Category: nse4_fgt-6.4 exam questions

Most Effective Success Fortinet NSE4_FGT-6.4 Dumps Pdf ProblemMost Effective Success Fortinet NSE4_FGT-6.4 Dumps Pdf Problem

Fortinet NSE 4 - FortiOS 6.4

The most effective way to pass the Fortinet NSE4 NSE4_FGT-6.4 exam is to take the latest NSE4_FGT-6.4 dumps pdf 2022!

Why take the Fortinet NSE 4 – FortiOS 6.4 exam?

Passing the exam will give you high-paying jobs and the prospect of academic success.

Why is Fortinet NSE4_FGT-6.4 dumps pdf the most effective way to succeed in your exam?

NSE4_FGT-6.4 exams are considered to be one of the most difficult exams to prepare for, and it is difficult to pass without the right methods. NSE4_FGT-6.4 dumps pdf is the right way! It provides up-to-date and authentic NSE4_FGT-6.4 practice exam questions and answers that will help pass the exam.

Pass4itSure is one of the world’s leading brands and offers the best and relevant Fortinet NSE 4 – FortiOS 6.4 NSE4_FGT-6.4 practice exam materials for you to prepare. Latest NSE4_FGT-6.4 dumps pdf >>> https://www.pass4itsure.com/nse4_fgt-6-4.html (PDF +VCE)

Authentic Fortinet NSE 4 – FortiOS 6.4 NSE4_FGT-6.4 practice test

NSE4_FGT-6.4Q&As

QUESTION 1

Which three methods are used by the collector agent for AD polling? (Choose three.)

A. FortiGate polling
B. NetAPI
C. Novell API
D. WMI
E. WinSecLog

Correct Answer: BDE

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

QUESTION 2

Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable
gateway? (Choose two)

A. Lookup is done on the first packet from the session originator
B. Lookup is done on the last packet sent from the responder
C. Lookup is done on every packet, regardless of the direction
D. Lookup is done on the trust reply packet from the responder

Correct Answer: AD

QUESTION 3

Refer to the exhibit to view the application control profile.

Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is
true?

A. Apple FaceTime belongs to the custom monitored filter.
B. The category of Apple FaceTime is being monitored.
C. Apple FaceTime belongs to the custom blocked filter.
D. The category of Apple FaceTime is being blocked.

Correct Answer: A

QUESTION 4

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this
configuration, which statement is true?

A. Addicting. Games are allowed based on the Application Overrides configuration.
B. Addicting. Games are blocked on the Filter Overrides configuration.
C. Addicting. Games can be allowed only if the Filter Overrides actions are set to Exempt.
D. Addicting. Games are allowed based on the Categories configuration.

Correct Answer: A

QUESTION 5

How does FortiGate act when using SSL VPN in web mode?

A. FortiGate acts as an FDS server.
B. FortiGate acts as an HTTP reverse proxy.
C. FortiGate acts as a DNS server.
D. FortiGate acts as a router.

Correct Answer: C

Reference: https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/Fortigate_v4.0MR3/fortigatesslvpn-40-mr3.pdf

QUESTION 6

Refer to the exhibit.

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?

A. The first packet sent from the Student failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
B. The first reply packet for Students failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
C. The first reply packet for Students failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.
D. The first packet sent from the Student failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.

Correct Answer: C

QUESTION 7

Which two statements about antivirus scanning mode are true? (Choose two.)

A. In proxy-based inspection mode, files bigger than the buffer size are scanned.
B. In flow-based inspection mode. FortiGate buffers the file, but also simultaneously transmits it to the client.
C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
D. In flow-based inspection mode, files bigger than the buffer size is scanned.

Correct Answer: CD

QUESTION 8

Examine the exhibit, which contains a virtual IP and firewall policy configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address
10.0.1.254/24. The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is
configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic
coming from a workstation with the IP address 10.0.1.10/24?

A. 10.200.1.10
B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
C. 10.200.1.1
D. 10.0.1.254

Correct Answer: B

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Virtual% 20IPs.htm

QUESTION 9

View the exhibit.

Which of the following statements are correct? (Choose two.)

A. This setup requires at least two firewall policies with the action set to IPsec.
B. Dead peer detection must be disabled to support this type of IPsec setup.
C. The TunnelB route is the primary route for reaching the remote site. The tunnel route is used only if the Tunnell
VPN is down.
D. This is a redundant IPsec setup.

Correct Answer: CD

QUESTION 10

What devices form the core of the security fabric?

