Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-6.4 Online Questions & Answers

• Question 131:

  Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

  A. Source defined as Internet Services in the firewall policy.
  B. Destination defined as Internet Services in the firewall policy.
  C. Highest to lowest priority defined in the firewall policy.
  D. Services defined in the firewall policy.
  E. Lowest to highest policy ID number.
  A. Source defined as Internet Services in the firewall policy.
  B. Destination defined as Internet Services in the firewall policy.
  D. Services defined in the firewall policy.

• Question 132:

  Which two statements about antivirus scanning mode are true? (Choose two.)

  A. In proxy-based inspection mode, files bigger than the buffer size are scanned.
  B. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
  C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
  D. In flow-based inspection mode, files bigger than the buffer size are scanned.
  B. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
  C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.

• Question 133:

  Which two statements ate true about the Security Fabric rating? (Choose two.)

  A. It provides executive summaries of the four largest areas of security focus.
  B. Many of the security issues can be fixed immediately by click ng Apply where available.
  C. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
  D. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
  B. Many of the security issues can be fixed immediately by click ng Apply where available.
  C. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.

• Question 134:

  Which three statements about a flow-based antivirus profile are correct? (Choose three.)

  A. IPS engine handles the process as a standalone.
  B. FortiGate buffers the whole file but transmits to the client simultaneously.
  C. If the virus is detected, the last packet is delivered to the client.
  D. Optimized performance compared to proxy-based inspection.
  E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
  B. FortiGate buffers the whole file but transmits to the client simultaneously.
  D. Optimized performance compared to proxy-based inspection.
  E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.

• Question 135:

  Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

  A. hard-timeout
  B. auth-on-demand
  C. soft-timeout
  D. new-session
  E. Idle-timeout
  A. hard-timeout
  D. new-session
  E. Idle-timeout

• Question 136:

  Which two statements are true about the RPF check? (Choose two.)

  A. The RPF check is run on the first sent packet of any new session.
  B. The RPF check is run on the first reply packet of any new session.
  C. The RPF check is run on the first sent and reply packet of any new session.
  D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.
  A. The RPF check is run on the first sent packet of any new session.
  D. RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

• Question 137:

  Refer to the exhibits.

  

  The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

  A. Change the SSL VPN port on the client.
  B. Change the Server IP address.
  C. Change the idle-timeout.
  D. Change the SSL VPN portal to the tunnel.
  A. Change the SSL VPN port on the client.

• Question 138:

  Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

  A. By default, FortiGate uses WINS servers to resolve names.
  B. By default, the SSL VPN portal requires the installation of a client's certificate.
  C. By default, split tunneling is enabled.
  D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.
  D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.

• Question 139:

  Refer to the exhibit.

  

  Which contains a network diagram and routing table output.

  The Student is unable to access Webserver.

  What is the cause of the problem and what is the solution for the problem?

  A. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
  B. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
  C. The first reply packet for Student failed the RPF check. This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
  D. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
  D. The first packet sent from Student failed the RPF check. This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.

• Question 140:

  Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

  A. FortiGuard web filter cache
  B. FortiGate hostname
  C. NTP
  D. DNS
  C. NTP
  D. DNS