Summer Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

NSE4_FGT-6.4 PDF

$49.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

NSE4_FGT-6.4 PDF + Testing Engine

$79.2

$175.99

3 Months Free Update

  • Exam Name: Fortinet NSE 4 - FortiOS 6.4
  • Last Update: Sep 30, 2022
  • Questions and Answers: 165
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

NSE4_FGT-6.4 Engine

$59.4

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

NSE4_FGT-6.4 Fortinet NSE 4 - FortiOS 6.4 Questions and Answers

Question # 6

Refer to the exhibit.

NSE4_FGT-6.4 question answer

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

A.

The IPS engine was inspecting high volume of traffic.

B.

The IPS engine was unable to prevent an intrusion attack.

C.

The IPS engine was blocking all traffic.

D.

The IPS engine will continue to run in a normal state.

Full Access
Question # 7

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)

A.

The keyUsage extension must be set to keyCertSign.

B.

The common name on the subject field must use a wildcard name.

C.

The issuer must be a public CA.

D.

The CA extension must be set to TRUE.

Full Access
Question # 8

Refer to the exhibit.

NSE4_FGT-6.4 question answer

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up. but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?

A.

On HQ-FortiGate, enable Auto-negotiate.

B.

On Remote-FortiGate, set Seconds to 43200.

C.

On HQ-FortiGate, enable Diffie-Hellman Group 2.

D.

On HQ-FortiGate, set Encryption to AES256.

Full Access
Question # 9

Which two statements are true about collector agent standard access mode? (Choose two.)

A.

Standard mode uses Windows convention-NetBios: Domain\Username.

B.

Standard mode security profiles apply to organizational units (OU).

C.

Standard mode security profiles apply to user groups.

D.

Standard access mode supports nested groups.

Full Access
Question # 10

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A.

Antivirus engine

B.

Intrusion prevention system engine

C.

Flow engine

D.

Detection engine

Full Access
Question # 11

Refer to the exhibit.

NSE4_FGT-6.4 question answer

Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

A.

There are five devices that are part of the security fabric.

B.

Device detection is disabled on all FortiGate devices.

C.

This security fabric topology is a logical topology view.

D.

There are 19 security recommendations for the security fabric.

Full Access
Question # 12

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

A.

SSH

B.

HTTPS

C.

FTM

D.

FortiTelemetry

Full Access
Question # 13

Examine this PAC file configuration.

NSE4_FGT-6.4 question answer

Which of the following statements are true? (Choose two.)

A.

Browsers can be configured to retrieve this PAC file from the FortiGate.

B.

Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

C.

All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D.

Any web request fortinet.com is allowed to bypass the proxy.

Full Access
Question # 14

Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)

A.

Web filter in flow-based inspection

B.

Antivirus in flow-based inspection

C.

DNS filter

D.

Web application firewall

E.

Application control

Full Access
Question # 15

Which two statements are true about the FGCP protocol? (Choose two.)

A.

Not used when FortiGate is in Transparent mode

B.

Elects the primary FortiGate device

C.

Runs only over the heartbeat links

D.

Is used to discover FortiGate devices in different HA groups

Full Access
Question # 16

Refer to the exhibit.

NSE4_FGT-6.4 question answer

Given the routing database shown in the exhibit, which two statements are correct? (Choose two.)

A.

The port3 default route has the highest distance.

B.

The port3 default route has the lowest metric.

C.

There will be eight routes active in the routing table.

D.

The port1 and port2 default routes are active in the routing table.

Full Access
Question # 17

Which of statement is true about SSL VPN web mode?

A.

The tunnel is up while the client is connected.

B.

It supports a limited number of protocols.

C.

The external network application sends data through the VPN.

D.

It assigns a virtual IP address to the client.

Full Access
Question # 18

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.

Which two other security profiles can you apply to the security policy? (Choose two.)

A.

Antivirus scanning

B.

File filter

C.

DNS filter

D.

Intrusion prevention

Full Access
Question # 19

Refer to the exhibit.

NSE4_FGT-6.4 question answer

An administrator is running a sniffer command as shown in the exhibit.

Which three pieces of information are included in the sniffer output? (Choose three.)

A.

Interface name

B.

Ethernet header

C.

IP header

D.

Application header

E.

Packet payload

Full Access
Question # 20

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

A.

hard-timeout

B.

auth-on-demand

C.

soft-timeout

D.

new-session

E.

Idle-timeout

Full Access
Question # 21

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

A.

Policy lookup will be disabled.

B.

By Sequence view will be disabled.

C.

Search option will be disabled

D.

Interface Pair view will be disabled.

Full Access
Question # 22

An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?

A.

The strict RPF check is run on the first sent and reply packet of any new session.

B.

Strict RPF checks the best route back to the source using the incoming interface.

C.

Strict RPF checks only for the existence of at cast one active route back to the source using the incoming interface.

D.

Strict RPF allows packets back to sources with all active routes.

Full Access
Question # 23

What is the primary FortiGate election process when the HA override setting is disabled?

A.

Connected monitored ports > System uptime > Priority > FortiGate Serial number

B.

Connected monitored ports > HA uptime > Priority > FortiGate Serial number

C.

Connected monitored ports > Priority > HA uptime > FortiGate Serial number

D.

Connected monitored ports > Priority > System uptime > FortiGate Serial number

Full Access
Question # 24

Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

A.

DNS

B.

ping

C.

udp-echo

D.

TWAMP

Full Access