Day: August 23, 2021

How to smoothly pass the latest Fortinet NSE 4-FortiOS 6.4 examHow to smoothly pass the latest Fortinet NSE 4-FortiOS 6.4 exam

You can pass the Fortinet NSE4_FGT-6.4 exam smoothly with exam questions (Pass4itSure provide). Pass4itSure NSE4_FGT-6.4 exam dumps contain PDF and VCE. 100% verified Q&As for NSE4_FGT6.4 exam with 100% passing guarantee. Full NSE4_FGT6.4 exam questions: https://www.pass4itsure.com/nse4_fgt-6-4.html (Q&As: 155).

[free pdf latest] Fortinet NSE4_FGT-6.4 pdf download from google drive https://drive.google.com/file/d/1wI9DP9UwiUtT4qaThbYW2-fvD5Yx1ePC/view?usp=sharing (Pass4itSure provide)

New | Fortinet NSE4_FGT-6.4 Practice Test Free Online

QUESTION 1
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to
the Source filed of a firewall policy?
A. IP address
B. Once Internet Service is selected, no other object can be added
C. User or User Group
D. FQDN address
Correct Answer: A
Reference: https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-inpolicy

QUESTION 2
Refer to the exhibit.

NSE4_FGT-6.4 exam questions-q2

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
A. Destination NAT is disabled in the firewall policy.
B. One-to-one NAT IP pool is used in the firewall policy.
C. Overload NAT IP pool is used in the firewall policy.
D. Port block allocation IP pool is used in the firewall policy.
Correct Answer: A

QUESTION 3
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list
view?
A. Policy lookup will be disabled.
B. By Sequence view will be disabled.
C. Search option will be disabled
D. Interface Pair view will be disabled.
Correct Answer: A

QUESTION 4
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to
provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.
Correct Answer: BD
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/913287/ipsec-vpn-authenticatingaremotefortigate-peer-with-a-pre-shared-key

QUESTION 5
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

NSE4_FGT-6.4 exam questions-q5

NSE4_FGT-6.4 exam questions-q5-2

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected
file for the first time?
A. The firewall policy performs the full content inspection on the file.
B. The flow-based inspection is used, which resets the last packet to the user.
C. The volume of traffic being inspected is too high for this model of FortiGate.
D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
Correct Answer: A

QUESTION 6
Refer to the exhibit.

NSE4_FGT-6.4 exam questions-q6

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?
A. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
B. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
C. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.
D. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.
Correct Answer: C

QUESTION 7
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)
A. FortiGate points the collector agent to use a remote LDAP server.
B. FortiGate uses the AD server as the collector agent.
C. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
D. FortiGate queries AD by using the LDAP to retrieve user group information.
Correct Answer: CD

QUESTION 8
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
A. hard-timeout
B. auth-on-demand
C. soft-timeout
D. new-session
E. Idle-timeout
Correct Answer: ADE
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221

QUESTION 9
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the
source of the HTTP request?
A. remote user\\’s public IP address
B. The public IP address of the FortiGate device.
C. The remote user\\’s virtual IP address.
D. The internal IP address of the FortiGate device.
Correct Answer: D
Source IP seen by the remote resources is FortiGate\\’s internal IP address and not the user\\’s IP address

QUESTION 10
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
A. Antivirus engine
B. Intrusion prevention system engine
C. Flow engine
D. Detection engine
Correct Answer: B

QUESTION 11
View the exhibit.

NSE4_FGT-6.4 exam questions-q11

Which of the following statements are correct? (Choose two.)
A. This setup requires at least two firewall policies with the action set to IPsec.
B. Dead peer detection must be disabled to support this type of IPsec setup.
C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB
VPN is down.
D. This is a redundant IPsec setup.
Correct Answer: CD

QUESTION 12
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for
example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)
A. www.example.com:443
B. www.example.com
C. example.com
D. www.example.com/index.html
Correct Answer: BD

QUESTION 13
Which two statements are true about the RPF check? (Choose two.)
A. The RPF check is run on the first sent packet of any new session.
B. The RPF check is run on the first reply packet of any new session.
C. The RPF check is run on the first sent and reply packet of any new session.
D. RPF is a mechanism that protects FortiGuard and your network from IP spoofing attacks.
Correct Answer: AD
Reference: https://www.programmersought.com/article/16383871634/

Use useful NSE4_FGT-6.4 online learning materials to provide you with a guarantee of passing the Fortinet NSE 4-FortiOS 6.4 exams. Pass4itSure NSE4_FGT-6.4 dumps are the right choice for you! Updates throughout the year, built by a professional team, are worthy of your possession. Visit now: https://www.pass4itsure.com/nse4_fgt-6-4.html (Updated: Aug 12, 2021).

Fortinet NSE4_FGT-6.4 pdf free download https://drive.google.com/file/d/1wI9DP9UwiUtT4qaThbYW2-fvD5Yx1ePC/view?usp=sharing