NSE4_FGT-6.4 exam

Which of the following statements about central NAT are true? (Choose two.)A . IP tool references must be removed from existing firewall policies before enabling central NAC . Central NAT can be enabled or disabled from the CLI only.D . Source NAT, using central NAT, requires at least one central...

Which two statements ate true about the Security Fabric rating? (Choose two.)A . It provides executive summaries of the four largest areas of security focus.B . Many of the security issues can befixed immediately by click ng Apply where available.C . The Security Fabric rating must be run on the...

Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B). Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?A . The firewall policy performs the full content inspection...

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local...

Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two statements are correct? (Choose two.)A . Administrators can access FortiGate only through the console port.B . FortiGate...

Examine the network diagram shown in the exhibit, then answer the following question: Which one of the following routes is the best candidate route for FGT1 to route traffic from the Workstation to the Web server?A . 172.16.0.0/16 [50/0] via 10.4.200.2, port2 [5/0]B . 0.0.0.0/0 [20/0] via 10.4.200.2, port2C ....

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)A . Traffic to botnetserversB . Traffic to inappropriate web sitesC . Server information disclosure attacksD . Credit card data leaksE . SQL injection attacksView AnswerAnswer: B,C,E

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?A . It limits the scope of application control to the browser-based technology category only.B . It limits the scope of application control to scan application traffic based on application...

Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?A . The IPS engine was inspecting high volume of traffic.B . The IPS engine...

Refer to the exhibit. The exhibits show a network diagram and the explicit web proxy configuration. In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?A . ‘host 192.168.0.2 and port 8080’B . ‘host 10.0.0.50 and port...