Fortinet NSE4_FGT-6.0 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-6.0 Online Questions & Answers

• Question 111:

  A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface. Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

  A. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
  B. The two VLAN sub interfaces must have different VLAN IDs.
  C. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.
  D. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
  B. The two VLAN sub interfaces must have different VLAN IDs.

• Question 112:

  View the exhibit.

  

  Which of the following statements are correct? (Choose two.)

  A. This setup requires at least two firewall policies with the action set to IPsec.
  B. Dead peer detection must be disabled to support this type of IPsec setup.
  C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  D. This is a redundant IPsec setup.
  C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  D. This is a redundant IPsec setup.

• Question 113:

  An employee connects to the https://example.com on the Internet using a web browser. The web server's certificate was signed by a private internal CA. The FortiGate that is inspecting this traffic is configured for full SSL inspection.

  This exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the policy that is invoked in this instance. All other settings are set to defaults. No certificates have been imported into FortiGate. View the exhibit and answer the question that follows.

  

  Which certificate is presented to the employee's web browser?

  A. The web server's certificate.
  B. The user's personal certificate signed by a private internal CA.
  C. A certificate signed by Fortinet_CA_SSL.
  D. A certificate signed by Fortinet_CA_Untrusted.
  D. A certificate signed by Fortinet_CA_Untrusted.

• Question 114:

  Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

  A. The firmware image must be manually uploaded to each FortiGate.
  B. Only secondary FortiGate devices are rebooted.
  C. Uninterruptable upgrade is enabled by default.
  D. Traffic load balancing is temporally disabled while upgrading the firmware.
  B. Only secondary FortiGate devices are rebooted.
  D. Traffic load balancing is temporally disabled while upgrading the firmware.

• Question 115:

  Which of the following statements about virtual domains (VDOMs) are true? (Choose two.)

  A. The root VDOM is the management VDOM by default.
  B. A FortiGate device has 64 VDOMs, created by default.
  C. Each VDOM maintains its own system time.
  D. Each VDOM maintains its own routing table.
  A. The root VDOM is the management VDOM by default.
  D. Each VDOM maintains its own routing table.

• Question 116:

  An administrator has configured the following settings:

  

  What does the configuration do? (Choose two.)

  A. Reduces the amount of logs generated by denied traffic.
  B. Enforces device detection on all interfaces for 30 minutes.
  C. Blocks denied users for 30 minutes.
  D. Creates a session for traffic being denied.
  C. Blocks denied users for 30 minutes.
  D. Creates a session for traffic being denied.

• Question 117:

  Which statements about antivirus scanning mode are true? (Choose two.)

  A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.
  B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.
  C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.
  D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.
  A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.
  B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.

• Question 118:

  Examine the following web filtering log.

  

  Which statement about the log message is true?

  A. The action for the category Games is set to block.
  B. The usage quota for the IP address 10.0.1.10 has expired
  C. The name of the applied web filter profile is default.
  D. The web site miniclip.com matches a static URL filter whose action is set to Warning.
  C. The name of the applied web filter profile is default.

• Question 119:

  When using WPAD DNS method, which FQDN format do browsers use to query the DNS server?

  A. srv_proxy./wpad.dat
  B. srv_tcp.wpad.
  C. wpad.
  D. proxy..wpad
  C. wpad.

• Question 120:

  NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

  A. Web filtering
  B. Antivirus
  C. Web proxy
  D. Application control
  B. Antivirus