1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE4_FGT-6.0 Online Practice Questions and Exam Preparation

NSE4_FGT-6.0 Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :May 24, 2026

Fortinet NSE4_FGT-6.0 Online Questions & Answers

  • Question 101:

    What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

    A. Enable Event Logging.
    B. Enable a web filter security profile on the Full Access firewall policy.
    C. Enable Log Allowed Traffic on the Full Access firewall policy.
    D. Enable disk logging.

  • Question 102:

    An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

    A. Implement firewall authentication for all users that need access to fortinet.com.
    B. Manually install the FortiGate deep inspection certificate as a trusted CA.
    C. Configure fortinet.com access to bypass the IPS engine.
    D. Configure an SSL-inspection exemption for fortinet.com.

  • Question 103:

    Examine the routing database shown in the exhibit, and then answer the following question:

    Which of the following statements are correct? (Choose two.)

    A. The port3 default route has the highest distance.
    B. The port3 default route has the lowest metric.
    C. There will be eight routes active in the routing table.
    D. The port1 and port2 default routes are active in the routing table.

  • Question 104:

    By default, when logging to disk, when does FortiGate delete logs?

    A. 30 days
    B. 1 year
    C. Never
    D. 7 days

  • Question 105:

    Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

    A. Include the group of guest users in a policy.
    B. Extend timeout timers.
    C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
    D. Ensure all firewalls allow the FSSO required ports.

  • Question 106:

    View the exhibit:

    Which statement about the exhibit is true? (Choose two.)

    A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
    B. port-VLAN1 is the native VLAN for the port1 physical interface.
    C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
    D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

  • Question 107:

    Which statement regarding the firewall policy authentication timeout is true?

    A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
    C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.
    D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

  • Question 108:

    View the certificate shown to the exhibit, and then answer the following question:

    The CA issued this certificate to which entity?

    A. A root CA
    B. A person
    C. A bridge CA
    D. A subordinate CA

  • Question 109:

    An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

    A. A phase 2 configuration is not required.
    B. This VPN cannot be used as part of a hub-and-spoke topology.
    C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
    D. The IPsec firewall policies must be placed at the top of the list.

  • Question 110:

    What information is flushed when the chunk-size value is changed in the config dlp settings?

    A. The database for DLP document fingerprinting
    B. The supported file types in the DLP filters
    C. The archived files and messages
    D. The file name patterns in the DLP filters

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.