Download Fortinet NSE4 - FortiOS 6.0.NSE4_FGT-6.0.Pass4Sure.2019-05-02.63q.vcex

Vendor: Fortinet
Exam Code: NSE4_FGT-6.0
Exam Name: Fortinet NSE4 - FortiOS 6.0
Date: May 02, 2019
File Size: 3 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which statement about FortiGuard services for FortiGate is true?
  1. The web filtering database is downloaded locally on FortiGate.
  2. Antivirus signatures are downloaded locally on FortiGate.
  3. FortiGate downloads IPS updates using UDP port 53 or 8888.
  4. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
Correct answer: B
Question 2
Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.) 
  1. Priority
  2. Metric
  3. Distance
  4. Cost
Correct answer: AC
Question 3
View the exhibit. 
  
Based on this output, which statements are correct? (Choose two.)
  1. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
  2. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
  3. The global configuration is synchronized between the primary and secondary FortiGate devices.
  4. The FortiGate devices have three VDOMs.
Correct answer: BC
Question 4
Which statement is true regarding the policy ID number of a firewall policy?
  1. Defines the order in which rules are processed.
  2. Represents the number of objects used in the firewall policy.
  3. Required to modify a firewall policy using the CLI.
  4. Changes when firewall policies are reordered.
Correct answer: C
Question 5
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose. 
  
Where must the proxy address be used?
  1. As the source in a firewall policy.
  2. As the source in a proxy policy.
  3. As the destination in a firewall policy.
  4. As the destination in a proxy policy.
Correct answer: B
Question 6
Which statement is true regarding SSL VPN timers? (Choose two.)
  1. Allow to mitigate DoS attacks from partial HTTP requests.
  2. SSL VPN settings do not have customizable timers.
  3. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
  4. Prevent SSL VPN users from being logged out because of high network latency.
Correct answer: AD
Question 7
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
  1. The public key of the web server certificate must be installed on the browser.
  2. The web-server certificate must be installed on the browser.
  3. The CA certificate that signed the web-server certificate must be installed on the browser.
  4. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Correct answer: C
Question 8
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
  1. It must be configured in a static route using the sdwan virtual interface. 
  2. It must be provided in the SD-WAN member interface configuration.
  3. It must be configured in a policy-route using the sdwan virtual interface.
  4. It must be learned automatically through a dynamic routing protocol.
Correct answer: A
Question 9
Which of the following services can be inspected by the DLP profile? (Choose three.)
  1. NFS
  2. FTP
  3. IMAP
  4. CIFS
  5. HTTP-POST
Correct answer: BCE
Question 10
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)
  1. The NetSessionEnum function is used to track user logoffs.
  2. WMI polling can increase bandwidth usage in large networks.
  3. The collector agent uses a Windows API to query DCs for user logins.
  4. The collector agent do not need to search any security event logs.
Correct answer: BC
Explanation:
Question 11
Which statement about FortiGuard services for FortiGate is true?
  1. The web filtering database is downloaded locally on FortiGate.
  2. Antivirus signatures are downloaded locally on FortiGate.
  3. FortiGate downloads IPS updates using UDP port 53 or 8888.
  4. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
Correct answer: B
Question 12
Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.) 
  1. Priority
  2. Metric
  3. Distance
  4. Cost
Correct answer: AC
Question 13
View the exhibit. 
  
Based on this output, which statements are correct? (Choose two.)
  1. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
  2. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
  3. The global configuration is synchronized between the primary and secondary FortiGate devices.
  4. The FortiGate devices have three VDOMs.
Correct answer: BC
Question 14
Which statement is true regarding the policy ID number of a firewall policy?
  1. Defines the order in which rules are processed.
  2. Represents the number of objects used in the firewall policy.
  3. Required to modify a firewall policy using the CLI.
  4. Changes when firewall policies are reordered.
Correct answer: C
Question 15
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose. 
  
Where must the proxy address be used?
  1. As the source in a firewall policy.
  2. As the source in a proxy policy.
  3. As the destination in a firewall policy.
  4. As the destination in a proxy policy.
Correct answer: B
Question 16
Which statement is true regarding SSL VPN timers? (Choose two.)
  1. Allow to mitigate DoS attacks from partial HTTP requests.
  2. SSL VPN settings do not have customizable timers.
  3. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
  4. Prevent SSL VPN users from being logged out because of high network latency.
Correct answer: AD
Question 17
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
  1. The public key of the web server certificate must be installed on the browser.
  2. The web-server certificate must be installed on the browser.
  3. The CA certificate that signed the web-server certificate must be installed on the browser.
  4. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Correct answer: C
Question 18
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
  1. It must be configured in a static route using the sdwan virtual interface. 
  2. It must be provided in the SD-WAN member interface configuration.
  3. It must be configured in a policy-route using the sdwan virtual interface.
  4. It must be learned automatically through a dynamic routing protocol.
Correct answer: A
Question 19
Which of the following services can be inspected by the DLP profile? (Choose three.)
  1. NFS
  2. FTP
  3. IMAP
  4. CIFS
  5. HTTP-POST
Correct answer: BCE
Question 20
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)
  1. The NetSessionEnum function is used to track user logoffs.
  2. WMI polling can increase bandwidth usage in large networks.
  3. The collector agent uses a Windows API to query DCs for user logins.
  4. The collector agent do not need to search any security event logs.
Correct answer: BC
Explanation:
Question 21
Which statement about FortiGuard services for FortiGate is true?
  1. The web filtering database is downloaded locally on FortiGate.
  2. Antivirus signatures are downloaded locally on FortiGate.
  3. FortiGate downloads IPS updates using UDP port 53 or 8888.
  4. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
Correct answer: B
Question 22
Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.) 
  1. Priority
  2. Metric
  3. Distance
  4. Cost
Correct answer: AC
Question 23
View the exhibit. 
  
