Correct NSE4_FGT-6.0 Exam Questions Online

Fortinet NSE4_FGT-6.0 exam questions updated today. The current version V9.02, which is the latest version for passing NSE4_FGT-6.0 Fortinet NSE 4 – FortiOS 6.0 exam. Compared to V8.02, V9.02 of NSE4_FGT-6.0 exam questions is more accurate. We correact all the wrong exam answers in V8.02. Also V9.02 of DumpsBase NSE4_FGT-6.0 exam questions has been verified that it is valid materials for preparing well.

Correct Online NSE4_FGT-6.0 Free Exam Questions and Answers

1. You are configuring the root FortiGate to implement the security fabric. You are configuring port10 to communicate with a downstream FortiGate. View the default Edit Interface in the exhibit below:

When configuring the root FortiGate to communicate with a downstream FortiGate, which settings are required to be configured? (Choose two.)

2. When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

3. Examine this output from a debug flow:

Why did the FortiGate drop the packet?

4. Examine the exhibit, which shows the output of a web filtering real time debug.

Why is the site www.bing.com being blocked?

5. View the exhibit:

Which statement about the exhibit is true? (Choose two.)

6. Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

7. Examine the network diagram shown in the exhibit, then answer the following question:

Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?

A)

B)

C)

D)

8. A team manager has decided that while some members of the team need access to particular website, the majority of the team does not.

Which configuration option is the most effective option to support this request?

9. Examine this output from a debug flow:

Which statements about the output are correct? (Choose two.)

10. Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

11. Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

12. Which statements about antivirus scanning mode are true? (Choose two.)

13. In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

14. An administrator is configuring an IPsec between site A and site B. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24.

How must the administrator configure the local quick mode selector for site B?

15. Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

16. Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

17. Examine the two static routes shown in the exhibit, then answer title following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

18. Which of the following statements about central NAT are true? (Choose two.)

19. Refer to the following exhibit.

Why is FortiGate not blocking the test file over FTP download?

20. View the following exhibit, which shows the firewall policies and the object uses in the firewall policies.

The administrator is using the Policy Lookup feature and has entered the search create shown in the following exhibit.

Which of the following will be highlighted based oil the input criteria?

21. An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices Winch configuration steps must be performed on both devices to support this scenario? (Choose three.)

22. Which of the following statements about NTLM authentication are correct? (Choose two.)

23. View the certificate shown to the exhibit, and then answer the following question:

The CA issued this certificate to which entity?

24. Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

25. A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.

Which statements about the VLAN sub interfaces can have the same VLAND ID, only if they have IP addresses in different subnets.

26. You mc tasked to design a new IPsec deployment with the following criteria:

- There are two HQ sues that all satellite offices must connect to

- The satellite offices do not need to communicate directly with other satellite offices

- No dynamic routing will be used

- The design should minimize the number of tannels being configured.

Winch topology should be used to satisfy all of the requirements?

27. Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

28. Which of the following conditions roust be met in order for a web browser to trust a web server certificate signed by a third-party CA?

29. An administrator has configured the following settings:

What does the configuration do? (Choose two.)

30. An administrator observes that the port1 interface cannot be configured with an IP address.

What can be the reasons for that? (Choose three.)

31. What information is flushed when the chunk-size value is changed in the config dlp settings?

32. Which is the correct description of a hash result as it relates to digital certificates?

33. Examine the exhibit, which shows the partial output of an IKE real-time debug.

Which of the following statement about the output is true?

34. Examine the network diagram shown in the exhibit, and then answer the following question:

A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24.

Which of the following static routes will satisfy this requirement on FGT1? (Choose two.)

35. On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

36. Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

37. Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

38. Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

39. Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

40. An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward.

What step is required for this configuration?

41. What FortiGate configuration is required to actively prompt users for credentials?

42. Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)

43. If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

44. What is the limitation of using a URL list and application control on the same firewall policy, in NCFW policy-based mode?

45. The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?

46. Examine the following web filtering log.

Which statement about the log message is true?

47. Which statement about DLP on FortiGate is true?

48. When using WPAD DNS method, winch FQDN format do browsers use to query the DNS server?

A)

B)

C)

D)

49. Examine the IPS sensor configuration and forward traffic logs shown in the exhibit; then, answer the question below.

An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is still not generating any IPS logs for the HTTPS traffic.

What is a possible reason for this?

50. What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)


 

New NSE 5 Certified NSE5_FAZ-6.0 Exam Dumps
Real Fortinet NSE5_FMG-6.0 Exam Questions