NSE4_FGT-6.4 | Verified Fortinet NSE4_FGT-6.4 Actual Exam Online

Act now and download your Fortinet NSE4_FGT-6.4 test today! Do not waste time for the worthless Fortinet NSE4_FGT-6.4 tutorials. Download Most recent Fortinet Fortinet NSE 4 - FortiOS 6.4 exam with real questions and answers and begin to learn Fortinet NSE4_FGT-6.4 with a classic professional.

Fortinet NSE4_FGT-6.4 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

  • A. Warning
  • B. Exempt
  • C. Allow
  • D. Learn

Answer: AC

NEW QUESTION 2
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)

  • A. The IP version of the sources and destinations in a firewall policy must be different.
  • B. The Incoming Interfac
  • C. Outgoing Interfac
  • D. Schedule, and Service fields can be shared with both IPv4and IPv6.
  • E. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
  • F. The IP version of the sources and destinations in a policy must match.
  • G. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.

Answer: ACE

NEW QUESTION 3
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

  • A. The public key of the web servercertificate must be installed on the browser.
  • B. The web-server certificate must be installed on the browser.
  • C. The CA certificate that signed the web-server certificate must be installed on the browser.
  • D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

Answer: C

NEW QUESTION 4
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

  • A. A CRL
  • B. A person
  • C. A subordinate CA
  • D. A root CA

Answer: D

NEW QUESTION 5
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

  • A. hard-timeout
  • B. auth-on-demand
  • C. soft-timeout
  • D. new-session
  • E. Idle-timeout

Answer: ADE

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221

NEW QUESTION 6
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

  • A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  • B. ADVPN is only supported with IKEv2.
  • C. Tunnels are negotiated dynamically between spokes.
  • D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: AC

NEW QUESTION 7
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

  • A. The strict RPF check is run on the first sent and reply packet of any new session.
  • B. Strict RPF checks the best route back to the sourceusingtheincoming interface.
  • C. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.
  • D. Strict RPF allows packets back to sources with all active routes.

Answer: A

NEW QUESTION 8
Refer to the exhibit.
NSE4_FGT-6.4 dumps exhibit
The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.
How does FortiGate process the traffic sent to http://www.fortinet.com?

  • A. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.
  • B. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.
  • C. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.
  • D. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

Answer: D

NEW QUESTION 9
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

  • A. Lookup is done on the first packet from the session originator
  • B. Lookup is done on the last packet sent from the responder
  • C. Lookup is done on every packet, regardless of direction
  • D. Lookup is done on the trust reply packet from the responder

Answer: AD

NEW QUESTION 10
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode
selector for site B?

  • A. A.-192.168.3.0/24B.192.168.2.0/24C.192.168.1.0/24D.192.168.0.0/8

Answer: B

NEW QUESTION 11
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

  • A. Traffic to botnetservers
  • B. Traffic to inappropriate web sites
  • C. Server information disclosure attacks
  • D. Credit card data leaks
  • E. SQL injection attacks

Answer: ACE

NEW QUESTION 12
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

  • A. FortiCache
  • B. FortiSIEM
  • C. FortiAnalyzer
  • D. FortiSandbox
  • E. FortiCloud

Answer: BCD

NEW QUESTION 13
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

  • A. DNS
  • B. ping
  • C. udp-echo
  • D. TWAMP

Answer: AC

NEW QUESTION 14
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

  • A. The firmware image must be manually uploaded to each FortiGate.
  • B. Only secondary FortiGate devices are rebooted.
  • C. Uninterruptable upgrade is enabled by default.
  • D. Traffic load balancing is temporally disabled while upgrading the firmware.

Answer: CD

NEW QUESTION 15
Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

  • A. Shut down/reboot a downstream FortiGate device.
  • B. Disable FortiAnalyzer logging for a downstream FortiGate device.
  • C. Log in to a downstream FortiSwitch device.
  • D. Ban or unban compromised hosts.

Answer: A

NEW QUESTION 16
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

  • A. The interface has been configured for one-arm sniffer.
  • B. The interface is a member of a virtual wire pair.
  • C. The operation mode is transparent.
  • D. The interface is a member of a zone.
  • E. Captive portal is enabled in the interface.

Answer: ABC

Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_VirtualWirePair.htm

NEW QUESTION 17
Examine this PAC file configuration.
NSE4_FGT-6.4 dumps exhibit
Which of the following statements are true? (Choose two.)

  • A. Browsers can be configured to retrieve this PAC file from the FortiGate.
  • B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
  • C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
  • D. Any web request fortinet.com is allowed to bypass the proxy.

Answer: AD

NEW QUESTION 18
Refer to the exhibit.
NSE4_FGT-6.4 dumps exhibit
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

  • A. The IPS engine was inspecting high volume of traffic.
  • B. The IPS engine was unable to prevent an intrusion attack.
  • C. The IPS engine was blocking all traffic.
  • D. The IPS engine will continue to run in a normal state.

Answer: C

NEW QUESTION 19
Examine this output from a debug flow:
NSE4_FGT-6.4 dumps exhibit
Why did the FortiGate drop the packet?

  • A. The next-hop IP address is unreachable.
  • B. It failed the RPF check.
  • C. It matched an explicitly configured firewall policy with the action DENY.
  • D. It matched the default implicit firewall policy.

Answer: D

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=13900

NEW QUESTION 20
NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?

  • A. Web filtering
  • B. Antivirus
  • C. Web proxy
  • D. Application control

Answer: B

NEW QUESTION 21
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

  • A. Policy lookup will be disabled.
  • B. By Sequence view will be disabled.
  • C. Search option will be disabled
  • D. Interface Pair view will be disabled.

Answer: A

NEW QUESTION 22
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)

  • A. set fortiguard anycast disable
  • B. set protocol udp
  • C. set webfilter-force-off disable
  • D. set webfilter-cache disable

Answer: AC

NEW QUESTION 23
Examine this FortiGate configuration:
NSE4_FGT-6.4 dumps exhibit
Examine the output of the following debug command:
NSE4_FGT-6.4 dumps exhibit
Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

  • A. It is allowed, but with no inspection
  • B. It is allowed and inspected as long as the inspection is flow based
  • C. It is dropped.
  • D. It is allowed and inspected, as long as the only inspection required is antivirus.

Answer: C

NEW QUESTION 24
Examine this FortiGate configuration:
NSE4_FGT-6.4 dumps exhibit
How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

  • A. It always authorizes the traffic without requiring authentication.
  • B. It drops the traffic.
  • C. It authenticates the traffic using the authentication scheme SCHEME2.
  • D. It authenticates the traffic using the authentication scheme SCHEME1.

Answer: D

Explanation:
“What happens to traffic that requires authorization, but does not match any authentication rule? The active and passive SSO schemes to use for those cases is defined under config authentication setting”

NEW QUESTION 25
Refer to the exhibit.
NSE4_FGT-6.4 dumps exhibit
According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?

  • A. A user
  • B. A root CA
  • C. A bridge CA
  • D. A subordinate

Answer: A

NEW QUESTION 26
......

P.S. Easily pass NSE4_FGT-6.4 Exam with 94 Q&As Dumpscollection.com Dumps & pdf Version, Welcome to Download the Newest Dumpscollection.com NSE4_FGT-6.4 Dumps: https://www.dumpscollection.net/dumps/NSE4_FGT-6.4/ (94 New Questions)