Download Fortinet NSE4 -FortiOS 6-0.CertDumps.NSE4_FGT-6.0.2020-02-12.1e.127q.vcex

Download Exam

File Info

Exam Fortinet NSE4 - FortiOS 6.0
Number NSE4_FGT-6.0
File Name Fortinet NSE4 -FortiOS 6-0.CertDumps.NSE4_FGT-6.0.2020-02-12.1e.127q.vcex
Size 8.05 Mb
Posted February 12, 2020
Downloads 270

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1
Examine the IPS sensor configuration shown in the exhibit, and then answer the question below. 


What are the expected actions if traffic matches this IPS sensor? (Choose two.)

  • A: The sensor will gather a packet log for all matched traffic.
  • B: The sensor will not block attackers matching the A32S.Botnet signature.
  • C: The sensor will block all attacks for Windows servers.
  • D: The sensor will reset all connections that match these signatures.

Question 2
Which statement is true regarding the policy ID number of a firewall policy?

  • A: Defines the order in which rules are processed.
  • B: Represents the number of objects used in the firewall policy.
  • C: Required to modify a firewall policy using the CLI.
  • D: Changes when firewall policies are reordered.

Question 3
Which statements correctly describe transparent mode operation? (Choose three.)

  • A: All interfaces of the transparent mode FortiGate device must be on different IP subnets.
  • B: Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
  • C: The transparent FortiGate is visible to network hosts in an IP traceroute.
  • D: It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • E: FortiGate acts as transparent bridge and forwards traffic at Layer 2.

Question 4
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

  • A: Lookup is done on the first packet from the session originator
  • B: Lookup is done on the last packet sent from the responder
  • C: Lookup is done on every packet, regardless of direction
  • D: Lookup is done on the first reply packet from the responder

Question 5
Which of the following are valid actions for FortiGuard category based filter in a web filter profile in proxy-based inspection mode? (Choose two.)

  • A: Warning
  • B: Exempt
  • C: Allow
  • D: Learn

Question 6
Which is the correct description of a hash result as it relates to digital certificates?

  • A: A unique value used to verify the input data
  • B: An output value that is used to identify the person or device that authored the input data.
  • C: An obfuscation used to mask the input data.
  • D: An encrypted output value used to safe-guard the input data

Question 7
You have tasked to design a new IPsec deployment with the following criteria:
There are two HQ sues that all satellite offices must connect to 
The satellite offices do not need to communicate directly with other satellite offices 
No dynamic routing will be used 
The design should minimize the number of tunnels being configured. 
Which topology should be used to satisfy all of the requirements?

  • A: Partial mesh
  • B: Hub-and-spoke
  • C: Fully meshed
  • D: Redundant

Question 8
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

  • A: hourly
  • B: real time
  • C: on-demand
  • D: store-and-upload

Question 9
A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?

  • A: It can create administrator accounts with access to the same VDOM.
  • B: It cannot have access to more than one VDOM.
  • C: It can reset the password for the admin account.
  • D: It can upgrade the firmware on the FortiGate device.

Question 10
Which of the following statements about the FSSO collector agent timers is true?

  • A: The workstation verify interval is used to periodically check if a workstation is still a domain member.
  • B: The IP address change verify interval monitors the server IP address where the collector agent is installed, and the updates the collector agent configuration if it changes.
  • C: The user group cache expiry is used to age out the monitored groups.
  • D: The dead entry timeout interval is used to age out entries with an unverified status.


You can buy ProfExam with a 20% discount..

Get Now!


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen


Use VCE Exam Simulator to open VCE files