Based on this output, which statements are correct? (Choose two.)
  1. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
  2. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
  3. The global configuration is synchronized between the primary and secondary FortiGate devices.
  4. The FortiGate devices have three VDOMs.
Correct answer: BC
Question 24
Which statement is true regarding the policy ID number of a firewall policy?
  1. Defines the order in which rules are processed.
  2. Represents the number of objects used in the firewall policy.
  3. Required to modify a firewall policy using the CLI.
  4. Changes when firewall policies are reordered.
Correct answer: C
Question 25
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose. 
  
Where must the proxy address be used?
  1. As the source in a firewall policy.
  2. As the source in a proxy policy.
  3. As the destination in a firewall policy.
  4. As the destination in a proxy policy.
Correct answer: B
Question 26
Which statement is true regarding SSL VPN timers? (Choose two.)
  1. Allow to mitigate DoS attacks from partial HTTP requests.
  2. SSL VPN settings do not have customizable timers.
  3. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
  4. Prevent SSL VPN users from being logged out because of high network latency.
Correct answer: AD
Question 27
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
  1. The public key of the web server certificate must be installed on the browser.
  2. The web-server certificate must be installed on the browser.
  3. The CA certificate that signed the web-server certificate must be installed on the browser.
  4. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Correct answer: C
Question 28
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
  1. It must be configured in a static route using the sdwan virtual interface. 
  2. It must be provided in the SD-WAN member interface configuration.
  3. It must be configured in a policy-route using the sdwan virtual interface.
  4. It must be learned automatically through a dynamic routing protocol.
Correct answer: A
Question 29
Which of the following services can be inspected by the DLP profile? (Choose three.)
  1. NFS
  2. FTP
  3. IMAP
  4. CIFS
  5. HTTP-POST
Correct answer: BCE
Question 30
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)
  1. The NetSessionEnum function is used to track user logoffs.
  2. WMI polling can increase bandwidth usage in large networks.
  3. The collector agent uses a Windows API to query DCs for user logins.
  4. The collector agent do not need to search any security event logs.
Correct answer: BC
Explanation:
Question 31
Which statement about FortiGuard services for FortiGate is true?
  1. The web filtering database is downloaded locally on FortiGate.
  2. Antivirus signatures are downloaded locally on FortiGate.
  3. FortiGate downloads IPS updates using UDP port 53 or 8888.
  4. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
Correct answer: B
Question 32
Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.) 
  1. Priority
  2. Metric
  3. Distance
  4. Cost
Correct answer: AC
Question 33
View the exhibit. 
  
Based on this output, which statements are correct? (Choose two.)
  1. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
  2. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
  3. The global configuration is synchronized between the primary and secondary FortiGate devices.
  4. The FortiGate devices have three VDOMs.
Correct answer: BC
Question 34
Which statement is true regarding the policy ID number of a firewall policy?
  1. Defines the order in which rules are processed.
  2. Represents the number of objects used in the firewall policy.
  3. Required to modify a firewall policy using the CLI.
  4. Changes when firewall policies are reordered.
Correct answer: C
Question 35
An administrator wants to block HTTP uploads. Examine the exhibit, which contains the proxy address created for that purpose. 
  
Where must the proxy address be used?
  1. As the source in a firewall policy.
  2. As the source in a proxy policy.
  3. As the destination in a firewall policy.
  4. As the destination in a proxy policy.
Correct answer: B
Question 36
Which statement is true regarding SSL VPN timers? (Choose two.)
  1. Allow to mitigate DoS attacks from partial HTTP requests.
  2. SSL VPN settings do not have customizable timers.
  3. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
  4. Prevent SSL VPN users from being logged out because of high network latency.
Correct answer: AD
Question 37
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
  1. The public key of the web server certificate must be installed on the browser.
  2. The web-server certificate must be installed on the browser.
  3. The CA certificate that signed the web-server certificate must be installed on the browser.
  4. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Correct answer: C
Question 38
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?
  1. It must be configured in a static route using the sdwan virtual interface. 
  2. It must be provided in the SD-WAN member interface configuration.
  3. It must be configured in a policy-route using the sdwan virtual interface.
  4. It must be learned automatically through a dynamic routing protocol.
Correct answer: A
Question 39
Which of the following services can be inspected by the DLP profile? (Choose three.)
  1. NFS
  2. FTP
  3. IMAP
  4. CIFS
  5. HTTP-POST
Correct answer: BCE
Question 40
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)
  1. The NetSessionEnum function is used to track user logoffs.
  2. WMI polling can increase bandwidth usage in large networks.
  3. The collector agent uses a Windows API to query DCs for user logins.
  4. The collector agent do not need to search any security event logs.
Correct answer: BC
Explanation:
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!