Fortinet Fortinet Certifications NSE4_FGT-6.4 Questions & Answers

• Question 111:

  An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

  A. The administrator can register the same FortiToken on more than one FortiGate.

  B. The administrator must use a FortiAuthenticator device.

  C. The administrator can use a third-party radius OTP server.

  D. The administrator must use the user self-registration server.

  Correct Answer: B

• Question 112:

  Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

  A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

  B. ADVPN is only supported with IKEv2.

  C. Tunnels are negotiated dynamically between spokes.

  D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

  Correct Answer: AC

• Question 113:

  Which two types of traffic are managed only by the management VDOM? (Choose two.)

  A. FortiGuard web filter queries

  B. PKI

  C. Traffic shaping

  D. DNS

  Correct Answer: AD

• Question 114:

  What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

  A. Traffic to botnetservers

  B. Traffic to inappropriate web sites

  C. Server information disclosure attacks

  D. Credit card data leaks

  E. SQL injection attacks

  Correct Answer: CDE

• Question 115:

  An administrator is running the following sniffer command:

  diagnose sniffer packet any "host 192.168.2.12" 5

  Which three pieces of Information will be Included in me sniffer output? {Choose three.)

  A. Interface name

  B. Packet payload

  C. Ethernet header

  D. IP header

  E. Application header

  Correct Answer: ABD

• Question 116:

  Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

  A. Log downloads from the GUI are limited to the current filter view

  B. Log backups from the CLI cannot be restored to another FortiGate.

  C. Log backups from the CLI can be configured to upload to FTP as a scheduled time

  D. Log downloads from the GUI are stored as LZ4 compressed files.

  Correct Answer: AB

• Question 117:

  An administrator has configured the following settings: What are the two results of this configuration? (Choose two.)

  

  A. Device detection on all interfaces is enforced for 30 minutes.

  B. Denied users are blocked for 30 minutes.

  C. A session for denied traffic is created.

  D. The number of logs generated by denied traffic is reduced.

  Correct Answer: CD

  Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46328

• Question 118:

  An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

  A. Change the session-ttl.

  B. Change the login timeout.

  C. Change the idle-timeout.

  D. Change the udp idle timer.

  Correct Answer: B

• Question 119:

  Exhibit:

  

  Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

  A. IP-based authentication is enabled B. Route-based authentication is enabled

  C. Session-based authentication is enabled.

  D. Policy-based authentication is enabled

  Correct Answer: C

• Question 120:

  Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

  A. diagnose wad session list

  B. diagnose wad session list | grep hook-preandandhook-out

  C. diagnose wad session list | grep hook=preandandhook=out

  D. diagnose wad session list | grep "hook=pre"and"hook=out"

  Correct Answer: A