• Home
  • Articles
  • Fortinet NSE4_FGT-6.4 Exam Questions (Updated 2021) 100% Real Question Answers [Q91-Q113]

Fortinet NSE4_FGT-6.4 Exam Questions (Updated 2021) 100% Real Question Answers [Q91-Q113]

Share

Fortinet NSE4_FGT-6.4 Exam Questions (Updated 2021) 100% Real Question Answers

Pass Fortinet NSE4_FGT-6.4 Exam Quickly With Actual4Exams


Network Security Professional (Fortinet NSE4_FGT-6.4) Professional Exam Path

Test Preparation teaches how the exam questions can to be decoded. Our Exam Preparedness: DSCI DCPP-01 Network Security Professional (Fortinet NSE4_FGT-6.4) Professional Exam FGT-6.4– Technical arrangement course is delivered in multiple configurations: study hall preparing for learning or taking an interest in a physical homeroom with an DSCI DCPP-01 Approved Learner. Free media preparing for learning whenever it is suitable for you. The course surveys test inquiries in each branch of knowledge and how the themes tried ought to be seen to such an extent that off base answers are easier to stay away from. Our course will help you in tracking down the correct answers.

 

NEW QUESTION 91
Refer to the exhibit.



The exhibit contains a network diagram, firewall policies, and a firewall address object configuration.
An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2.
Remote-user2 is still able to access Webserver.
Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

  • A. Enable match vip in the Deny policy.
  • B. Set the Destination address as Web_server in the Deny policy.
  • C. Set the Destination address as
  • D. Disable match-vip in the Deny

Answer: A,B

 

NEW QUESTION 92
Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

  • A. FortiGate will only actuate the port1 route in the routing table
  • B. FortiGate will route twice as much traffic to the port2 route
  • C. FortiGate will use the port1 route as the primary candidate.
  • D. FortiGate will load balance all traffic across both routes.

Answer: C

Explanation:
Explanation
"If multiple static routes have the same distance, they are all active; however, only the one with the lowest priority is considered the best path."

 

NEW QUESTION 93
How do you format the FortiGate flash disk?

  • A. Load a debug FortiOS image.
  • B. Execute the CLI command execute formatlogdisk.
  • C. Load the hardware test (HQIP) image.
  • D. Select the format boot device option from the BIOS menu.

Answer: D

 

NEW QUESTION 94
Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).


Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

  • A. The flow-based inspection is used, which resets the last packet to the user.
  • B. The firewall policy performs the full content inspection on the file.
  • C. The volume of traffic being inspected is too high for this model of FortiGate.
  • D. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

Answer: A

 

NEW QUESTION 95
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)

  • A. To dynamically change phase 1 negotiation mode aggressive mode.
  • B. To detect intermediary NAT devices in the tunnel path.
  • C. To encapsulation ESP packets in UDP packets using port 4500.
  • D. To force a new DH exchange with each phase 2 rekey.

Answer: B,C

 

NEW QUESTION 96
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

  • A. SSH
  • B. HTTPS
  • C. FortiTelemetry
  • D. FTM

Answer: A,B

 

NEW QUESTION 97
Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

  • A. Log in to a downstream FortiSwitch device.
  • B. Disable FortiAnalyzer logging for a downstream FortiGate device.
  • C. Shut down/reboot a downstream FortiGate device.
  • D. Ban or unban compromised hosts.

Answer: C

 

NEW QUESTION 98
Which two statements about antivirus scanning mode are true? (Choose two.)

  • A. In flow-based inspection mode. FortiGate buffers the file, but also simultaneously transmits it to the client.
  • B. In flow-based inspection mode, files bigger than the buffer size are scanned.
  • C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
  • D. In proxy-based inspection mode, files bigger than the buffer size are scanned.

Answer: B,C

 

NEW QUESTION 99
Refer to the exhibit.
Exhibit A

Exhibit B

The SSL VPN connection fails when a user attempts to connect to it.
What should the user do to successfully connect to SSL VPN?

  • A. Change the SSL VPN port on the client.
  • B. Change the Server IP address.
  • C. Change the idle-timeout.
  • D. Change the SSL VPN portal to the tunnel.

