Browsed by
Tag: NSE4_FGT-6.4 exam questions

[PDF and VCE] Free NSE4_FGT-6.4 PDF Real Exam Questions and Answers Free Download

[PDF and VCE] Free NSE4_FGT-6.4 PDF Real Exam Questions and Answers Free Download

We provides the most up to date and accurate preparing materials of the NSE4 NSE4_FGT-6.4 exam question , testing software, exam PDF and VCE files to help you prepare your NSE4 Jul 03,2022 Latest NSE4_FGT-6.4 practice Fortinet NSE 4 – FortiOS 6.4 exam. What training you are looking for? Come to visit our site and choose We online certification materials, you will get a quick and cost-efficient way to become a NSE4 certified professional in IT industry.

We Geekcert has our own expert team. They selected and published the latest NSE4_FGT-6.4 preparation materials from Official Exam-Center.

The following are the NSE4_FGT-6.4 free dumps. Go through and check the validity and accuracy of our NSE4_FGT-6.4 dumps.These questions are from NSE4_FGT-6.4 free dumps. All questions in NSE4_FGT-6.4 dumps are from the latest NSE4_FGT-6.4 real exams.

Question 1:

Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

A. The IPS engine was inspecting high volume of traffic.

B. The IPS engine was unable to prevent an intrusion attack.

C. The IPS engine was blocking all traffic.

D. The IPS engine will continue to run in a normal state.

Correct Answer: A


Question 2:

Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

A. Lookup is done on the first packet from the session originator

B. Lookup is done on the last packet sent from the responder

C. Lookup is done on every packet, regardless of direction

D. Lookup is done on the trust reply packet from the responder

Correct Answer: AD


Question 3:

Which of the following statements about central NAT are true? (Choose two.)

A. IP tool references must be removed from existing firewall policies before enabling central NAT.

B. Central NAT can be enabled or disabled from the CLI only.

C. Source NAT, using central NAT, requires at least one central SNAT policy.

D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.

Correct Answer: AB


Question 4:

Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

A. Fabric Coverage

B. Automated Response

C. Security Posture

D. Optimization

Correct Answer: C

Reference: https://www.fortinet.com/content/dam/fortinet/assets/support/fortinet-recommended-securitybestpractices.pdf


Question 5:

Refer to the exhibit.

The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses.

How does FortiGate process the traffic sent to http://www.fortinet.com?

A. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3.

B. Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1.

C. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1.

D. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy.

Correct Answer: D


Question 6:

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.

What order must FortiGate use when the web filter profile has features enabled, such as safe search?

A. DNS-based web filter and proxy-based web filter

B. Static URL filter, FortiGuard category filter, and advanced filters

C. Static domain filter, SSL inspection filter, and external connectors filters

D. FortiGuard category filter and rating filter

Correct Answer: B

Reference: https://fortinet121.rssing.com/chan-67705148/all_p1.html


Question 7:

A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not Which configuration option is the most effective way to support this request?

A. Implement a web filter category override for the specified website

B. Implement a DNS filter for the specified website.

C. Implement web filter quotas for the specified website

D. Implement web filter authentication for the specified website.

Correct Answer: A


Question 8:

Refer to the exhibit.

Which contains a session diagnostic output. Which statement is true about the session diagnostic output?

A. The session is in SYN_SENT state.

B. The session is in FIN_ACK state.

C. The session is in FTN_WAIT state.

D. The session is in ESTABLISHED state.

Correct Answer: A

Indicates TCP (proto=6) session in SYN_SENT state (proto=state=2) https://kb.fortinet.com/kb/ viewContent.do?externalId=FD30042


Question 9:

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A. Subject Key Identifier value

B. SMMIE Capabilities value

C. Subject value

D. Subject Alternative Name value

Correct Answer: A


Question 10:

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A. Browsers can be configured to retrieve this PAC file from the FortiGate.

B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

D. Any web request fortinet.com is allowed to bypass the proxy.

Correct Answer: AD


Question 11:

Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

A. The firewall policy does not apply deep content inspection.

B. The firewall policy must be configured in proxy-based inspection mode.

C. The action on the firewall policy must be set to deny.

D. Web filter should be enabled on the firewall policy to complement the antivirus profile.

Correct Answer: A


Question 12:

Refer to the exhibit.

According to the certificate values shown in the exhibit, which type of entity was the certificate issued to?

A. A user

B. A root CA

C. A bridge CA

D. A subordinate

Correct Answer: A


Question 13:

In an explicit proxy setup, where is the authentication method and database configured?

A. Proxy Policy

B. Authentication Rule

C. Firewall Policy

D. Authentication scheme

Correct Answer: D


Question 14:

An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?

A. Policy lookup will be disabled.

B. By Sequence view will be disabled.

C. Search option will be disabled

D. Interface Pair view will be disabled.

Correct Answer: D


Question 15:

Refer to the exhibit.

The exhibit shows the IPS sensor configuration.

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.

B. The sensor will block all attacks aimed at Windows servers.

C. The sensor will reset all connections that match these signatures.

D. The sensor will gather a packet log for all matched traffic.

Correct Answer: AB