1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Jun 15, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.0 Questions & Answers

  • Question 91:

    Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

    A. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.

    B. FortiGate is able to handle NATed connections only in aggressive mode.

    C. FortiClient only supports aggressive mode.

    D. Main mode does not support XAuth for user authentication.

  • Question 92:

    NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

    A. Web filtering

    B. Antivirus

    C. Web proxy

    D. Application control

  • Question 93:

    During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

    A. Authentication.

    B. Data integrity.

    C. Non-repudiation.

    D. Signature verification.

  • Question 94:

    Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

    A. Firewall service

    B. User or user group

    C. IP Pool

    D. FQDN address

  • Question 95:

    View the exhibit.

    Which users and user groups are allowed access to the network through captive portal?

    A. Users and groups defined in the firewall policy.

    B. Only individual users ?not groups ?defined in the captive portal configuration

    C. Groups defined in the captive portal configuration

    D. All users

  • Question 96:

    Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:

    An administrator has added the following static route on FGTI.

    Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

    A. The new route's destination subnet overlaps an existing route.

    B. The new route's Distance value should be higher than 10.

    C. The Gateway IP address is not in the same subnet as port1.

    D. The Priority is 0, which means that this route will remain inactive.

  • Question 97:

    View the exhibit.

    Why is the administrator getting the error shown in the exhibit?

    A. The administrator must first enter the command edit global.

    B. The administrator admin does not have the privileges required to configure global settings.

    C. The global settings cannot be configured from the root VDOM context.

    D. The command config system global does not exist in FortiGate.

  • Question 98:

    Which of the following statements about converse mode are true? (Choose two.)

    A. FortiGate stops sending files to FortiSandbox for inspection.

    B. FortiGate stops doing RPF checks over incoming packets.

    C. Administrators cannot change the configuration.

    D. Administrators can access the FortiGate only through the console port.

  • Question 99:

    Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

    A. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.

    B. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPSec.

    C. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.

    D. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

  • Question 100:

    How does FortiGate select the central SNAT policy that is applied to a TCP session?

    A. It selects the SNAT policy specified in the configuration of the outgoing interface.

    B. It selects the first matching central SNAT policy, reviewing from top to bottom.

    C. It selects the central SNAT policy with the lowest priority.

    D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.