1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Jun 15, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.0 Questions & Answers

  • Question 51:

    Examine this output from a debug flow: Which statements about the output are correct? (Choose two.)

    A. FortiGate received a TCP SYN/ACK packet.

    B. The source IP address of the packet was translated to 10.0.1.10.

    C. FortiGate routed the packet through port 3.

    D. The packet was allowed by the firewall policy with the ID 00007fc0.

  • Question 52:

    Which statements about antivirus scanning mode are true? (Choose two.)

    A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.

    B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.

    C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.

    D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.

  • Question 53:

    A team manager has decided that while some members of the team need access to particular website, the majority of the team does not. Which configuration option is the most effective option to support this request?

    A. Implement a web filter category override for the specified website.

    B. Implement web filter authentication for the specified website

    C. Implement web filter quotas for the specified website.

    D. Implement DNS filter for the specified website.

  • Question 54:

    Examine the network diagram shown in the exhibit, then answer the following question:

    Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

    A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]

    B. 0.0.0.0/0 [20/0] via 10.4.200.2, port2

    C. 10.4.200.0/30 is directly connected, port2

    D. 172.16.32.0/24 is directly connected, port1

  • Question 55:

    Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

    A. Log downloads from the GUI are limited to the current filter view

    B. Log backups from the CLI cannot be restored to another FortiGate.

    C. Log backups from the CLI can be configured to upload to FTP as a scheduled time

    D. Log downloads from the GUI are stored as LZ4 compressed files.

  • Question 56:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

    A. remote user's public IP address

    B. The public IP address of the FortiGate device.

    C. The remote user's virtual IP address.

    D. The internal IP address of the FortiGate device.

  • Question 57:

    By default, when logging to disk, when does FortiGate delete logs?

    A. 30 days

    B. 1 year

    C. Never

    D. 7 days

  • Question 58:

    Examine the exhibit, which contains a session diagnostic output.

    Which of the following statements about the session diagnostic output is true?

    A. The session is in ESTABLISHED state.

    B. The session is in LISTEN state.

    C. The session is in TIME_WAIT state.

    D. The session is in CLOSE_WAIT state.

  • Question 59:

    Examine the exhibit, which contains a virtual IP and firewall policy configuration.

    The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address

    10.0.1.254/24.

    The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is

    configured with a VIP as the destination address.

    Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP

    address 10.0.1.10/24?

    A. 10.200.1.10

    B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24

    C. 10.200.1.1

    D. 10.0.1.254

  • Question 60:

    Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-based?

    A. FortiGuard Quotas

    B. Static URL

    C. Search engines

    D. Rating option

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.