NSE4_FGT-6.0 | Down To Date NSE4_FGT-6.0 Guidance 2020
Free of NSE4_FGT-6.0 exam question materials and testing engine for Fortinet certification for examinee, Real Success Guaranteed with Updated NSE4_FGT-6.0 pdf dumps vce Materials. 100% PASS Fortinet NSE 4 – FortiOS 6.0 exam Today!
Free demo questions for Fortinet NSE4_FGT-6.0 Exam Dumps Below:
NEW QUESTION 1
Which statement about DLP on FortiGate is true?
- A. It can archive files and messages.
- B. It can be applied to a firewall policy in a flow-based VDOM
- C. Traffic shaping can be applied to DLP sensors.
- D. Files can be sent to FortiSandbox for detecting DLP threats.
NEW QUESTION 2
Which of the following statements about converse mode are true? (Choose two.)
- A. FortiGate stops sending files to FortiSandbox for inspection.
- B. FortiGate stops doing RPF checks over incoming packets.
- C. Administrators cannot change the configuration.
- D. Administrators can access the FortiGate only through the console port.
NEW QUESTION 3
Examine the routing database shown in the exhibit, and then answer the following question:
Which of the following statements are correct? (Choose two.)
- A. The port3 default route has the highest distance.
- B. The port3 default route has the lowest metric.
- C. There will be eight routes active in the routing table.
- D. The port1 and port2 default routes are active in the routing table.
NEW QUESTION 4
An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?
- A. tcp_port_scan
- B. ip_dst_session
- C. udp_flood
- D. ip_src_session
NEW QUESTION 5
Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?
- A. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
- B. FortiGate is able to handle NATed connections only in aggressive mode.
- C. FortiClient only supports aggressive mode.
- D. Main mode does not support XAuth for user authentication.
NEW QUESTION 6
What FortiGate configuration is required to actively prompt users for credentials?
- A. You must enable one or more protocols that support active authentication on a firewall policy
- B. You must position the firewall policy for active authentication before a firewall policy foe passive authentication.
- C. You must assign users to a group for active authentication
- D. You must enable the Authentication setting on the firewall policy
NEW QUESTION 7
View the exhibit.
Why is the administrator getting the error shown in the exhibit?
- A. The administrator must first enter the command edit global.
- B. The administrator admin does not have the privileges required to configure global settings.
- C. The global settings cannot be configured from the root VDOM context.
- D. The command config system global does not exist in FortiGate.
NEW QUESTION 8
Examine this output from a debug flow:
Which statements about the output are correct? (Choose two.)
- A. FortiGate received a TCP SYN/ACK packet.
- B. The source IP address of the packet was translated to 10.0.1.10.
- C. FortiGate routed the packet through port 3.
- D. The packet was allowed by the firewall policy with the ID 00007fc0.
NEW QUESTION 9
View the exhibit.
What does this raw log indicate? (Choose two.)
- A. FortiGate blocked the traffic.
- B. type indicates that a security event was recorded.
- C. 10.0.1.20 is the IP address for lavito.tk.
- D. policyid indicates that traffic went through the IPS firewall policy.
NEW QUESTION 10
Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)
- A. This is known as many-to-one NAT.
- B. Source IP is translated to the outgoing interface IP.
- C. Connections are tracked using source port and source MAC address.
- D. Port address translation is not used.
NEW QUESTION 11
Which statements about HA for FortiGate devices are true? (Choose two.)
- A. Sessions handled by proxy-based security profiles cannot be synchronized.
- B. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.
- C. HA management interface settings are synchronized between cluster members.
- D. Heartbeat interfaces are not required on the primary device.
NEW QUESTION 12
During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?
- A. Authentication.
- B. Data integrity.
- C. Non-repudiation.
- D. Signature verification.
NEW QUESTION 13
Which of the following statements about the FSSO collector agent timers is true?
- A. The workstation verify interval is used to periodically check of a workstation is still a domain member.
- B. The IP address change verify interval monitors the server IP address where the collector agent isinstalled, and the updates the collector agent configuration if it changes.
- C. The user group cache expiry is used to age out the monitored groups.
- D. The dead entry timeout interval is used to age out entries with an unverified status.
NEW QUESTION 14
Examine this output from a debug flow:
Why did the FortiGate drop the packet?
- A. The next-hop IP address is unreachable.
- B. It failed the RPF check.
- C. It matched an explicitly configured firewall policy with the action DENY.
- D. It matched the default implicit firewall policy.
NEW QUESTION 15
Which statements about a One-to-One IP pool are true? (Choose two.)
- A. It is used for destination NAT.
- B. It allows the fixed mapping of an internal address range to an external address range.
- C. It does not use port address translation.
- D. It allows the configuration of ARP replies.
NEW QUESTION 16
NGFW mode allows policy-based configured for most impaction rules. Which security profile’s configuration does not change when you enable policy-based impaction?
- A. Antivirus
- B. Web proxy
- C. Web filtering
- D. Application control
NEW QUESTION 17
By default, when logging to disk, when does FortiGate delete logs?
- A. 30 days
- B. 1 year
- C. Never
- D. 7 days
NEW QUESTION 18
An administrator is configuring an IPsec between site A and site B. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 18.104.22.168/24 and the remote quick mode selector is 22.214.171.124/24. How must the administrator configure the local quick mode selector for site B?
- A. 192.168.3.0.24
- B. 192.168.2.0.24
- C. 192.168.1.0.24
- D. 192.168.0.0.8
NEW QUESTION 19
Examine the exhibit, which shows the partial output of an IKE real-time debug.
Which of the following statement about the output is true?
- A. The VPN is configured to use pre-shared key authentication.
- B. Extended authentication (XAuth) was successful.
- C. Remote is the host name of the remote IPsec peer.
- D. Phase 1 went down.
NEW QUESTION 20
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
- A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
- B. ADVPN is only supported with IKEv2.
- C. Tunnels are negotiated dynamically between spokes.
- D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
NEW QUESTION 21
An administrator has configured central DNAT and virtual IPs. Which of the following can be selected in the firewall policy Destination field?
- A. A VIP group
- B. The mapped IP address object of the VIP object
- C. A VIP object
- D. An IP pool
NEW QUESTION 22
An administrator has configured the following settings:
What does the configuration do? (Choose two.)
- A. Reduces the amount of logs generated by denied traffic.
- B. Enforces device detection on all interfaces for 30 minutes.
- C. Blocks denied users for 30 minutes.
- D. Creates a session for traffic being denied.
NEW QUESTION 23
A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.
What is required in the SSL VPN configuration to meet these requirements?
- A. Different SSL VPN realms for each group.
- B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.
- C. Two firewall policies with different captive portals.
- D. Different virtual SSL VPN IP addresses for each group.
NEW QUESTION 24
Which one of the following processes is involved in updating IPS from FortiGuard?
- A. FortiGate IPS update requests are sent using UDP port 443.
- B. Protocol decoder update requests are sent to service.fortiguard.net.
- C. IPS signature update requests are sent to update.fortiguard.net.
- D. IPS engine updates can only be obtained using push updates.
NEW QUESTION 25
100% Valid and Newest Version NSE4_FGT-6.0 Questions & Answers shared by prep-labs.com, Get Full Dumps HERE: https://www.prep-labs.com/dumps/NSE4_FGT-6.0/ (New 126 Q&As)