1. Home
  2. Fortinet
  3. NSE4_FGT-6.4

Fortinet NSE 4 - FortiOS 6.4

Exam Details

  • Exam Code
    :NSE4_FGT-6.4
  • Exam Name
    :Fortinet NSE 4 - FortiOS 6.4
  • Certification
    :NSE4
  • Vendor
    :Fortinet
  • Total Questions
    :163 Q&As
  • Last Updated
    :May 15, 2024

Fortinet NSE4 NSE4_FGT-6.4 Questions & Answers

  • Question 151:

    In an explicit proxy setup, where is the authentication method and database configured?

    A. Proxy Policy

    B. Authentication Rule

    C. Firewall Policy

    D. Authentication scheme

  • Question 152:

    An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

    A. Policy lookup will be disabled.

    B. By Sequence view will be disabled.

    C. Search option will be disabled

    D. Interface Pair view will be disabled.

  • Question 153:

    Refer to the exhibit to view the firewall policy.

    Which statement is correct if well-known viruses are not being blocked?

    A. The firewall policy does not apply deep content inspection.

    B. The firewall policy must be configured in proxy-based inspection mode.

    C. The action on the firewall policy must be set to deny.

    D. Web filter should be enabled on the firewall policy to complement the antivirus profile.

  • Question 154:

    Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

    A. Subject Key Identifier value

    B. SMMIE Capabilities value

    C. Subject value

    D. Subject Alternative Name value

  • Question 155:

    Examine this PAC file configuration.

    Which of the following statements are true? (Choose two.)

    A. Browsers can be configured to retrieve this PAC file from the FortiGate.

    B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

    C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

    D. Any web request fortinet.com is allowed to bypass the proxy.

  • Question 156:

    Refer to the exhibit.

    Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

    A. The session is in SYN_SENT state.

    B. The session is in FIN_ACK state.

    C. The session is in FTN_WAIT state.

    D. The session is in ESTABLISHED state.

  • Question 157:

    A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

    A. Implement a web filter category override for the specified website

    B. Implement a DNS filter for the specified website.

    C. Implement web filter quotas for the specified website

    D. Implement web filter authentication for the specified website.

  • Question 158:

    The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.

    What order must FortiGate use when the web filter profile has features enabled, such as safe search?

    A. DNS-based web filter and proxy-based web filter

    B. Static URL filter, FortiGuard category filter, and advanced filters

    C. Static domain filter, SSL inspection filter, and external connectors filters

    D. FortiGuard category filter and rating filter

  • Question 159:

    Refer to the exhibit.

    The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.

    How does FortiGate process the traffic sent to http://www.fortinet.com?

    A. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.

    B. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.

    C. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.

    D. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

  • Question 160:

    Which of the following statements about central NAT are true? (Choose two.)

    A. IP tool references must be removed from existing firewall policies before enabling central NAT.

    B. Central NAT can be enabled or disabled from the CLI only.

    C. Source NAT, using central NAT, requires at least one central SNAT policy.

    D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4_FGT-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.