Abreast Of The Times NSE4_FGT-6.0 Braindumps 2021

NSE4_FGT-6.0

Your success in Fortinet NSE4_FGT-6.0 is our sole target and we develop all our NSE4_FGT-6.0 braindumps in a way that facilitates the attainment of this target. Not only is our NSE4_FGT-6.0 study material the best you can find, it is also the most detailed and the most updated. NSE4_FGT-6.0 Practice Exams for Fortinet {category} NSE4_FGT-6.0 are written to the highest standards of technical accuracy.

NEW QUESTION 1
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

  • A. Traffic to botnet servers
  • B. Traffic to inappropriate web sites
  • C. Server information disclosure attacks
  • D. Credit card data leaks
  • E. SQL injection attacks

Answer: ACE

NEW QUESTION 2
An administrator wants to configure a FortiGate as a DNS server FortiGate must use us DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you UM?

  • A. Recursive
  • B. Non-recursive
  • C. Forward to primary and secondary DNS
  • D. Forward to system DNS

Answer: A

NEW QUESTION 3
An administrator is configuring an IPsec between site A and site B. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode selector for site B?

  • A. 192.168.3.0.24
  • B. 192.168.2.0.24
  • C. 192.168.1.0.24
  • D. 192.168.0.0.8

Answer: A

NEW QUESTION 4
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

  • A. Enable Event Logging.
  • B. Enable a web filter security profile on the Full Access firewall policy.
  • C. Enable Log Allowed Traffic on the Full Access firewall policy.
  • D. Enable disk logging.

Answer: BC

NEW QUESTION 5
Which statement regarding the firewall policy authentication timeout is true?

  • A. It is an idle timeou
  • B. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
  • C. It is a hard timeou
  • D. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
  • E. It is an idle timeou
  • F. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.
  • G. It is a hard timeou
  • H. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Answer: A

NEW QUESTION 6
What information is flushed when the chunk-size value is changed in the config dlp settings?

  • A. The database for DLP document fingerprinting
  • B. The supported file types in the DLP filters
  • C. The archived files and messages
  • D. The file name patterns in the DLP filters

Answer: A

NEW QUESTION 7
What is the limitation of using a URL list and application control on the same firewall policy, in NCFW policy-based mode?

  • A. It limits the scope of application control to the browser-based technology category only.
  • B. It limits the scope of application control to scan application traffic based on application category only.
  • C. It limits the scope of application control to scan application traffic using parent signatures only
  • D. It limits the scope of application control to scan application traffic on DNS protocol only.

Answer: D

NEW QUESTION 8
View the exhibit.
NSE4_FGT-6.0 dumps exhibit
Why is the administrator getting the error shown in the exhibit?

  • A. The administrator must first enter the command edit global.
  • B. The administrator admin does not have the privileges required to configure global settings.
  • C. The global settings cannot be configured from the root VDOM context.
  • D. The command config system global does not exist in FortiGate.

Answer: A

NEW QUESTION 9
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

  • A. hourly
  • B. real tune
  • C. on-demand
  • D. store-and-upload

Answer: BD

NEW QUESTION 10
An administration wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?

  • A. tcp_port_scan
  • B. ip_dst_session
  • C. udp_flood
  • D. ip_src_session

Answer: A

NEW QUESTION 11
When using WPAD DNS method, winch FQDN format do browsers use to query the DNS server?
A)
NSE4_FGT-6.0 dumps exhibit
B)
NSE4_FGT-6.0 dumps exhibit
C)
NSE4_FGT-6.0 dumps exhibit
D)
NSE4_FGT-6.0 dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: C

NEW QUESTION 12
An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices Winch configuration steps must be performed on both devices to support this scenario? (Choose three.)

  • A. Define the phase 1 parameters, without enabling IPsec interface mode
  • B. Define the phase 2 parameters.
  • C. Set the phase 2 encapsulation method to transport mode
  • D. Define at least one firewall policy, with the action set to IPsec.
  • E. Define a route to the remote network over the IPsec tunnel.

Answer: CDE

NEW QUESTION 13
View the exhibit:
NSE4_FGT-6.0 dumps exhibit
Which statement about the exhibit is true? (Choose two.)

  • A. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
  • B. port-VLAN1 is the native VLAN for the port1 physical interface.
  • C. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
  • D. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

Answer: CD

NEW QUESTION 14
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAND ID, only if they have IP addresses in different subnets.

  • A. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
  • B. The two VLAN sub interfaces must have different VLAN IDs.
  • C. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.
  • D. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

Answer: B

NEW QUESTION 15
How does FortiGate verify the login credentials of a remote LDAP user?

  • A. FortiGate regenerates the algorithm based on the login credentials and compares it to the algorithm stored on the LDAP server.
  • B. FortiGate sends the user-entered credentials to the LDAP server for authentication.
  • C. FortiGate queries the LDAP server for credentials.
  • D. FortiGate queries its own database for credentials.

Answer: B

NEW QUESTION 16
Which statements about HA for FortiGate devices are true? (Choose two.)

  • A. Sessions handled by proxy-based security profiles cannot be synchronized.
  • B. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.
  • C. HA management interface settings are synchronized between cluster members.
  • D. Heartbeat interfaces are not required on the primary device.

Answer: BC

NEW QUESTION 17
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

  • A. To remove the NAT operation.
  • B. To generate logs
  • C. To finish any inspection operations.
  • D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Answer: D

NEW QUESTION 18
What FortiGate configuration is required to actively prompt users for credentials?

  • A. You must enable one or more protocols that support active authentication on a firewall policy
  • B. You must position the firewall policy for active authentication before a firewall policy foe passive authentication.
  • C. You must assign users to a group for active authentication
  • D. You must enable the Authentication setting on the firewall policy

Answer: C

NEW QUESTION 19
When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

  • A. Connected monitored ports > HA uptime > priority > serial number
  • B. Priority > Connected monitored ports > HA uptime > serial number
  • C. Connected monitored ports > priority > HA uptime > serial number
  • D. HA uptime > priority > Connected monitored ports > serial number

Answer: C

NEW QUESTION 20
When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic?

  • A. It must be configured in a static route using the sdwan virtual interface.
  • B. It must be provided in the SD-WAN member interface configuration.
  • C. It must be configured in a policy-route using the sdwan virtual interface.
  • D. It must be learned automatically through a dynamic routing protocol.

Answer: A

NEW QUESTION 21
Which statements about antivirus scanning mode are true? (Choose two.)

  • A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.
  • B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.
  • C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.
  • D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.

Answer: BD

NEW QUESTION 22
During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?

  • A. Authentication.
  • B. Data integrity.
  • C. Non-repudiation.
  • D. Signature verification.

Answer: D

NEW QUESTION 23
......

P.S. Simply pass now are offering 100% pass ensure NSE4_FGT-6.0 dumps! All NSE4_FGT-6.0 exam questions have been updated with correct answers: https://www.simply-pass.com/Fortinet-exam/NSE4_FGT-6.0-dumps.html (126 New Questions)