A. Two FortiGate devices and one FortiManager device
B. One FortiGate device and one FortiManager device
C. Two FortiGate devices and one FortiAnalyzer device
D. One FortiGate device and one FortiAnalyzer device

Correct Answer: C

Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/425100/components

QUESTION 11

Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnosed firewall
auth list CLI command on FortiGate?

A. Custom permission for Network
B. Read/Write permission for Log and Report
C. CLI diagnostics commands permission
D. Read/Write permission for Firewall

Correct Answer: A

QUESTION 12

Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall
(NGFW)? (Choose two.)

A. Proxy-based inspection
B. Certificate inspection
C. Flow-based inspection
D. Full Content inspection

Correct Answer: AC

Also, free Fortinet NSE 4 – FortiOS 6.4 dumps pdf download

google drive: https://drive.google.com/file/d/1GP6K6KQYBquiGnuwExJbMiC83VH2un4w/view?usp=sharing

At Pass4itSure, you will receive a real NSE4_FGT-6.4 dumps pdf which contains questions similar to a real exam and provides the correct answer at the end to pass your NSE4_FGT-6.4 certification exam. Related links >>> https://www.p

ass4itsure.com/nse4_fgt-6-4.html (Total Questions163).

With these, as long as you practice diligently, you can successfully obtain NSE4 certification.


How to smoothly pass the latest Fortinet NSE 4-FortiOS 6.4 examHow to smoothly pass the latest Fortinet NSE 4-FortiOS 6.4 exam

You can pass the Fortinet NSE4_FGT-6.4 exam smoothly with exam questions (Pass4itSure provide). Pass4itSure NSE4_FGT-6.4 exam dumps contain PDF and VCE. 100% verified Q&As for NSE4_FGT6.4 exam with 100% passing guarantee. Full NSE4_FGT6.4 exam questions: https://www.pass4itsure.com/nse4_fgt-6-4.html (Q&As: 155).

[free pdf latest] Fortinet NSE4_FGT-6.4 pdf download from google drive https://drive.google.com/file/d/1wI9DP9UwiUtT4qaThbYW2-fvD5Yx1ePC/view?usp=sharing (Pass4itSure provide)

New | Fortinet NSE4_FGT-6.4 Practice Test Free Online

QUESTION 1
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to
the Source filed of a firewall policy?
A. IP address
B. Once Internet Service is selected, no other object can be added
C. User or User Group
D. FQDN address
Correct Answer: A
Reference: https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-inpolicy

QUESTION 2
Refer to the exhibit.

NSE4_FGT-6.4 exam questions-q2

Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
A. Destination NAT is disabled in the firewall policy.
B. One-to-one NAT IP pool is used in the firewall policy.
C. Overload NAT IP pool is used in the firewall policy.
D. Port block allocation IP pool is used in the firewall policy.
Correct Answer: A

QUESTION 3
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list
view?
A. Policy lookup will be disabled.
B. By Sequence view will be disabled.
C. Search option will be disabled
D. Interface Pair view will be disabled.
Correct Answer: A

QUESTION 4
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to
provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.
Correct Answer: BD
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/913287/ipsec-vpn-authenticatingaremotefortigate-peer-with-a-pre-shared-key

QUESTION 5
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

NSE4_FGT-6.4 exam questions-q5

NSE4_FGT-6.4 exam questions-q5-2

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected
file for the first time?
A. The firewall policy performs the full content inspection on the file.
B. The flow-based inspection is used, which resets the last packet to the user.
C. The volume of traffic being inspected is too high for this model of FortiGate.
D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
Correct Answer: A

QUESTION 6
Refer to the exhibit.

NSE4_FGT-6.4 exam questions-q6

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?
A. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
B. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
C. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.
D. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.
Correct Answer: C

QUESTION 7
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)
A. FortiGate points the collector agent to use a remote LDAP server.
B. FortiGate uses the AD server as the collector agent.
C. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
D. FortiGate queries AD by using the LDAP to retrieve user group information.
Correct Answer: CD

QUESTION 8
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
A. hard-timeout
B. auth-on-demand
C. soft-timeout
D. new-session
E. Idle-timeout
Correct Answer: ADE
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221

QUESTION 9
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the
source of the HTTP request?
A. remote user\\’s public IP address
B. The public IP address of the FortiGate device.
C. The remote user\\’s virtual IP address.
D. The internal IP address of the FortiGate device.
Correct Answer: D
Source IP seen by the remote resources is FortiGate\\’s internal IP address and not the user\\’s IP address

QUESTION 10
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
A. Antivirus engine
B. Intrusion prevention system engine
C. Flow engine
D. Detection engine
Correct Answer: B

QUESTION 11
View the exhibit.

