1. Home
  2. Fortinet
  3. NSE4_FGT-5.6

Fortinet NSE4_FGT-5.6 Online Practice Questions and Exam Preparation

NSE4_FGT-5.6 Exam Details

  • Exam Code
    :NSE4_FGT-5.6
  • Exam Name
    :Fortinet NSE 4 - FortiOS 5.6
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :114 Q&As
  • Last Updated
    :May 26, 2026

Fortinet NSE4_FGT-5.6 Online Questions & Answers

  • Question 91:

    View the exhibit.

    The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

    What should be done next to troubleshoot the problem?

    Response:

    A. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
    B. Run a sniffer in the web server.
    C. Capture the traffic using an external sniffer connected to port1.
    D. Execute a debug flow.

  • Question 92:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? Response:

    A. The FortiGate unit's public IP address
    B. The FortiGate unit's internal IP address
    C. The remote user's virtual IP address
    D. The remote user's public IP address

  • Question 93:

    Examine the exhibit, which shows a FortiGate device with two VDOMs: VDOM1 and VDOM2. Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2.

    What is required in the FortiGate configuration to route traffic between both subnets through an inter-VDOM link? Response:

    A. A firewall policy in VDOM1 to allow the traffic from 10.0.1.0/24 to 10.0.2.0/24 with port1 as the source interface and port2 as the destination interface.
    B. A static route in VDOM1 for the destination subnet of 10.0.1.0/24.
    C. A static route in VDOM2 with the destination subnet matching the subnet assigned to the inter-VDOM link.
    D. A static route in VDOM2 for the destination subnet 10.0.1.0/24.

  • Question 94:

    A FortiGate has multiple VDOMs operating in NAT mode with multiple VLAN interfaces in each VDOM. Which of the following statements is true regarding the IP addresses assigned to each VLAN interface? Response:

    A. Different VLANs can never share the same IP address on the same physical device.
    B. Different VLANs can share the same IP address as long as they are in different VDOMs.
    C. Different VLANs can share the same IP address as long as they have different VLAN tag IDs.
    D. Different VLANs can share the same IP address as long as they are in different physical interfaces.

  • Question 95:

    Which actions can be configured in an application control profile?

    (Choose three.)

    Response:

    A. Monitor
    B. Block
    C. Warning
    D. Authenticate
    E. Quarantine

  • Question 96:

    Which statements are true regarding active authentication?

    (Choose two.)

    Response:

    A. Active authentication prompts the user for login credentials.
    B. Active authentication is always used before passive authentication.
    C. The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet protocols.
    D. Enabling authentication on a policy always enforces active authentication.

  • Question 97:

    Which statements are true of public key infrastracture (PKI) users on FortiGate?

    (Choose two.)

    Response:

    A. FortiGate must include the CA certificate that issued the PKI peer user certificate.
    B. PKI users can belong to firewall user groups.
    C. PKI users must authenticate with both a certificate and a password.
    D. The first PKI user must be added to FortiGate through the GUI.

  • Question 98:

    View the exhibit.

    Which statements about the exhibit are true?

    (Choose two.)

    Response:

    A. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
    B. port1-VLAN1 is the native VLAN for the port1 physical interface.
    C. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
    D. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

  • Question 99:

    Examine this output from the diagnose sys top command:

    Which statements about the output are true?

    (Choose two.)

    Response:

    A. sshd is the process consuming most memory
    B. sshd is the process consuming most CPU
    C. All the processes listed are in sleeping state
    D. The sshd process is using 123 pages of memory

  • Question 100:

    Which statements best describe auto discovery VPN (ADVPN).

    (Choose two.)

    Response:

    A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
    B. ADVPN is only supported with IKEv2.
    C. Tunnels are negotiated dynamically between spokes.
    D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-5.6 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.