1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Jun 15, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.0 Questions & Answers

  • Question 71:

    Which action can be applied to each filter in the application control profile?

    A. Block, monitor, warning, and quarantine

    B. Allow, monitor, block and learn

    C. Allow, block, authenticate, and warning

    D. Allow, monitor, block, and quarantine

  • Question 72:

    An administrator is attempting to allow access to https://fortinet.com through a firewall policy that is configured with a web filter and an SSL inspection profile configured for deep inspection. Which of the following are possible actions to eliminate the certificate error generated by deep inspection? (Choose two.)

    A. Implement firewall authentication for all users that need access to fortinet.com.

    B. Manually install the FortiGate deep inspection certificate as a trusted CA.

    C. Configure fortinet.com access to bypass the IPS engine.

    D. Configure an SSL-inspection exemption for fortinet.com.

  • Question 73:

    View the exhibit:

    Which statement about the exhibit is true? (Choose two.)

    A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

    B. port-VLAN1 is the native VLAN for the port1 physical interface.

    C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.

    D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

  • Question 74:

    What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

    A. Enable Event Logging.

    B. Enable a web filter security profile on the Full Access firewall policy.

    C. Enable Log Allowed Traffic on the Full Access firewall policy.

    D. Enable disk logging.

  • Question 75:

    If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

    A. A CRL

    B. A person

    C. A subordinate CA

    D. A root CA

  • Question 76:

    Examine the exhibit, which shows the partial output of an IKE real-time debug.

    Which of the following statement about the output is true?

    A. The VPN is configured to use pre-shared key authentication.

    B. Extended authentication (XAuth) was successful.

    C. Remote is the host name of the remote IPsec peer.

    D. Phase 1 went down.

  • Question 77:

    An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

    A. A phase 2 configuration is not required.

    B. This VPN cannot be used as part of a hub-and-spoke topology.

    C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

    D. The IPsec firewall policies must be placed at the top of the list.

  • Question 78:

    Which statements about HA for FortiGate devices are true? (Choose two.)

    A. Sessions handled by proxy-based security profiles cannot be synchronized.

    B. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.

    C. HA management interface settings are synchronized between cluster members.

    D. Heartbeat interfaces are not required on the primary device.

  • Question 79:

    An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?

    A. FortiGate needs to be switched to NGFW mode.

    B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.

    C. Proxy options are no longer available starting in FortiOS 5.6.

    D. FortiGate is in flow-based inspection mode.

  • Question 80:

    How can you block or allow to Twitter using a firewall policy?

    A. Configure the Destination field as Internet Service objects for Twitter.

    B. Configure the Action field as Learn and select Twitter.

    C. Configure the Service field as Internet Service objects for Twitter.

    D. Configure the Source field as Internet Service objects for Twitter.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.