NSE4_FGT-6.4 exam questions-q11

Which of the following statements are correct? (Choose two.)
A. This setup requires at least two firewall policies with the action set to IPsec.
B. Dead peer detection must be disabled to support this type of IPsec setup.
C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB
VPN is down.
D. This is a redundant IPsec setup.
Correct Answer: CD

QUESTION 12
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for
example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure web rating for the home page? (Choose two.)
A. www.example.com:443
B. www.example.com
C. example.com
D. www.example.com/index.html
Correct Answer: BD

QUESTION 13
Which two statements are true about the RPF check? (Choose two.)
A. The RPF check is run on the first sent packet of any new session.
B. The RPF check is run on the first reply packet of any new session.
C. The RPF check is run on the first sent and reply packet of any new session.
D. RPF is a mechanism that protects FortiGuard and your network from IP spoofing attacks.
Correct Answer: AD
Reference: https://www.programmersought.com/article/16383871634/

Use useful NSE4_FGT-6.4 online learning materials to provide you with a guarantee of passing the Fortinet NSE 4-FortiOS 6.4 exams. Pass4itSure NSE4_FGT-6.4 dumps are the right choice for you! Updates throughout the year, built by a professional team, are worthy of your possession. Visit now: https://www.pass4itsure.com/nse4_fgt-6-4.html (Updated: Aug 12, 2021).

Fortinet NSE4_FGT-6.4 pdf free download https://drive.google.com/file/d/1wI9DP9UwiUtT4qaThbYW2-fvD5Yx1ePC/view?usp=sharing

[2021.6] Update! New, Free | Fortinet NSE4_FGT-6.4 Practice Test, Fortinet NSE4_FGT-6.4 Pdf[2021.6] Update! New, Free | Fortinet NSE4_FGT-6.4 Practice Test, Fortinet NSE4_FGT-6.4 Pdf

Get the newest free complete Fortinet NSE4_FGT-6.4 exam dumps! Go to https://www.pass4itsure.com/nse4_fgt-6-4.html (Q&As: 142 ). Best 100% valid up-to-date actual Fortinet NSE4_FGT-6.4 dumps that bring you the best results. You can get 100% free updates on Fortinet NSE4_FGT-6.4 practice test questions, Fortinet NSE4_FGT-6.4 pdf here.

[free pdf] Fortinet NSE4_FGT-6.4 pdf download from google drive https://drive.google.com/file/d/1lw2A51jUlDv9TfqfhQZ6BEEocwVOT4Tg/view?usp=sharing

Latest Fortinet NSE4_FGT-6.4 Exam Questions From Youtube

https://youtu.be/MyxA9tvUXxQ

New Fortinet NSE4_FGT-6.4 Practice Test Q1-Q13 Free

QUESTION 1
Refer to the exhibit.

NSE4_FGT-6.4 exam questions-q1

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme,
users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a
form-based authentication scheme for the FortiGate local user database. Users will be prompted for
authentication. How will FortiGate process the traffic when the HTTP request comes from a machine with
the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)
A. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.
B. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
C. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.
D. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.
Correct Answer: AD

QUESTION 2
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to
the Source filed of a firewall policy?
A. IP address
B. Once Internet Service is selected, no other object can be added
C. User or User Group
D. FQDN address
Correct Answer: A
Reference: https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-inpolicy

QUESTION 3
An organization\\’s employee needs to connect to the office through a high-latency internet connection. Which SSL VPN
setting should the administrator adjust to prevent the SSL VPN negotiation failure?
A. Change the session-ttl.
B. Change the login timeout.
C. Change the idle-timeout.
D. Change the udp idle timer.
Correct Answer: B


QUESTION 4
Refer to the exhibit.

NSE4_FGT-6.4 exam questions-q4

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?
A. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
B. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to
10.0.4.0/24 through wan1.
C. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.
D. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to
203.0.114.24/32 through port3.
Correct Answer: C

QUESTION 5
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
A. Full Content inspection
B. Proxy-based inspection
C. Certificate inspection
D. Flow-based inspection
Correct Answer: B
QUESTION 6
Refer to the exhibit, which contains a session diagnostic output.

NSE4_FGT-6.4 exam questions-q6

Which statement is true about the session diagnostic output?
A. The session is a UDP unidirectional state.
B. The session is in TCP ESTABLISHED state.
C. The session is a bidirectional UDP connection.
D. The session is a bidirectional TCP connection.
Correct Answer: B


QUESTION 7
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose
two.)
A. FortiGuard web filter cache
B. FortiGate hostname
C. NTP
D. DNS
Correct Answer: CD


QUESTION 8
Examine the exhibit, which contains a virtual IP and firewall policy configuration.

