com/NSE4_FGT-6.0-dumps.html (New 126 Q&As)