Fortinet NSE4_FGT-6.4 Fortinet NSE 4 – FortiOS 6.4 Online Training
Fortinet NSE4_FGT-6.4 Online Training
The questions for NSE4_FGT-6.4 were last updated at Jan 02,2025.
- Exam Code: NSE4_FGT-6.4
- Exam Name: Fortinet NSE 4 - FortiOS 6.4
- Certification Provider: Fortinet
- Latest update: Jan 02,2025
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices.
The administrator has determined that phase 1 status is up. but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
- A . On HQ-FortiGate, enable Auto-negotiate.
- B . On Remote-FortiGate, set Seconds to 43200.
- C . On HQ-FortiGate, enable Diffie-Hellman Group 2.
- D . On HQ-FortiGate, set Encryption to AES256.
D
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/168495
Which scanning technique on FortiGate can be enabled only on the CLI?
- A . Heuristics scan
- B . Trojan scan
- C . Antivirus scan
- D . Ransomware scan
A
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/567568/enabling-scanning
An administrator has configured two-factor authentication to strengthen SSL VPN access.
Which additional best practice can an administrator implement?
- A . Configure Source IP Pools.
- B . Configure split tunneling in tunnel mode.
- C . Configure different SSL VPN realms.
- D . Configure host check.
Which two types of traffic are managed only by the management VDOM? (Choose two.)
- A . FortiGuard web filter queries
- B . PKI
- C . Traffic shaping
- D . DNS
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
- A . The Services field prevents SNAT and DNAT from being combined in the same policy.
- B . The Services field is used when you need to bundle several VIPs into VIP groups.
- C . The Services field removes the requirement to create multiple VIPs for different services.
- D . The Services field prevents multiple sources of traffic from using multiple services to
connect to a single computer.
Refer to the web filter raw logs.
Based on the raw logs shown in the exhibit, which statement is correct?
- A . Social networking web filter category is configured with the action set to authenticate.
- B . The action on firewall policy ID 1 is set to warning.
- C . Access to the social networking web filter category was explicitly blocked to all users.
- D . The name of the firewall policy is all_users_web.
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
- A . Lookup is done on the first packet from the session originator
- B . Lookup is done on the last packet sent from the responder
- C . Lookup is done on every packet, regardless of direction
- D . Lookup is done on the trust reply packet from the responder
Refer to the exhibit, which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
- A . The session is a UDP unidirectional state.
- B . The session is in TCP ESTABLISHED state.
- C . The session is a bidirectional UDP connection.
- D . The session is a bidirectional TCP connection.
Refer to the exhibit.
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access internet. The To_lnternet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
Which two statements are true? (Choose two.)
- A . Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.
- B . A static route is required on the To_Internet VDOM to allow LAN users to access the internet.
- C . Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.
- D . Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
- A . get system status
- B . get system performance status
- C . diagnose sys top
- D . get system arp
Latest NSE4_FGT-6.4 Dumps Valid Version with 142 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