NSE4_FGT-6.4 exam questions-q8

NSE4_FGT-6.4 exam questions-q8-2

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address
10.0.1.254/24. The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is
configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic
coming from a workstation with the IP address 10.0.1.10/24?
A. 10.200.1.10
B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
C. 10.200.1.1
D. 10.0.1.254
Correct Answer: B
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Virtual%20IPs.htm


QUESTION 9
Examine this PAC file configuration.

NSE4_FGT-6.4 exam questions-q9

Which of the following statements are true? (Choose two.)
A. Browsers can be configured to retrieve this PAC file from the FortiGate.
B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
D. Any web request fortinet.com is allowed to bypass the proxy.
Correct Answer: AD


QUESTION 10
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
B. ADVPN is only supported with IKEv2.
C. Tunnels are negotiated dynamically between spokes.
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are
defined in advance.
Correct Answer: AC


QUESTION 11
An administrator is running the following sniffer command:

NSE4_FGT-6.4 exam questions-q11

Which three pieces of Information will be Included in me sniffer output? (Choose three.)
A. Interface name B. Packet payload
C. Ethernet header
D. IP header
E. Application header
Correct Answer: BCE

QUESTION 13
Refer to the exhibit to view the application control profile.

NSE4_FGT-6.4 exam questions-q13

Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is
true?
A. Apple FaceTime belongs to the custom monitored filter.
B. The category of Apple FaceTime is being monitored.
C. Apple FaceTime belongs to the custom blocked filter.
D. The category of Apple FaceTime is being blocked.
Correct Answer: A

You can also browse the Fortinet exam practice questions updated in other months! click here [2021.4] New, Free | Fortinet NSE4_FGT-6.4 Practice Test, Fortinet NSE4_FGT-6.4 Pdf

Fortinet NSE4_FGT-6.4 PDF Free Download

Fortinet NSE4_FGT-6.4 pdf 100% free https://drive.google.com/file/d/1lw2A51jUlDv9TfqfhQZ6BEEocwVOT4Tg/view?usp=sharing

Pass4itsure Special Discount Share:

Pass4itsure Fortinet exam 15% discount with coupon: Fortinet

Finish:

Free share latest Fortinet NSE4_FGT-6.4 pdf, Fortinet NSE4_FGT-6.4 practice questions, Fortinet NSE4_FGT-6.4 exam video!

Latest Fortinet NSE4_FGT-6.4 questions answers in order to lead every candidate towards a brighter and better future. Select https://www.pass4itsure.com/nse4_fgt-6-4.html to get complete Fortinet NSE4_FGT-6.4 dumps practice exam questions and answers. Wish you success!

Fortinet NSE4_FGT-6.4 pdf free download https://drive.google.com/file/d/1lw2A51jUlDv9TfqfhQZ6BEEocwVOT4Tg/view?usp=sharing

[2021.4] New, Free | Fortinet NSE4_FGT-6.4 Practice Test, Fortinet NSE4_FGT-6.4 Pdf[2021.4] New, Free | Fortinet NSE4_FGT-6.4 Practice Test, Fortinet NSE4_FGT-6.4 Pdf

Get the newest free complete Fortinet NSE4_FGT-6.4 exam dumps! Go https://www.pass4itsure.com/nse4_fgt-6-4.html (Q&As: 142 ). Best 100% valid up-to-date actual Fortinet NSE4_FGT-6.4 dumps that bring you the best results. You can get 100% free updates on Fortinet NSE4_FGT-6.4 practice test questions, Fortinet NSE4_FGT-6.4 pdf here.

[free pdf] Fortinet NSE4_FGT-6.4 pdf download from google drive https://drive.google.com/file/d/1NvJ92HJlsYc_CyxSVN62VMo4W4Fu64WW/view?usp=sharing

Latest Fortinet NSE4_FGT-6.4 Exam Questions From Youtube

https://youtu.be/OJZQHRBqE88

New Fortinet NSE4_FGT-6.4 Practice Test Q1-Q13 Free

QUESTION 1
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
A. The strict RPF check is run on the first sent and reply packet of any new session.
B. Strict RPF checks the best route back to the sourceusingtheincoming interface.
C. Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.
D. Strict RPF allows packets back to sources with all active routes.
Correct Answer: A

QUESTION 2
Examine the two static routes shown in the exhibit, then answer the following question.

NSE4_FGT-6.4 exam questions-q2

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?
A. FortiGate will load balance all traffic across both routes.
B. FortiGate will use the port1 route as the primary candidate.
C. FortiGate will route twice as much traffic to the port2 route
D. FortiGate will only actuate the port1 route in the routing table
Correct Answer: B
“If multiple static routes have the same distance, they are all active; however, only the one with the lowest priority is
considered the best path.”