Answer: A

Explanation:
Explanation/Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/150494

 

NEW QUESTION 100
Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

  • A. CLI diagnostics commands permission
  • B. Read/Write permission for Log & Report
  • C. Custom permission for Network
  • D. Read/Write permission for Firewall

Answer: C

 

NEW QUESTION 101
Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

  • A. It is dropped.
  • B. It is allowed, but with no inspection
  • C. It is allowed and inspected, as long as the only inspection required is antivirus.
  • D. It is allowed and inspected as long as the inspection is flow based

Answer: A

 

NEW QUESTION 102
Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.
An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.
The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

  • A. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.
  • B. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.
  • C. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.
  • D. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

Answer: A,B

 

NEW QUESTION 103
Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

  • A. CLI diagnostics commands permission
  • B. Custom permission for Network
  • C. Read/Write permission for Log & Report
  • D. Read/Write permission for Firewall

Answer: A

 

NEW QUESTION 104
Examine the following web filtering log.

Which statement about the log message is true?

  • A. The web site miniclip.com matches a static URL filter whose action is set to Warning.
  • B. The action for the category Games is set to block.
  • C. The name of the applied web filter profile is default.
  • D. The usage quota for the IP address 10.0.1.10 has expired

Answer: C

 

NEW QUESTION 105
An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

  • A. Enable asymmetric routing at the interface level.
  • B. Disable the RPF check at the FortiGate interface level for the source check.
  • C. Enable asymmetric routing, so the RPF check will be bypassed.
  • D. Disable the RPF check at the FortiGate interface level for the reply check.

Answer: B

 

NEW QUESTION 106
Refer to the exhibit.

Which contains a network diagram and routing table output.
The Student is unable to access Webserver.
What is the cause of the problem and what is the solution for the problem?

  • A. The first packet sent from Student failed the RPF check.
    This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
  • B. The first reply packet for Student failed the RPF check.
    This issue can be resolved by adding a static route to 203.0.114.24/32 through port3.
  • C. The first reply packet for Student failed the RPF check.
    This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.
  • D. The first packet sent from Student failed the RPF check.
    This issue can be resolved by adding a static route to 10.0.4.0/24 through wan1.

Answer: A

 

NEW QUESTION 107
Refer to the exhibit.

Why did FortiGate drop the packet?

  • A. It failed the RPF check.
  • B. The next-hop IP address is unreachable.
  • C. It matched an explicitly configured firewall policy with the action DENY.
  • D. It matched the default implicit firewall policy.

Answer: B

Explanation:
Explanation/Reference:
https://www.fast2test.com/NSE4_FGT-6.4-practice-test.html 14
Valid Fast2test NSE4_FGT-6.4 Exam PDF Dumps - New NSE4_FGT-6.4 Real Exam Questions

 

NEW QUESTION 108
Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic?
(Choose two.)

  • A. Source IP
  • B. Session
  • C. Volume
  • D. Spillover

Answer: C,D

 

NEW QUESTION 109
Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

  • A. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.
  • B. Set the maximum session TTL value for the TELNET service object.
  • C. Create a new service object for TELNET and set the maximum session TTL.
  • D. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

Answer: A,C

 

NEW QUESTION 110
Refer to the exhibit.

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)

  • A. FortiGate SN FGVM010000064692 has the higher HA priority.
  • B. FortiGate devices are not in sync because one device is down.
  • C. FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
  • D. FortiGate SN FGVM010000065036 HA uptime has been reset.
    https://www.fast2test.com/NSE4_FGT-6.4-practice-test.html 16
    Valid Fast2test NSE4_FGT-6.4 Exam PDF Dumps - New NSE4_FGT-6.4 Real Exam Questions

Answer: A,D

 

NEW QUESTION 111
Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

  • A. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration
  • B. Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn
  • C. Apple FaceTime will be allowed, based on the Categories configuration.
  • D. Apple FaceTime will be allowed, based on the Apple filter configuration.

Answer: A

 

NEW QUESTION 112
Which two statements are correct about a software switch on FortiGate? (Choose two.)

  • A. All interfaces in the software switch share the same IP address
  • B. Can act as a Layer 2 switch as well as a Layer 3 router
  • C. It can be configured only when FortiGate is operating in NAT mode
  • D. It can group only physical interfaces

Answer: A,C

 

NEW QUESTION 113
......

Real Fortinet NSE4_FGT-6.4 Exam Questions [Updated 2021]: https://www.actual4exams.com/NSE4_FGT-6.4-valid-dump.html

Related Articles

more
Fortinet NSE4_FGT-6.4 Certification Practice Exam

Take our exam training material as your study reference, and pass your exam with the help of our actual exam dumps. When you choose our latest exam torrent, you will get your IT certification with more confident and more ease.

Latest Actual Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2024 Actual4Exams NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy