1. Home
  2. Fortinet
  3. NSE4_FGT-5.6

Fortinet NSE 4 - FortiOS 5.6

Exam Details

  • Exam Code
    :NSE4_FGT-5.6
  • Exam Name
    :Fortinet NSE 4 - FortiOS 5.6
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :114 Q&As
  • Last Updated
    :May 08, 2024

Fortinet NSE4 NSE4_FGT-5.6 Questions & Answers

  • Question 101:

    View the exhibit.

    Based on this output, which statements are correct?

    (Choose two.)

    Response:

    A. FortiGate generated an event log for system conserve mode.

    B. FortiGate has entered in to system conserve mode.

    C. By default, the FortiGate blocks new sessions.

    D. FortiGate changed the global av-failopen settings to idledrop.

  • Question 102:

    Which statement about the firewall policy authentication timeout is true? Response:

    A. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this times expires.

    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this times expires.

    C. It is an idle timeout. The FortiGate considers a user to be idle if it does not see any packets coming from the user's source MAC address.

    D. It is an idle timeout. The FortiGate considers a user to be idle if it does not see any packets coming from the user's source IP.

  • Question 103:

    An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

    Response:

    A. A phase 2 configuration is not required.

    B. This VPN cannot be used as part of a hub and spoke topology.

    C. The IPsec firewall policies must be placed at the top of the list.

    D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

  • Question 104:

    Which of the following statements are true about route-based IPsec VPNs?

    (Choose two.)

    Response:

    A. A virtual IPsec interface is automatically created after a phase 1 is added to the configuration

    B. They require firewall policies with the Action set to IPsec

    C. They support L2TP-over-IPsec tunnels

    D. They can be created in transparent mode VDOMs

  • Question 105:

    How does FortiGate verify the login credentials of a remote LDAP user? Response:

    A. FortiGate sends the user entered credentials to the LDAP server for authentication.

    B. FortiGate re-generates the algorithm based on the login credentials and compares it against the algorithm stored on the LDAP server.

    C. FortiGate queries its own database for credentials.

    D. FortiGate queries the LDAP server for credentials.

  • Question 106:

    Which FortiGate feature sends real-time queries to the FortiGuard Distribution Network (FDN)? Response:

    A. Web filtering

    B. VPN

    C. Antivirus

    D. IPS

  • Question 107:

    Which of the following web filtering modes apply to full URL inspection?

    (Choose two.)

    Response:

    A. Proxy-based

    B. DNS-based

    C. Policy-based

    D. Flow-based

    E. IP-based

  • Question 108:

    Which statements about FortiGate inspection modes are true?

    (Choose two.)

    Response:

    A. The default inspection mode is proxy based.

    B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.

    C. Proxy-based inspection is not available in VDOMs operating in transparent mode.

    D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.

  • Question 109:

    What is Diffie Hellman? Response:

    A. An algorithm and agreement method for two peers to independently calculate a common private key after sharing only their public keys

    B. An algorithm for generating a public and private key

    C. An agreement method for authenticating two peers using a pre-shared key

    D. An agreement method for negotiating an IKE security association (SA)

  • Question 110:

    Examine the exhibit, which shows a FortiGate device with two VDOMs: VDOM1 and VDOM2. Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1.

    The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2.

    What is required in the FortiGate configuration to route traffic between both subnets through an inter-VDOM link?

    Response:

    A. A firewall policy in VDOM1 to allow the traffic from 10.0.1.0/24 to 10.0.2.0/24 with port1 as the source interface and port2 as the destination interface.

    B. A static route in VDOM1 for the destination subnet of 10.0.1.0/24.

    C. A static route in VDOM2 with the destination subnet matching the subnet assigned to the inter-VDOM link.

    D. A static route in VDOM2 for the destination subnet 10.0.1.0/24.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-5.6 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.