1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Jun 15, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.0 Questions & Answers

  • Question 41:

    View the certificate shown to the exhibit, and then answer the following question: The CA issued this certificate to which entity?

    A. A root CA

    B. A person

    C. A bridge CA

    D. A subordinate CA

  • Question 42:

    Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

    A. To remove the NAT operation.

    B. To generate logs

    C. To finish any inspection operations.

    D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.

  • Question 43:

    An administrator wants to create a policy-based IPsec VPN tunnel betweeb two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)

    A. Define the phase 1 parameters, without enabling IPsec interface mode

    B. Define the phase 2 parameters.

    C. Set the phase 2 encapsulation method to transport mode

    D. Define at least one firewall policy, with the action set to IPsec.

    E. Define a route to the remote network over the IPsec tunnel.

  • Question 44:

    Which of the following statements about NTLM authentication are correct? (Choose two.)

    A. It is useful when users log in to DCs that are not monitored by a collector agent.

    B. It takes over as the primary authentication method when configured alongside FSSO.

    C. Multi-domain environments require DC agents on every domain controller.

    D. NTLM-enabled web browsers are required.

  • Question 45:

    View the following exhibit, which shows the firewall policies and the object uses in the firewall policies.

    The administrator is using the Policy Lookup feature and has entered the search create shown in the following exhibit.

    Which of the following will be highlighted based on the input criteria?

    A. Policy with ID1.

    B. Policies with ID 2 and 3.

    C. Policy with ID 5.

    D. Policy with ID 4.

  • Question 46:

    Refer to the following exhibit.

    Why is FortiGate not blocking the test file over FTP download?

    A. Deep-inspection must be enabled for FortiGate to fully scan FTP traffic.

    B. FortiGate needs to be operating in flow-based inspection mode in order to scan FTP traffic.

    C. The FortiSandbox signature database is required to successfully scan FTP traffic.

    D. The proxy options profile needs to scan FTP traffic on a non-standard port.

  • Question 47:

    Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

    A. To detect intermediary NAT devices in the tunnel path.

    B. To dynamically change phase 1 negotiation mode aggressive mode.

    C. To encapsulation ESP packets in UDP packets using port 4500.

    D. To force a new DH exchange with each phase 2 rekey.

  • Question 48:

    Examine the two static routes shown in the exhibit, then answer the following question.

    Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

    A. FortiGate will load balance all traffic across both routes.

    B. FortiGate will use the port1 route as the primary candidate.

    C. FortiGate will route twice as much traffic to the port2 route

    D. FortiGate will only actuate the port1 route in the routing table

  • Question 49:

    An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. How must the administrator configure the local quick mode selector for site B?

    A. 192.168.3.0/24

    B. 192.168.2.0/24

    C. 192.168.1.0/24

    D. 192.168.0.0/8

  • Question 50:

    In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

    A. Client > primary FortiGate> secondary FortiGate> primary FortiGate> web server.

    B. Client > secondary FortiGate> web server.

    C. Clinet >secondary FortiGate> primary FortiGate> web server.

    D. Client> primary FortiGate> secondary FortiGate> web server.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.