1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Apr 25, 2024

Fortinet NSE4 NSE4_FGT-6.0 Questions & Answers

  • Question 1:

    View the exhibit.

    A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

    A. Addicting.Games is allowed based on the Application Overrides configuration.

    B. Addicting.Games is blocked on the Filter Overrides configuration.

    C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Learn.

    D. Addcting.Games is allowed based on the Categories configuration.

  • Question 2:

    Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

    A. Lookup is done on the first packet from the session originator

    B. Lookup is done on the last packet sent from the responder

    C. Lookup is done on every packet, regardless of direction

    D. Lookup is done on the first reply packet from the responder

  • Question 3:

    Examine this network diagram:

    Examine this explicit web proxy configuration:

    What filter can be used in the command diagnose sniffer packet to capture the traffic between the client and the explicit web proxy?

    A. `host 10.0.0.50 and port 8080'

    B. `host 10.0.0.50 and port 80'

    C. `host 192.168.0.2 and port 8080'

    D. `host 192.168.0.1 and port 80'

  • Question 4:

    Which of the following statements about central NAT are true? (Choose two.)

    A. IP tool references must be removed from existing firewall policies before enabling central NAT.

    B. Central NAT can be enabled or disabled from the CLI only.

    C. Source NAT, using central NAT does not require a central SNAT policy.

    D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

  • Question 5:

    What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

    A. Services defined in the firewall policy.

    B. Incoming and outgoing interfaces

    C. Highest to lowest priority defined in the firewall policy.

    D. Lowest to highest policy ID number.

  • Question 6:

    Which of the following static routes are not maintained in the routing table?

    A. Named Address routes

    B. Dynamic routes

    C. ISDB routes

    D. Policy routes

  • Question 7:

    Examine the network diagram shown in the exhibit, and then answer the following question:

    A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24. Which of the following static routes will satisfy this requirement on FGT1? (Choose two.)

    A. 172.20.2.0/24 (1/0) via 10.10.1.2, port1 [0/0]

    B. 172.20.2.0/24 (25/0) via 10.30.3.2, port3 [5/0]

    C. 172.20.2.0/24 (25/0) via 10.10.1.2, port1 [5/0]

    D. 172.20.2.0/24 (1/150) via 10.30.3.2, port3 [10/0]

  • Question 8:

    View the exhibit.

    VDOM1 is operating in transparent mode VDOM2 is operating in NAT Route mode. There is an inteface VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1. What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

    A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.

    B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.

    C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.

    D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

  • Question 9:

    Which statement about the IP authentication header (AH) used by IPsec is true?

    A. AH does not provide any data integrity or encryption.

    B. AH does not support perfect forward secrecy.

    C. AH provides data integrity bur no encryption.

    D. AH provides strong data integrity but weak encryption.

  • Question 10:

    If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?

    A. The Services field removes the requirement of creating multiple VIPs for different services.

    B. The Services field is used when several VIPs need to be bundled into VIP groups.

    C. The Services field does not allow source NAT and destination NAT to be combined in the same policy.

    D. The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a single computer.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.