1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :Apr 23, 2024

Fortinet NSE4 NSE4_FGT-6.4 Questions & Answers

  • Question 1:

    Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

    A. The public key of the web server certificate must be installed on the browser.

    B. The web-server certificate must be installed on the browser.

    C. The CA certificate that signed the web-server certificate must be installed on the browser.

    D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

  • Question 2:

    In which two ways can RPF checking be disabled? (Choose two )

    A. Enable anti-replay in firewall policy.

    B. Disable the RPF check at the FortiGate interface level for the source check

    C. Enable asymmetric routing.

    D. Disable strict-arc-check under system settings.

  • Question 3:

    An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.

    Which subnet must the administrator configure for the local quick mode selector for site B?

    A. 192.168.1.0/24

    B. 192.168.0.0/24

    C. 192.168.2.0/24

    D. 192.168.3.0/24

  • Question 4:

    Refer to the exhibit.

    Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

    A. Custom permission for Network

    B. Read/Write permission for Log and Report

    C. CLI diagnostics commands permission

    D. Read/Write permission for Firewall

  • Question 5:

    Which feature in the Security Fabric takes one or more actions based on event triggers?

    A. Fabric Connectors

    B. Automation Stitches

    C. Security Rating

    D. Logical Topology

  • Question 6:

    Refer to the exhibit, which contains a session diagnostic output.

    Which statement is true about the session diagnostic output?

    A. The session is a UDP unidirectional state.

    B. The session is in TCP ESTABLISHED state.

    C. The session is a bidirectional UDP connection.

    D. The session is a bidirectional TCP connection.

  • Question 7:

    Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

    A. System time

    B. FortiGuaid update servers

    C. Operating mode

    D. NGFW mode

  • Question 8:

    Refer to the exhibit.

    Which contains a Performance SLA configuration.

    An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

    A. Participants configured are not SD-WAN members.

    B. There may not be a static route to route the performance SLA traffic.

    C. The Ping protocol is not supported for the public servers that are configured.

    D. You need to turn on the Enable probe packets switch.

  • Question 9:

    A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

    What is the reason for the certificate warning errors?

    A. The browser requires a software update.

    B. FortiGate does not support full SSL inspection when web filtering is enabled.

    C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.

    D. There are network connectivity issues.

  • Question 10:

    Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

    An administrator has configured the WINDOWS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.

    What is a possible reason for this?

    A. The IPS filter is missing the Protocol: HTTPS option.

    B. The HTTPS signatures have not been added to the sensor.

    C. A DoS policy should be used, instead of an IPS sensor.

    D. A DoS policy should be used, instead of an IPS sensor.

    E. The firewall policy is not using a full SSL inspection profile.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.