Fortinet NSE4 NSE4_FGT-5.6 Questions & Answers

• Question 31:

  View the exhibit. Which statement is true regarding the configuration on the SSL-VPN Monitor page?

  

  Response:

  A. FortiGate assigns the IP address in .15-t r. n .1 to the Student SSL-VPN user.

  B. FortiGate assigns the IP address 10.200.3.1 - to the Student2 SSL-VPN user.

  C. FortiGate assigns IP address 10.212.134.200 to the Student2 SSL-VPN user.

  D. The Student SSL-VPN user is disconnected from the SSL-VPN and doesn't show any IP addresses under Active Connections.

  Correct Answer: C

• Question 32:

  Which of the following are factory default settings on a FortiGate?

  (Choose two.)

  Response:

  A. Administrative account is admin

  B. Password for administrative access is Fortinet

  C. Port1 (or internal) interface IP is 192.168.1.99/24

  D. Default gateway IP is 192.168.1.1 using porn (or internal) interface

  E. Mode of operation is transparent

  Correct Answer: AB

• Question 33:

  Which of the following statements are true regarding the SD-WAN feature on FortiGate?

  (Choose two.)

  Response:

  A. An SD-WAN static route does not require a next-hop gateway IP address.

  B. Each member interface requires its own firewall policy to allow traffic.

  C. SD-WAN provides route failover protection, but cannot load-balance traffic.

  D. FortiGate supports only one SD-WAN interface per VDOM.

  Correct Answer: AD

• Question 34:

  Which ways can FortiGate deliver one-time passwords (OTPs) to two-factor authentication users in your

  network?

  (Choose three.)

  Response:

  A. Hardware FortiToken

  B. Web portal

  C. SMS

  D. USB FortiToken

  E. FortiToken Mobile

  Correct Answer: ACE

• Question 35:

  A FortiGate has multiple VDOMs operating in NAT mode with multiple VLAN interfaces in each VDOM. Which of the following statements is true regarding the IP addresses assigned to each VLAN interface? Response:

  A. Different VLANs can never share the same IP address on the same physical device.

  B. Different VLANs can share the same IP address as long as they are in different VDOMs.

  C. Different VLANs can share the same IP address as long as they have different VLAN tag IDs.

  D. Different VLANs can share the same IP address as long as they are in different physical interfaces.

  Correct Answer: B

• Question 36:

  Examine the CLI configuration.

  (Choose two.)

  config system setting

  set ses-denied-traffic enable

  end

  What does this configuration do?

  Response:

  A. It creates a session for traffic being denied.

  B. It sends an alert notification to the administrator upon detecting denied traffic.

  C. It reduces the amount of logs generated by denied traffic.

  D. It reduces the amount of logs generated by denied traffic.

  Correct Answer: AC

• Question 37:

  What methods can you use to back up logs?

  (Choose three.)

  Response:

  A. SNMP

  B. USB

  C. SFTP

  D. TFTP

  E. FTP

  Correct Answer: BDE

• Question 38:

  Which of the following are IP pool types supported by FortiGate?

  (Choose three.)

  Response:

  A. Overload

  B. One-to-One

  C. Transparent

  D. Outgoing interface

  E. Port block allocation

  Correct Answer: ABC

• Question 39:

  Which component of FortiOS performs application control inspection? Response:

  A. Kernel

  B. Antivirus engine

  C. IPS engine

  D. Application control engine

  Correct Answer: C

• Question 40:

  Which of the following statements is true regarding client integrity checking in SSL VPN? Response:

  A. It detects the Windows client security applications running in the SSL VPN client's PCs.

  B. It validates the SSL VPN user credentials on the remote authentication server.

  C. It verifies which SSL VPN portal must be presented to each SSL VPN user.

  D. It verifies that the latest SSL VPN client is installed in the client's PC.

  Correct Answer: A