Download Fortinet NSE 4 - FortiOS 6.4.NSE4_FGT-6.4.DumpsBase.2023-03-10.142q.vcex

Vendor: Fortinet
Exam Code: NSE4_FGT-6.4
Exam Name: Fortinet NSE 4 - FortiOS 6.4
Date: Mar 10, 2023
File Size: 10 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
  1. The IPS engine was inspecting high volume of traffic.
  2. The IPS engine was unable to prevent an intrusion attack.
  3. The IPS engine was blocking all traffic.
  4. The IPS engine will continue to run in a normal state.
Correct answer: A
Question 2
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
  1. hard-timeout
  2. auth-on-demand
  3. soft-timeout
  4. new-session
  5. Idle-timeout
Correct answer: ADE
Question 3
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)
  1. Antivirus scanning
  2. File filter
  3. DNS filter
  4. Intrusion prevention
Correct answer: AD
Question 4
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?
  1. Log ID
  2. Universally Unique Identifier
  3. Policy ID
  4. Sequence ID
Correct answer: B
Question 5
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
  1. The subject field in the server certificate
  2. The serial number in the server certificate
  3. The server name indication (SNI) extension in the client hello message
  4. The subject alternative name (SAN) field in the server certificate
  5. The host field in the HTTP header
Correct answer: ACD
Question 6
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
  1. diagnose sys top
  2. execute ping
  3. execute traceroute
  4. diagnose sniffer packet any
  5. get system arp
Correct answer: BCD
Question 7
Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running
through FortiGate? (Choose two.)
  1. Set the maximum session TTL value for the TELNET service object.
  2. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.
  3. Create a new service object for TELNET and set the maximum session TTL.
  4. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.
Correct answer: CD
Question 8
NGFW mode allows policy-based configuration for most inspection rules.
Which security profile's configuration does not change when you enable policy-based inspection?
  1. Web filtering 
  2. Antivirus
  3. Web proxy
  4. Application control
Correct answer: B
Question 9
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
  1. Log downloads from the GUI are limited to the current filter view
  2. Log backups from the CLI cannot be restored to another FortiGate.
  3. Log backups from the CLI can be configured to upload to FTP as a scheduled time
  4. Log downloads from the GUI are stored as LZ4 compressed files.
Correct answer: AB
Question 10
Which two statements are true about the FGCP protocol? (Choose two.)
  1. Not used when FortiGate is in Transparent mode
  2. Elects the primary FortiGate device
  3. Runs only over the heartbeat links
  4. Is used to discover FortiGate devices in different HA groups
Correct answer: BC

Use VCE Exam Simulator to open VCE files


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!