1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE4_FGT-6.0 Online Practice Questions and Exam Preparation

NSE4_FGT-6.0 Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :May 24, 2026

Fortinet NSE4_FGT-6.0 Online Questions & Answers

  • Question 51:

    What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

    A. It limits the scope of application control to the browser-based technology category only.
    B. It limits the scope of application control to scan application traffic based on application category only.
    C. It limits the scope of application control to scan application traffic using parent signatures only
    D. It limits the scope of application control to scan application traffic on DNS protocol only.

  • Question 52:

    The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?

    A. LDAP convention
    B. NTLM convention
    C. Windows convention ?NetBios\Username
    D. RSSO convention

  • Question 53:

    Which of the following static routes are not maintained in the routing table?

    A. Named Address routes
    B. Dynamic routes
    C. ISDB routes
    D. Policy routes

  • Question 54:

    Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

    What are the expected actions if traffic matches this IPS sensor? (Choose two.)

    A. The sensor will gather a packet log for all matched traffic.
    B. The sensor will not block attackers matching the A32S.Botnet signature.
    C. The sensor will block all attacks for Windows servers.
    D. The sensor will reset all connections that match these signatures.

  • Question 55:

    How does FortiGate select the central SNAT policy that is applied to a TCP session?

    A. It selects the SNAT policy specified in the configuration of the outgoing interface.
    B. It selects the first matching central SNAT policy, reviewing from top to bottom.
    C. It selects the central SNAT policy with the lowest priority.
    D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

  • Question 56:

    View the exhibit.

    A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

    A. Addicting.Games is allowed based on the Application Overrides configuration.
    B. Addicting.Games is blocked on the Filter Overrides configuration.
    C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Learn.
    D. Addcting.Games is allowed based on the Categories configuration.

  • Question 57:

    Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

    A. If the DHCP method fails, browsers will try the DNS method.
    B. The browser needs to be preconfigured with the DHCP server's IP address.
    C. The browser sends a DHCPINFORM request to the DHCP server.
    D. The DHCP server provides the PAC file for download.

  • Question 58:

    Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

    A. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
    B. FortiGate is able to handle NATed connections only in aggressive mode.
    C. FortiClient only supports aggressive mode.
    D. Main mode does not support XAuth for user authentication.

  • Question 59:

    Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

    A. To remove the NAT operation.
    B. To generate logs
    C. To finish any inspection operations.
    D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.

  • Question 60:

    Which Statements about virtual domains (VDOMs) arc true? (Choose two.)

    A. Transparent mode and NAT/Route mode VDOMs cannot be combined on the same FortiGate.
    B. Each VDOM can be configured with different system hostnames.
    C. Different VLAN sub-interface of the same physical interface can be assigned to different VDOMs.
    D. Each VDOM has its own routing table.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.