1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE4_FGT-6.0 Online Practice Questions and Exam Preparation

NSE4_FGT-6.0 Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :May 24, 2026

Fortinet NSE4_FGT-6.0 Online Questions & Answers

  • Question 21:

    HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could resolve this problem? (Choose two.)

    A. Enable Allow Invalid SSL Certificates for the relevant security profile.
    B. Change web browsers to one that does not support HPKP.
    C. Exempt those web sites that use HPKP from full SSL inspection.
    D. Install the CA certificate (that is required to verify the web server certificate) stores of users' computers.

  • Question 22:

    Examine the exhibit, which contains a session diagnostic output.

    Which of the following statements about the session diagnostic output is true?

    A. The session is in ESTABLISHED state.
    B. The session is in LISTEN state.
    C. The session is in TIME_WAIT state.
    D. The session is in CLOSE_WAIT state.

  • Question 23:

    View the exhibit.

    VDOM1 is operating in transparent mode VDOM2 is operating in NAT Route mode. There is an inteface VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP

    address 10.200.1.2/24 is connected to port1.

    What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

    A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.
    B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.
    C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.
    D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

  • Question 24:

    How can you block or allow to Twitter using a firewall policy?

    A. Configure the Destination field as Internet Service objects for Twitter.
    B. Configure the Action field as Learn and select Twitter.
    C. Configure the Service field as Internet Service objects for Twitter.
    D. Configure the Source field as Internet Service objects for Twitter.

  • Question 25:

    View the exhibit.

    What does this raw log indicate? (Choose two.)

    A. FortiGate blocked the traffic.
    B. type indicates that a security event was recorded.
    C. 10.0.1.20 is the IP address for lavito.tk.
    D. policyid indicates that traffic went through the IPS firewall policy.

  • Question 26:

    Which statement is true regarding the policy ID number of a firewall policy?

    A. Defines the order in which rules are processed.
    B. Represents the number of objects used in the firewall policy.
    C. Required to modify a firewall policy using the CLI.
    D. Changes when firewall policies are reordered.

  • Question 27:

    Which action can be applied to each filter in the application control profile?

    A. Block, monitor, warning, and quarantine
    B. Allow, monitor, block and learn
    C. Allow, block, authenticate, and warning
    D. Allow, monitor, block, and quarantine

  • Question 28:

    Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

    A. The NetSessionEnum function is used to track user logoffs.
    B. WMI polling can increase bandwidth usage in large networks.
    C. The collector agent uses a Windows API to query DCs for user logins.
    D. The collector agent do not need to search any security event logs.

  • Question 29:

    Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

    A. The public key of the web server certificate must be installed on the browser.
    B. The web-server certificate must be installed on the browser.
    C. The CA certificate that signed the web-server certificate must be installed on the browser.
    D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

  • Question 30:

    When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?

    A. It must be configured in a static route using the sdwan virtual interface.
    B. It must be provided in the SD-WAN member interface configuration.
    C. It must be configured in a policy-route using the sdwan virtual interface.
    D. It must be learned automatically through a dynamic routing protocol.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.