Fortinet NSE4_FGT-6.0 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-6.0 Online Questions & Answers

• Question 41:

  View the exhibit:

  

  The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:

  

  What should be done next to troubleshoot the problem?

  A. Run a sniffer in the web server.
  B. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
  C. Capture the traffic using an external sniffer connected to port1.
  D. Execute a debug flow.
  D. Execute a debug flow.

• Question 42:

  When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

  A. Connected monitored ports > HA uptime > priority > serial number
  B. Priority > Connected monitored ports > HA uptime > serial number
  C. Connected monitored ports > priority > HA uptime > serial number
  D. HA uptime > priority > Connected monitored ports > serial number
  C. Connected monitored ports > priority > HA uptime > serial number

• Question 43:

  If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

  A. A CRL
  B. A person
  C. A subordinate CA
  D. A root CA
  D. A root CA

• Question 44:

  Examine the exhibit, which shows the partial output of an IKE real-time debug.

  

  Which of the following statement about the output is true?

  A. The VPN is configured to use pre-shared key authentication.
  B. Extended authentication (XAuth) was successful.
  C. Remote is the host name of the remote IPsec peer.
  D. Phase 1 went down.
  A. The VPN is configured to use pre-shared key authentication.

• Question 45:

  What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)

  A. Services defined in the firewall policy.
  B. Incoming and outgoing interfaces
  C. Highest to lowest priority defined in the firewall policy.
  D. Lowest to highest policy ID number.
  A. Services defined in the firewall policy.
  B. Incoming and outgoing interfaces

• Question 46:

  On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

  A. hourly
  B. real time
  C. on-demand
  D. store-and-upload
  B. real time
  D. store-and-upload

• Question 47:

  View the exhibit.

  

  Which users and user groups are allowed access to the network through captive portal?

  A. Users and groups defined in the firewall policy.
  B. Only individual users ?not groups ?defined in the captive portal configuration
  C. Groups defined in the captive portal configuration
  D. All users
  A. Users and groups defined in the firewall policy.

• Question 48:

  During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

  A. Authentication.
  B. Data integrity.
  C. Non-repudiation.
  D. Signature verification.
  D. Signature verification.

• Question 49:

  Which statements about a One-to-One IP pool are true? (Choose two.)

  A. It is used for destination NAT.
  B. It allows the fixed mapping of an internal address range to an external address range.
  C. It does not use port address translation.
  D. It allows the configuration of ARP replies.
  C. It does not use port address translation.
  D. It allows the configuration of ARP replies.

• Question 50:

  Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

  A. It recommends the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  B. ADVPN is only supported with IKEv2.
  C. IPSec tunnels are negotiated dynamically between spokes.
  D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
  A. It recommends the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  C. IPSec tunnels are negotiated dynamically between spokes.