1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Jun 15, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.0 Questions & Answers

  • Question 61:

    Which of the following statements about the FSSO collector agent timers is true?

    A. The workstation verify interval is used to periodically check if a workstation is still a domain member.

    B. The IP address change verify interval monitors the server IP address where the collector agent is installed, and the updates the collector agent configuration if it changes.

    C. The user group cache expiry is used to age out the monitored groups.

    D. The dead entry timeout interval is used to age out entries with an unverified status.

  • Question 62:

    A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?

    A. It can create administrator accounts with access to the same VDOM.

    B. It cannot have access to more than one VDOM.

    C. It can reset the password for the admin account.

    D. It can upgrade the firmware on the FortiGate device.

  • Question 63:

    An administrator is running the following sniffer command:

    diagnose sniffer packet any "host 10.0.2.10" 3

    What information will be included in the sniffer output? (Choose three.)

    A. IP header

    B. Ethernet header

    C. Packet payload

    D. Application header

    E. Interface name

  • Question 64:

    If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?

    A. It notifies the administrator by sending an email.

    B. It provides a DLP block replacement page with a link to download the file.

    C. It blocks all future traffic for that IP address for a configured interval.

    D. It archives the data for that IP address.

  • Question 65:

    Examine the routing database shown in the exhibit, and then answer the following question:

    Which of the following statements are correct? (Choose two.)

    A. The port3 default route has the highest distance.

    B. The port3 default route has the lowest metric.

    C. There will be eight routes active in the routing table.

    D. The port1 and port2 default routes are active in the routing table.

  • Question 66:

    Which of the following statements are true when using WPAD with the DHCP discovery method? (Choose two.)

    A. If the DHCP method fails, browsers will try the DNS method.

    B. The browser needs to be preconfigured with the DHCP server's IP address.

    C. The browser sends a DHCPINFORM request to the DHCP server.

    D. The DHCP server provides the PAC file for download.

  • Question 67:

    HTTP Public Key Pinning (HPKP) can be an obstacle to implementing full SSL inspection. What solutions could resolve this problem? (Choose two.)

    A. Enable Allow Invalid SSL Certificates for the relevant security profile.

    B. Change web browsers to one that does not support HPKP.

    C. Exempt those web sites that use HPKP from full SSL inspection.

    D. Install the CA certificate (that is required to verify the web server certificate) stores of users' computers.

  • Question 68:

    View the exhibit.

    What does this raw log indicate? (Choose two.)

    A. FortiGate blocked the traffic.

    B. type indicates that a security event was recorded.

    C. 10.0.1.20 is the IP address for lavito.tk.

    D. policyid indicates that traffic went through the IPS firewall policy.

  • Question 69:

    View the exhibit.

    Based on the configuration shown in the exhibit, what statements about application control behavior are true? (Choose two.)

    A. Access to all unknown applications will be allowed.

    B. Access to browser-based Social.Media applications will be blocked.

    C. Access to mobile social media applications will be blocked.

    D. Access to all applications in Social.Media category will be blocked.

  • Question 70:

    How does FortiGate verify the login credentials of a remote LDAP user?

    A. FortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server.

    B. FortiGate sends the user-entered credentials to the LDAP server for authentication.

    C. FortiGate queries the LDAP server for credentials.

    D. FortiGate queries its own database for credentials.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.