1. Home
  2. Fortinet
  3. NSE4_FGT-6.0

Fortinet NSE 4 - FortiOS 6.0

Exam Details

  • Exam Code
    :NSE4_FGT-6.0
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :126 Q&As
  • Last Updated
    :Jun 15, 2025

Fortinet Fortinet Certifications NSE4_FGT-6.0 Questions & Answers

  • Question 81:

    Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

    What are the expected actions if traffic matches this IPS sensor? (Choose two.)

    A. The sensor will gather a packet log for all matched traffic.

    B. The sensor will not block attackers matching the A32S.Botnet signature.

    C. The sensor will block all attacks for Windows servers.

    D. The sensor will reset all connections that match these signatures.

  • Question 82:

    When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

    A. Connected monitored ports > HA uptime > priority > serial number

    B. Priority > Connected monitored ports > HA uptime > serial number

    C. Connected monitored ports > priority > HA uptime > serial number

    D. HA uptime > priority > Connected monitored ports > serial number

  • Question 83:

    Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

    A. Include the group of guest users in a policy.

    B. Extend timeout timers.

    C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.

    D. Ensure all firewalls allow the FSSO required ports.

  • Question 84:

    Examine the exhibit, which shows the output of a web filtering real time debug.

    Why is the site www.bing.com being blocked?

    A. The web site www.bing.com is categorized by FortiGuard as Malicious Websites.

    B. The user has not authenticated with the FortiGate yet.

    C. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.

    D. The rating for the web site www.bing.com has been locally overridden to a category that is being blocked.

  • Question 85:

    Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

    A. It always authorizes the traffic without requiring authentication.

    B. It drops the traffic.

    C. It authenticates the traffic using the authentication scheme SCHEME2.

    D. It authenticates the traffic using the authentication scheme SCHEME1.

  • Question 86:

    An employee connects to the https://example.com on the Internet using a web browser. The web server's certificate was signed by a private internal CA. The FortiGate that is inspecting this traffic is configured for full SSL inspection.

    This exhibit shows the configuration settings for the SSL/SSH inspection profile that is applied to the policy that is invoked in this instance. All other settings are set to defaults. No certificates have been imported into FortiGate. View the exhibit and answer the question that follows.

    Which certificate is presented to the employee's web browser?

    A. The web server's certificate.

    B. The user's personal certificate signed by a private internal CA.

    C. A certificate signed by Fortinet_CA_SSL.

    D. A certificate signed by Fortinet_CA_Untrusted.

  • Question 87:

    Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

    A. They can be configured in both NAT/Route and transparent operation modes.

    B. They support L2TP-over-IPsec.

    C. They require two firewall policies: one for each directions of traffic flow.

    D. They support GRE-over-IPsec.

  • Question 88:

    View the exhibit:

    The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:

    What should be done next to troubleshoot the problem?

    A. Run a sniffer in the web server.

    B. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".

    C. Capture the traffic using an external sniffer connected to port1.

    D. Execute a debug flow.

  • Question 89:

    Examine this output from a debug flow:

    Why did the FortiGate drop the packet?

    A. The next-hop IP address is unreachable.

    B. It failed the RPF check.

    C. It matched an explicitly configured firewall policy with the action DENY.

    D. It matched the default implicit firewall policy.

  • Question 90:

    An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?

    A. tcp_port_scan

    B. ip_dst_session

    C. udp_flood

    D. ip_src_session

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.