Download Fortinet NSE4 - FortiOS 6.0.NSE4_FGT-6.0.CertKiller.2019-12-05.75q.vcex

Vendor: Fortinet
Exam Code: NSE4_FGT-6.0
Exam Name: Fortinet NSE4 - FortiOS 6.0
Date: Dec 05, 2019
File Size: 4 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
What files are sent to FortiSandbox for inspection in flow-based inspection mode?
  1. All suspicious files that do not have their hash value in the FortiGuard antivirus signature database.
  2. All suspicious files that are above the defined oversize limit value in the protocol options.
  3. All suspicious files that match patterns defined in the antivirus profile.
  4. All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus profile.
Correct answer: C
Question 2
Which statements about a One-to-One IP pool are true? (Choose two.)
  1. It is used for destination NAT.
  2. It allows the fixed mapping of an internal address range to an external address range.
  3. It does not use port address translation.
  4. It allows the configuration of ARP replies.
Correct answer: CD
Question 3
An administrator is investigating a report of users having intermittent issues with browsing the web. The administrator ran diagnostics and received the output shown in the exhibit. 
  
Examine the diagnostic output shown exhibit. Which of the following options is the most likely cause of this issue?
  1. NAT port exhaustion
  2. High CPU usage
  3. High memory usage
  4. High session timeout value
Correct answer: A
Question 4
Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.)
  1. Priority
  2. Metric
  3. Distance
  4. Cost
Correct answer: AC
Question 5
View the exhibit. 
  
Based on this output, which statements are correct? (Choose two.)
  1. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
  2. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
  3. The global configuration is synchronized between the primary and secondary FortiGate devices.
  4. The FortiGate devices have three VDOMs.
Correct answer: BC
Question 6
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose. 
  
Where must the proxy address be used?
  1. As the source in a firewall policy.
  2. As the source in a proxy policy.
  3. As the destination in a firewall policy.
  4. As the destination in a proxy policy.
Correct answer: B
Question 7
Which statement is true regarding SSL VPN timers? (Choose two.)
  1. Allow to mitigate DoS attacks from partial HTTP requests.
  2. SSL VPN settings do not have customizable timers.
  3. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
  4. Prevent SSL VPN users from being logged out because of high network latency.
Correct answer: AD
Question 8
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
  1. The public key of the web server certificate must be installed on the browser.
  2. The web-server certificate must be installed on the browser.
  3. The CA certificate that signed the web-server certificate must be installed on the browser.
  4. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Correct answer: C
Question 9
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
  1. It must be configured in a static route using the sdwan virtual interface.
  2. It must be provided in the SD-WAN member interface configuration.
  3. It must be configured in a policy-route using the sdwan virtual interface.
  4. It must be learned automatically through a dynamic routing protocol.
Correct answer: A
Question 10
Which statements about DNS filter profiles are true? (Choose two.)
  1. They can inspect HTTP traffic.
  2. They can redirect blocked requests to a specific portal.
  3. They can block DNS requests to known botnet command and control servers.
  4. They must be applied in firewall policies with SSL inspection enabled.
Correct answer: BC
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!