1. Home
  2. Fortinet
  3. NSE4_FGT-5.6

Fortinet NSE 4 - FortiOS 5.6

Exam Details

  • Exam Code
    :NSE4_FGT-5.6
  • Exam Name
    :Fortinet NSE 4 - FortiOS 5.6
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :114 Q&As
  • Last Updated
    :Apr 25, 2024

Fortinet NSE4 NSE4_FGT-5.6 Questions & Answers

  • Question 1:

    Examine the following log message attributes and select two correct statements from the list below.

    (Choose two.)

    Response:

    A. The category action was set to warning.

    B. The website was allowed on the first attempt.

    C. The user was prompted to decide whether to proceed or go back.

    D. The user failed authentication.

  • Question 2:

    To which remote devices can FortiGate send logs?

    (Choose three.)

    Response:

    A. Syslog

    B. FortiAnalyzer

    C. Hard drive

    D. Memory

    E. FortiCloud

  • Question 3:

    What methods can a web browser use to learn the URL where a web proxy PAC file is located?

    (Choose two.)

    Response:

    A. Manually configuring the PAC's URL in the browser settings.

    B. Using WPAD.

    C. Manually appending the PAC URL to the destination server URL.

    D. Using the Forwarded HTTP header.

  • Question 4:

    An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?

    Response:

    A. The administrator is running the sniffer on the internal interface only.

    B. The filter used in the sniffer matches the traffic only in one direction.

    C. The FortiGate is doing content inspection.

    D. TCP traffic is being offloaded to an NP6.

  • Question 5:

    Which statements about high availability (HA) for FortiGates are true?

    (Choose two.)

    Response:

    A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.

    B. Heartbeat interfaces are not required on the primary device.

    C. HA management interface settings are synchronized between cluster members.

    D. Sessions handled by UTM proxy cannot be synchronized.

  • Question 6:

    View the exhibit.

    Which of the following statements are correct?

    (Choose two.)

    Response:

    A. This is a redundant IPsec setup.

    B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

    C. This setup requires at least two firewall policies with action set to IPsec.

    D. Dead peer detection must be disabled to support this type of IPsec setup.

  • Question 7:

    What is the purpose of the Policy Lookup feature? Response:

    A. It searches the matching policy based on an input criteria.

    B. It enables hidden security profiles with full logging capabilities and generates Learning Reports based on an input criteria.

    C. It finds duplicate objects in firewall policies.

    D. It creates a new firewall policy based on an input criteria.

  • Question 8:

    An administrator is configuring an IPsec VPN between site A and B.

    The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local

    quick mode selector is 10.0.1.0/24 and the remote quick mode selector is 10.0.2.0/24.

    How must the administrator configure the local quick mode selector in site B?

    Response:

    A. 10.0.2.0/24

    B. 0 0.0.0.0/0 0

    C. 10.0.1.0/24

    D. 0 10.0.0.0/8

  • Question 9:

    Examine this output from the diagnose sys top command:

    Which statements about the output are true?

    (Choose two.)

    Response:

    A. sshd is the process consuming most memory

    B. sshd is the process consuming most CPU

    C. All the processes listed are in sleeping state

    D. The sshd process is using 123 pages of memory

  • Question 10:

    What step is required to configure an SSL VPN to access to an internal server using port forward mode? Response:

    A. Configure the virtual IP addresses to be assigned to the SSL VPN users.

    B. Install FortiClient SSL VPN client

    C. Create a SSL VPN realm reserved for clients using port forward mode.

    D. Configure the client application to forward IP traffic to a Java applet proxy.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-5.6 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.