1. Home
  2. Fortinet
  3. NSE4_FGT-5.6

Fortinet NSE 4 - FortiOS 5.6

Exam Details

  • Exam Code
    :NSE4_FGT-5.6
  • Exam Name
    :Fortinet NSE 4 - FortiOS 5.6
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :114 Q&As
  • Last Updated
    :

Fortinet NSE4 NSE4_FGT-5.6 Questions & Answers

  • Question 21:

    What is the purpose of the Policy Lookup feature? Response:

    A. It searches the matching policy based on input criteria.

    B. It creates packet flow over FortiGate by sending real-time traffic.

    C. It finds duplicate objects in firewall policies.

    D. It creates a new firewall policy based on input criteria.

  • Question 22:

    Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

    The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24. The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

    Response:

    A. 10.200.1.1

    B. 10.0.1.254

    C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24

    D. 10.200.1.10

  • Question 23:

    When does the FortiGate enter into fail-open session mode? Response:

    A. When CPU usage goes above the red threshold.

    B. When a proxy (for proxy-based inspection) runs out of connections.

    C. When memory usage goes above the red threshold.

    D. When memory usage goes above the extreme threshold.

  • Question 24:

    Which of the following IPsec parameters is a phase 2 configuration setting? Response:

    A. Peer ID

    B. eXtended Authentication (XAuth)

    C. Quick mode selectors

    D. Authentication method

  • Question 25:

    Which of the following settings and protocols can be used to provide secure and restrictive administrative

    access to FortiGate?

    (Choose three.)

    Response:

    A. Trusted host

    B. HTTPS

    C. Trusted authentication

    D. SSH

    E. FortiTelemetry

  • Question 26:

    Which of the following protocols is used to encrypt the user data payload in an IPsec tunnel? Response:

    A. AH

    B. IKE

    C. ISAKMP

    D. ESP

  • Question 27:

    Which statements best describe auto discovery VPN (ADVPN).

    (Choose two.)

    Response:

    A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

    B. ADVPN is only supported with IKEv2.

    C. Tunnels are negotiated dynamically between spokes.

    D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

  • Question 28:

    Which FortiGate interface does source device type enable device detection on? Response:

    A. All interfaces of FortiGate

    B. Source interface of the firewall policy only

    C. Destination interface of the firewall policy only

    D. Both source interface and destination interface of the firewall policy

  • Question 29:

    Which of the following network settings can an IPsec gateway assign to an IPsec client using IP config

    mode?

    (Choose two.)

    Response:

    A. Quick mode selectors

    B. DNS IP address

    C. NAT-T

    D. IP address

  • Question 30:

    Which statement best describes the role of a DC agent in an FSSO DC agent mode solution? Response:

    A. Captures the logon events and forwards them to FortiGate.

    B. Captures the logon events and forwards them to the collector agent.

    C. Captures the logon and logoff events and forwards them to the collector agent.

    D. Captures the user IP address and workstation name and forwards them to FortiGate.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-5.6 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.