Breathing NSE4_FGT-6.0 Class 2019
Guaranteed of NSE4_FGT-6.0 study guide materials and samples for Fortinet certification for customers, Real Success Guaranteed with Updated NSE4_FGT-6.0 pdf dumps vce Materials. 100% PASS Fortinet NSE 4 – FortiOS 6.0 exam Today!
NEW QUESTION 1
An administrator is configuring an antivirus profiles on FortiGate and notices that Proxy Options is not listed under Security Profiles on the GUI. What can cause this issue?
- A. FortiGate needs to be switched to NGFW mode.
- B. Proxy options section is hidden by default and needs to be enabled from the Feature Visibility menu.
- C. Proxy options are no longer available starting in FortiOS 5.6.
- D. FortiGate is in flow-based inspection mode.
NEW QUESTION 2
Examine the network diagram shown in the exhibit, and then answer the following question:
A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24. Which of the following static routes will satisfy this requirement on FGT1? (Choose two.)
- A. 172.20.2.0/24 (1/0) via 10.10.1.2, port1 [0/0]
- B. 172.20.2.0/24 (25/0) via 10.10.3.2, port3 [5/0]
- C. 172.20.2.0/24 (1/150) via 10.10.3.2, port3 [10/0]
- D. 172.20.2.0/24 (1/150) via 10.30.3.2, port3 [10/0]
NEW QUESTION 3
Examine the network diagram shown in the exhibit, then answer the following question:
Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?
- A. Option A
- B. Option B
- C. Option C
- D. Option D
NEW QUESTION 4
An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?
- A. A phase 2 configuration is not required.
- B. This VPN cannot be used as part of a hub-and-spoke topology.
- C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
- D. The IPsec firewall policies must be placed at the top of the list.
NEW QUESTION 5
View the exhibit.
Why is the administrator getting the error shown in the exhibit?
- A. The administrator must first enter the command edit global.
- B. The administrator admin does not have the privileges required to configure global settings.
- C. The global settings cannot be configured from the root VDOM context.
- D. The command config system global does not exist in FortiGate.
NEW QUESTION 6
A FortiGate device has multiple VDOMs. Which statement about an administrator account configured with the default prof_admin profile is true?
- A. It can create administrator accounts with access to the same VDOM.
- B. It cannot have access to more than one VDOM.
- C. It can reset the password for the admin account.
- D. It can upgrade the firmware on the FortiGate device.
NEW QUESTION 7
Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-based?
- A. FortiGuard Quotas
- B. Static URL
- C. Search engines
- D. Rating option
NEW QUESTION 8
The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?
- A. LDAP convention
- B. NTLM convention
- C. Windows convention - NetBios: Domain\Usemame
- D. RSSO convention
NEW QUESTION 9
Which of the following services can be inspected by the DLP profile? (Choose three.)
- A. NFS
- B. FTP
- C. IMAP
- D. CIFS
- E. HTTP-POST
NEW QUESTION 10
View the exhibit.
Based on this output, which statements are correct? (Choose two.)
- A. The all VDOM is not synchronized between the primary and secondary FortiGate devices.
- B. The root VDOM is not synchronized between the primary and secondary FortiGate devices.
- C. The global configuration is synchronized between the primary and secondary FortiGate devices.
- D. The FortiGate devices have three VDOMs.
NEW QUESTION 11
View the exhibit:
Which statement about the exhibit is true? (Choose two.)
- A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
- B. port-VLAN1 is the native VLAN for the port1 physical interface.
- C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
- D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
NEW QUESTION 12
Examine the exhibit, which contains a session diagnostic output.
Which of the following statements about the session diagnostic output is true?
- A. The session is in ESTABLISHED state.
- B. The session is in LISTEN state.
- C. The session is in TIME_WAIT state.
- D. The session is in CLOSE_WAIT state.
NEW QUESTION 13
Which action can be applied to each filter in the application control profile?
- A. Block, monitor, warning, and quarantine
- B. Allow, monitor, block and learn
- C. Allow, block, authenticate, and warning
- D. Allow, monitor, block, and quarantine
NEW QUESTION 14
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.
When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?
- A. SMTP.Login.Brute.Force
- B. IMAP.Login.brute.Force
- C. ip_src_session
- D. Location: server Protocol: SMTP
NEW QUESTION 15
What information is flushed when the chunk-size value is changed in the config dlp settings?
- A. The database for DLP document fingerprinting
- B. The supported file types in the DLP filters
- C. The archived files and messages
- D. The file name patterns in the DLP filters
NEW QUESTION 16
How can you block or allow to Twitter using a firewall policy?
- A. Configure the Destination field as Internet Service objects for Twitter.
- B. Configure the Action field as Learn and select Twitter.
- C. Configure the Service field as Internet Service objects for Twitter.
- D. Configure the Source field as Internet Service objects for Twitter.
NEW QUESTION 17
Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?
- A. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
- B. FortiGate is able to handle NATed connections only in aggressive mode.
- C. FortiClient only supports aggressive mode.
- D. Main mode does not support XAuth for user authentication.
NEW QUESTION 18
Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)
- A. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.
- B. If the VPN is configured as route-based, there must be at least one firewall policy with the action set toIPSec.
- C. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Addressor Dynamic DNS in the other peer.
- D. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.
NEW QUESTION 19
An administrator is investigating a report of users having intermittent issues with browsing the web. The administrator ran diagnostics and received the output shown in the exhibit.
Examine the diagnostic output shown exhibit. Which of the following options is the most likely cause of this issue?
- A. NAT port exhaustion
- B. High CPU usage
- C. High memory usage
- D. High session timeout value
NEW QUESTION 20
What files are sent to FortiSandbox for inspection in flow-based inspection mode?
- A. All suspicious files that do not have their hash value in the FortiGuard antivirus signature database.
- B. All suspicious files that are above the defined oversize limit value in the protocol options.
- C. All suspicious files that match patterns defined in the antivirus profile.
- D. All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus profile.
NEW QUESTION 21
NGFW mode allows policy-based configured for most impaction rules. Which security profile’s configuration does not change when you enable policy-based impaction?
- A. Antivirus
- B. Web proxy
- C. Web filtering
- D. Application control
NEW QUESTION 22
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)
- A. hourly
- B. real tune
- C. on-demand
- D. store-and-upload
NEW QUESTION 23
Recommend!! Get the Full NSE4_FGT-6.0 dumps in VCE and PDF From Certstest, Welcome to Download: https://www.certstest.com/dumps/NSE4_FGT-6.0/ (New 126 Q&As Version)