QUESTION 3
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

NSE4_FGT-6.4 exam questions-q3

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?
A. SMTP.Login.Brute.Force
B. IMAP.Login.brute.Force
C. ip_src_session
D. Location: server Protocol: SMTP
Correct Answer: B


QUESTION 4
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector
agent is required to achieve this?
A. Add the support of NTLM authentication.
B. Add useraccounts to Active Directory (AD).
C. Add user accounts to the FortiGate group fitter.
D. Add user accounts to the Ignore User List.
Correct Answer: C


QUESTION 5
Which statement regarding the firewall policy authentication timeout is true?
A. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user\\’s
source IP.
B. It is a hard timeout. The FortiGate removes the temporary policy for a user\\’s source IP address after this timer has
expired.
C. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user\\’s
source MAC.
D. It is a hard timeout. The FortiGate removes the temporary policy for a user\\’s source MAC address after this timer
has expired.
Correct Answer: A


QUESTION 6
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).

NSE4_FGT-6.4 exam questions-q6

NSE4_FGT-6.4 exam questions-q6-2

 

Which statement is correct if a user is unable to receive a block replacement message when downloading an infected
file for the first time?
A. The firewall policy performs the full content inspection on the file.
B. The flow-based inspection is used, which resets the last packet to the user.
C. The volume of traffic being inspected is too high for this model of FortiGate.
D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.
Correct Answer: A

QUESTION 7
Refer to the exhibits.

NSE4_FGT-6.4 exam questions-q7

The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to
SSL VPN?
A. Change the SSL VPN port on the client.
B. Change the Server IP address.
C. Change the idle-timeout.
D. Change the SSL VPN portal to the tunnel.
Correct Answer: D

QUESTION 8
Refer to the exhibit.

NSE4_FGT-6.4 exam questions-q8

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has
determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
A. On HQ-FortiGate,enable Auto-negotiate.
B. On Remote-FortiGate, set Seconds to 43200.
C. On HQ-FortiGate,enable Diffie-Hellman Group 2.
D. On HQ-FortiGate, set Encryption to AES256.
Correct Answer: D


QUESTION 9
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
A. The collector agent uses a Windows API to query DCs for user logins.
B. NetAPI polling can increase bandwidth usage in large networks.
C. The collector agent must search security event logs.
D. The NetSessionEnum functionis user] to track user logouts.
Correct Answer: A


QUESTION 10
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and
server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
B. To finish any inspection operations
C. To remove the NAT operation
D. To generate logs
Correct Answer: B


QUESTION 11
An administrator has configured the following settings:

NSE4_FGT-6.4 exam questions-q11

What are the two results of this configuration? (Choose two.)
A. Device detection on all interfaces is enforced for 30 minutes.
B. Denied users are blocked for 30 minutes.
C. A session for denied traffic is created.
D. The number of logs generated by denied traffic is reduced.
Correct Answer: CD
Reference:https://kb.fortinet.com/kb/documentLink.do?externalID=FD46328

QUESTION 12
Examine this PAC file configuration.

NSE4_FGT-6.4 exam questions-q12

Which of the following statements are true? (Choose two.)
A. Browsers can be configured to retrieve this PAC file from the FortiGate.
B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
D. Any web request fortinet.com is allowed to bypass the proxy.
Correct Answer: AD


QUESTION 13
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
A. System time
B. FortiGuaid update servers
C. Operating mode
D. NGFW mode
Correct Answer: AD

Fortinet NSE4_FGT-6.4 PDF Free Download

Fortinet NSE4_FGT-6.4 pdf 100% free https://drive.google.com/file/d/1NvJ92HJlsYc_CyxSVN62VMo4W4Fu64WW/view?usp=sharing

Pass4itsure Special Discount Share:

Pass4itsure Fortinet exam 15% discount with coupon: Fortinet

Finish:

Free share latest Fortinet NSE4_FGT-6.4 pdf, Fortinet NSE4_FGT-6.4 practice questions, Fortinet NSE4_FGT-6.4 exam video!

Latest Fortinet NSE4_FGT-6.4 questions answers in order to lead every candidate towards a brighter and better future. Select https://www.pass4itsure.com/nse4_fgt-6-4.html to get complete Fortinet NSE4_FGT-6.4 dumps practice exam questions and answers. Wish you success!

Fortinet NSE4_FGT-6.4 pdf free download https://drive.google.com/file/d/1NvJ92HJlsYc_CyxSVN62VMo4W4Fu64WW/view?usp=sharing