1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Jun 15, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.0 Questions & Answers

  • Question 21:

    Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

    A. This is known as many-to-one NAT.

    B. Source IP is translated to the outgoing interface IP.

    C. Connections are tracked using source port and source MAC address.

    D. Port address translation is not used.

  • Question 22:

    What FortiGate configuration is required to actively prompt users for credentials?

    A. You must enable one or more protocols that support active authentication on a firewall policy.

    B. You must position the firewall policy for active authentication before a firewall policy for passive authentication

    C. You must assign users to a group for active authentication

    D. You must enable the Authentication setting on the firewall policy

  • Question 23:

    An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward. What step is required for this configuration?

    A. Configure an SSL VPN realm for clients to use the port forward bookmark.

    B. Configure the client application to forward IP traffic through FortiClient.

    C. Configure the virtual IP address to be assigned to the SSL VPN users.

    D. Configure the client application to forward IP traffic to a Java applet proxy.

  • Question 24:

    Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

    A. It recommends the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

    B. ADVPN is only supported with IKEv2.

    C. IPSec tunnels are negotiated dynamically between spokes.

    D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

  • Question 25:

    Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

    A. The firmware image must be manually uploaded to each FortiGate.

    B. Only secondary FortiGate devices are rebooted.

    C. Uninterruptable upgrade is enabled by default.

    D. Traffic load balancing is temporally disabled while upgrading the firmware.

  • Question 26:

    Which statement about DLP on FortiGate is true?

    A. It can archive files and messages.

    B. It can be applied to a firewall policy in a flow-based VDOM

    C. Traffic shaping can be applied to DLP sensors.

    D. Files can be sent to FortiSandbox for detecting DLP threats.

  • Question 27:

    Examine this PAC file configuration.

    Which of the following statements are true? (Choose two.)

    A. Browsers can be configured to retrieve this PAC file from the FortiGate.

    B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

    C. All requests not sent to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

    D. Any web request fortinet.com is allowed to bypass the proxy.

  • Question 28:

    What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

    A. Traffic to botnetservers

    B. Traffic to inappropriate web sites

    C. Server information disclosure attacks

    D. Credit card data leaks

    E. SQL injection attacks

  • Question 29:

    Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

    An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine

    whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is

    still not generating any IPS logs for the HTTPS traffic.

    What is a possible reason for this?

    A. The IPS filter is missing the Protocol: HTTPS option.

    B. The HTTPS signatures have not been added to the sensor.

    C. A DoS policy should be used, instead of an IPS sensor.

    D. The firewall policy is not using a full SSL inspection profile.

  • Question 30:

    When using WPAD DNS method, which FQDN format do browsers use to query the DNS server?

    A. srv_proxy./wpad.dat

    B. srv_tcp.wpad.

    C. wpad.

    D. proxy..wpad

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.