1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE4_FGT-6.0 Online Practice Questions and Exam Preparation

NSE4_FGT-6.0 Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :May 24, 2026

Fortinet NSE4_FGT-6.0 Online Questions & Answers

  • Question 81:

    Examine the exhibit, which contains a virtual IP and firewall policy configuration.

    The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.

    The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.

    Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

    A. 10.200.1.10
    B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
    C. 10.200.1.1
    D. 10.0.1.254

  • Question 82:

    Examine this FortiGate configuration:

    Examine the output of the following debug command:

    Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

    A. It is allowed, but with no inspection
    B. It is allowed and inspected as long as the inspection is flow based
    C. It is dropped.
    D. It is allowed and inspected, as long as the only inspection required is antivirus.

  • Question 83:

    An administrator is investigating a report of users having intermittent issues with browsing the web. The administrator ran diagnostics and received the output shown in the exhibit.

    Examine the diagnostic output shown exhibit. Which of the following options is the most likely cause of this issue?

    A. NAT port exhaustion
    B. High CPU usage
    C. High memory usage
    D. High session timeout value

  • Question 84:

    Which statement is true regarding SSL VPN timers? (Choose two.)

    A. Allow to mitigate DoS attacks from partial HTTP requests.
    B. SSL VPN settings do not have customizable timers.
    C. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
    D. Prevent SSL VPN users from being logged out because of high network latency.

  • Question 85:

    An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose.

    Where must the proxy address be used?

    A. As the source in a firewall policy.
    B. As the source in a proxy policy.
    C. As the destination in a firewall policy.
    D. As the destination in a proxy policy.

  • Question 86:

    An administrator has configured two VLAN interfaces:

    A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

    A. Both interfaces must belong to the same forward domain.
    B. The role of the VLAN10 interface must be set to server.
    C. Both interfaces must have the same VLAN ID.
    D. Both interfaces must be in different VDOMs.

  • Question 87:

    Refer to the following exhibit.

    Why is FortiGate not blocking the test file over FTP download?

    A. Deep-inspection must be enabled for FortiGate to fully scan FTP traffic.
    B. FortiGate needs to be operating in flow-based inspection mode in order to scan FTP traffic.
    C. The FortiSandbox signature database is required to successfully scan FTP traffic.
    D. The proxy options profile needs to scan FTP traffic on a non-standard port.

  • Question 88:

    Examine the network diagram shown in the exhibit, then answer the following question:

    Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

    A. 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]
    B. 0.0.0.0/0 [20/0] via 10.4.200.2, port2
    C. 10.4.200.0/30 is directly connected, port2
    D. 172.16.32.0/24 is directly connected, port1

  • Question 89:

    An administrator is running the following sniffer command: diagnose sniffer packet any "host 10.0.2.10" 3

    What information will be included in the sniffer output? (Choose three.)

    A. IP header
    B. Ethernet header
    C. Packet payload
    D. Application header
    E. Interface name

  • Question 90:

    An administrator has configured central DNAT and virtual IPs. Which of the following can be selected in the firewall policy Destination field?

    A. A VIP group
    B. The mapped IP address object of the VIP object
    C. A VIP object
    D. An IP pool

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.