Fortinet NSE4_FGT-6.4 Online Practice Questions and Exam Preparation

Fortinet NSE4_FGT-6.4 Online Questions & Answers

• Question 71:

  NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?

  A. Web filtering
  B. Antivirus
  C. Web proxy
  D. Application control
  B. Antivirus

• Question 72:

  Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

  A. FortiCache
  B. FortiSIEM
  C. FortiAnalyzer
  D. FortiSandbox
  E. FortiCloud
  B. FortiSIEM
  C. FortiAnalyzer
  E. FortiCloud

• Question 73:

  Which three methods are used by the collector agent for AD polling? (Choose three.)

  A. FortiGate polling
  B. NetAPI
  C. Novell API
  D. WMI
  E. WinSecLog
  B. NetAPI
  D. WMI
  E. WinSecLog

• Question 74:

  Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

  A. Lookup is done on the first packet from the session originator
  B. Lookup is done on the last packet sent from the responder
  C. Lookup is done on every packet, regardless of direction
  D. Lookup is done on the trust reply packet from the responder
  A. Lookup is done on the first packet from the session originator
  D. Lookup is done on the trust reply packet from the responder

• Question 75:

  Which scanning technique on FortiGate can be enabled only on the CLI?

  A. Heuristics scan
  B. Trojan scan
  C. Antivirus scan
  D. Ransomware scan
  A. Heuristics scan

• Question 76:

  A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

  A. The browser requires a software update.
  B. FortiGate does not support full SSL inspection when web filtering is enabled.
  C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
  D. There are network connectivity issues.
  C. The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.

• Question 77:

  An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

  A. The interface has been configured for one-arm sniffer.
  B. The interface is a member of a virtual wire pair.
  C. The operation mode is transparent.
  D. The interface is a member of a zone.
  E. Captive portal is enabled in the interface.
  A. The interface has been configured for one-arm sniffer.
  B. The interface is a member of a virtual wire pair.
  C. The operation mode is transparent.

• Question 78:

  Refer to the exhibit.

  

  Which contains a session list output. Based on the information shown in the exhibit, which statement is true?

  A. Destination NAT is disabled in the firewall policy.
  B. One-to-one NAT IP pool is used in the firewall policy.
  C. Overload NAT IP pool is used in the firewall policy.
  D. Port block allocation IP pool is used in the firewall policy.
  B. One-to-one NAT IP pool is used in the firewall policy.

• Question 79:

  Examine this output from a debug flow:

  

  Why did the FortiGate drop the packet?

  A. The next-hop IP address is unreachable.
  B. It failed the RPF check.
  C. It matched an explicitly configured firewall policy with the action DENY.
  D. It matched the default implicit firewall policy.
  D. It matched the default implicit firewall policy.

• Question 80:

  Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

  A. Denial of Service
  B. Web application firewall
  C. Antivirus
  D. Application control
  B. Web application firewall