Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-6.4 Online Questions & Answers

• Question 31:

  Exhibit:

  

  Refer to the exhibit to view the authentication rule configuration In this scenario, which statement is true?

  A. IP-based authentication is enabled
  B. Route-based authentication is enabled
  C. Session-based authentication is enabled.
  D. Policy-based authentication is enabled
  C. Session-based authentication is enabled.

• Question 32:

  Which of statement is true about SSL VPN web mode?

  A. The tunnel is up while the client is connected.
  B. It supports a limited number of protocols.
  C. The external network application sends data through the VPN.
  D. It assigns a virtual IP address to the client.
  B. It supports a limited number of protocols.

• Question 33:

  An administrator needs to increase network bandwidth and provide redundancy.

  What interface type must the administrator select to bind multiple FortiGate interfaces?

  A. VLAN interface
  B. Software Switch interface
  C. Aggregate interface
  D. Redundant interface
  C. Aggregate interface

• Question 34:

  Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

  A. FG-traffic
  B. Mgmt
  C. FG-Mgmt
  D. Root
  A. FG-traffic
  D. Root

• Question 35:

  Refer to the exhibit.

  

  Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

  A. The signature setting uses a custom rating threshold.
  B. The signature setting includes a group of other signatures.
  C. Traffic matching the signature will be allowed and logged.
  D. Traffic matching the signature will be silently dropped and logged.
  D. Traffic matching the signature will be silently dropped and logged.

• Question 36:

  Refer to the exhibit.

  

  Based on the raw log, which two statements are correct? (Choose two.)

  A. Traffic is blocked because Action is set to DENY in the firewall policy.
  B. Traffic belongs to the root VDOM.
  C. This is a security log.
  D. Log severity is set to error on FortiGate.
  A. Traffic is blocked because Action is set to DENY in the firewall policy.
  C. This is a security log.

• Question 37:

  A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.

  What is the reason for the failed virus detection by FortiGate?

  A. Application control is not enabled
  B. SSL/SSH Inspection profile is incorrect
  C. Antivirus profile configuration is incorrect
  D. Antivirus definitions are not up to date
  B. SSL/SSH Inspection profile is incorrect

• Question 38:

  Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

  A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
  B. To finish any inspection operations
  C. To remove the NAT operation
  D. To generate logs
  A. To allow for out-of-order packets that could arrive after the FIN/ACK packets

• Question 39:

  An administrator is running the following sniffer command:

  diagnose sniffer packet any "host 192.168.2.12" 5

  Which three pieces of Information will be Included in me sniffer output? {Choose three.)

  A. Interface name
  B. Packet payload
  C. Ethernet header
  D. IP header
  E. Application header
  A. Interface name
  B. Packet payload
  D. IP header

• Question 40:

  An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

  A. Change the session-ttl.
  B. Change the login timeout.
  C. Change the idle-timeout.
  D. Change the udp idle timer.
  B. Change the login timeout.