Fortinet NSE4_FGT-6.4 Fortinet NSE 4 – FortiOS 6.4 Online Training
Fortinet NSE4_FGT-6.4 Online Training
The questions for NSE4_FGT-6.4 were last updated at Jan 04,2025.
- Exam Code: NSE4_FGT-6.4
- Exam Name: Fortinet NSE 4 - FortiOS 6.4
- Certification Provider: Fortinet
- Latest update: Jan 04,2025
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
- A . By default, FortiGate uses WINS servers to resolve names.
- B . By default, the SSL VPN portal requires the installation of a client’s certificate.
- C . By default, split tunneling is enabled.
- D . By default, the admin GUI and SSL VPN portal use the same HTTPS port.
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
- A . IPS engine handles the process as a standalone.
- B . FortiGate buffers the whole file but transmits to the client simultaneously.
- C . If the virus is detected, the last packet is delivered to the client.
- D . Optimized performance compared to proxy-based inspection.
- E . Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.
Refer to the exhibit.
Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)
- A . Traffic between port2 and port2-vlan1 is allowed by default.
- B . port1-vlan10 and port2-vlan10 are part of the same broadcast domain.
- C . port1 is a native VLAN.
- D . port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.
Refer to the FortiGuard connection debug output.
Based on the output shown in the exhibit, which two statements are correct? (Choose two.)
- A . A local FortiManager is one of the servers FortiGate communicates with.
- B . One server was contacted to retrieve the contract information.
- C . There is at least one server that lost packets consecutively.
- D . FortiGate is using default FortiGuard communication settings.
Examine this output from a debug flow:
Why did the FortiGate drop the packet?
- A . The next-hop IP address is unreachable.
- B . It failed the RPF check.
- C . It matched an explicitly configured firewall policy with the action DENY.
- D . It matched the default implicit firewall policy.
D
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=13900
Refer to the exhibit.
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?
- A . Run a sniffer on the web server.
- B . Capture the traffic using an external sniffer connected to port1.
- C . Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”
- D . Execute a debug flow.
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
- A . The firmware image must be manually uploaded to each FortiGate.
- B . Only secondary FortiGate devices are rebooted.
- C . Uninterruptable upgrade is enabled by default.
- D . Traffic load balancing is temporally disabled while upgrading the firmware.
An administrator is running the following sniffer command:
diagnose aniffer packer any "host 192.168.2.12" 5
Which three pieces of Information will be Included in me sniffer output? {Choose three.)
- A . Interface name
- B . Packet payload
- C . Ethernet header
- D . IP header
- E . Application header
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
- A . For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
- B . FortiGate supports pre-shared key and signature as authentication methods.
- C . Enabling XAuth results in a faster authentication because fewer packets are exchanged.
- D . A certificate is not required on the remote peer when you set the signature as the authentication method.
A,B
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/913287/ipsec-vpn-authenticating-aremote-fortigate-peer-with-a-pre-shared-key
An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24.
How must the administrator configure the local quick mode selector for site B?
- A . 192.168.3.0/24
- B . 192.168.2.0/24
- C . 192.168.1.0/24
- D . 192.168.0.0/8
Latest NSE4_FGT-6.4 Dumps Valid Version with 142 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
