1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE4_FGT-6.0 Online Practice Questions and Exam Preparation

NSE4_FGT-6.0 Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :May 24, 2026

Fortinet NSE4_FGT-6.0 Online Questions & Answers

  • Question 91:

    An administrator wants to create a policy-based IPsec VPN tunnel betweeb two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)

    A. Define the phase 1 parameters, without enabling IPsec interface mode
    B. Define the phase 2 parameters.
    C. Set the phase 2 encapsulation method to transport mode
    D. Define at least one firewall policy, with the action set to IPsec.
    E. Define a route to the remote network over the IPsec tunnel.

  • Question 92:

    Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)

    A. Firewall service
    B. User or user group
    C. IP Pool
    D. FQDN address

  • Question 93:

    Examine the network diagram and the existing FGTI routing table shown in the exhibit, and then answer the following question:

    An administrator has added the following static route on FGTI.

    Since the change, the new static route is not showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

    A. The new route's destination subnet overlaps an existing route.
    B. The new route's Distance value should be higher than 10.
    C. The Gateway IP address is not in the same subnet as port1.
    D. The Priority is 0, which means that this route will remain inactive.

  • Question 94:

    What files are sent to FortiSandbox for inspection in flow-based inspection mode?

    A. All suspicious files that do not have their hash value in the FortiGuard antivirus signature database.
    B. All suspicious files that are above the defined oversize limit value in the protocol options.
    C. All suspicious files that match patterns defined in the antivirus profile.
    D. All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus profile.

  • Question 95:

    Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

    When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

    A. SMTP.Login.Brute.Force
    B. IMAP.Login.brute.Force
    C. ip_src_session
    D. Location: server Protocol: SMTP

  • Question 96:

    Which is a requirement for creating an inter-VDOM link between two VDOMs?

    A. The inspection mode of at least one VDOM must be proxy-based.
    B. At least one of the VDOMs must operate in NAT mode.
    C. The inspection mode of both VDOMs must match.
    D. Both VDOMs must operate in NAT mode.

  • Question 97:

    What FortiGate configuration is required to actively prompt users for credentials?

    A. You must enable one or more protocols that support active authentication on a firewall policy.
    B. You must position the firewall policy for active authentication before a firewall policy for passive authentication
    C. You must assign users to a group for active authentication
    D. You must enable the Authentication setting on the firewall policy

  • Question 98:

    Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

    An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine

    whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.

    What is a possible reason for this?

    A. The IPS filter is missing the Protocol: HTTPS option.
    B. The HTTPS signatures have not been added to the sensor.
    C. A DoS policy should be used, instead of an IPS sensor.
    D. The firewall policy is not using a full SSL inspection profile.

  • Question 99:

    Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

    A. To detect intermediary NAT devices in the tunnel path.
    B. To dynamically change phase 1 negotiation mode aggressive mode.
    C. To encapsulation ESP packets in UDP packets using port 4500.
    D. To force a new DH exchange with each phase 2 rekey.

  • Question 100:

    Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

    A. They can be configured in both NAT/Route and transparent operation modes.
    B. They support L2TP-over-IPsec.
    C. They require two firewall policies: one for each directions of traffic flow.
    D. They support GRE-over-IPsec.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.