1. Home
  2. Fortinet
  3. NSE4_FGT-5.6

Fortinet NSE 4 - FortiOS 5.6

Exam Details

  • Exam Code
    :NSE4_FGT-5.6
  • Exam Name
    :Fortinet NSE 4 - FortiOS 5.6
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :114 Q&As
  • Last Updated
    :May 08, 2024

Fortinet NSE4 NSE4_FGT-5.6 Questions & Answers

  • Question 41:

    An administrator wants to monitor their network for any probing attempts aimed to exploit existing

    vulnerabilities in their servers. What must they configure on their FortiGate to accomplish this?

    (Choose two.)

    Response:

    A. An application control profile and set all application signatures to monitor.

    B. A DoS policy, and log all UDP and TCP scan attempts.

    C. An IPS sensor to monitor all signatures applicable to the server.

    D. A web application firewall profile to check protocol constraints.

  • Question 42:

    An administrator needs to be able to view logs for application usage on your network. What configurations

    are required to ensure that FortiGate generates logs for application usage activity?

    (Choose two.)

    Response:

    A. Enable a web filtering profile on the firewall policy.

    B. Create an application control policy.

    C. Enable logging on the firewall policy.

    D. Enable an application control security profile on the firewall policy.

  • Question 43:

    Which statements correctly describe transparent mode operation?

    (Choose three.)

    Response:

    A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.

    B. The transparent FortiGate is visible to network hosts in an IP traceroute.

    C. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.

    D. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.

    E. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

  • Question 44:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

    Response:

    A. The FortiGate unit's public IP address

    B. The FortiGate unit's internal IP address

    C. The remote user's virtual IP address

    D. The remote user's public IP address

  • Question 45:

    If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

    Response:

    A. It blocks all future traffic for that IP address for a configured interval.

    B. It archives the data for that IP address.

    C. It provides a DLP block replacement page with a link to download the file.

    D. It notifies the administrator by sending an email.

  • Question 46:

    Which statement about data leak prevention (DLP) on a FortiGate is true? Response:

    A. Traffic shaping can be applied to DLP sensors.

    B. It can be applied to a firewall policy in a flow-based VDOM.

    C. Files can be sent to FortiSandbox for detecting DLP threats.

    D. It can archive files and messages.

  • Question 47:

    What FortiGate feature can be used to block a ping sweep scan from an attacker? Response:

    A. Web application firewall (WAF)

    B. Rate based IPS signatures

    C. One-arm sniffer

    D. DoS policies

  • Question 48:

    If you've lost your password for the admin account on your FortiGate, how can you reset it? Response:

    A. Hard reboot the FortiGate. Click Reset Password on the login window.

    B. Hard reboot the FortiGate. Run the execute reset-password command from the CLI.

    C. Hard reboot the FortiGate. Through the local console, interrupt the boot loader by pressing any key and then log in as maintainer. Enter the CLI commands required to set the password for the admin account.

    D. Hard reboot the FortiGate. Through the local console, once the FortiGate is booted up, log in as maintainer. Enter the CLI commands to set the password for the admin account.

  • Question 49:

    View the Exhibit.

    The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet.

    The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1.

    What ping option needs to be enabled before running the ping?

    Response:

    A. Execute ping-options source port1

    B. Execute ping-options source 10.200.1.1.

    C. Execute ping-options source 10.200.1.2

    D. Execute ping-options source 10.0.1.254

  • Question 50:

    To create a valid traffic shaping policy, which of the following matching criteria must align between a traffic

    shaping policy and a firewall policy?

    (Choose three.)

    Response:

    A. Source

    B. Schedule

    C. Service

    D. Destination

    E. Incoming interface

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-5.6 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.