Download Fortinet.NSE4_FGT-6.4.DumpsBase.2023-03-10.142q.vcex

Download Exam

File Info

Exam Fortinet NSE 4 - FortiOS 6.4
Number NSE4_FGT-6.4
File Name Fortinet.NSE4_FGT-6.4.DumpsBase.2023-03-10.142q.vcex
Size 10 MB
Posted Mar 10, 2023
Download Fortinet.NSE4_FGT-6.4.DumpsBase.2023-03-10.142q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

Refer to the exhibit.
   
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?


  1. The IPS engine was inspecting high volume of traffic.
  2. The IPS engine was unable to prevent an intrusion attack.
  3. The IPS engine was blocking all traffic.
  4. The IPS engine will continue to run in a normal state.
Correct answer: A



Question 2

Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)


  1. hard-timeout
  2. auth-on-demand
  3. soft-timeout
  4. new-session
  5. Idle-timeout
Correct answer: ADE
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37221



Question 3

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)


  1. Antivirus scanning
  2. File filter
  3. DNS filter
  4. Intrusion prevention
Correct answer: AD



Question 4

When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?


  1. Log ID
  2. Universally Unique Identifier
  3. Policy ID
  4. Sequence ID
Correct answer: B
Explanation:
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/554066/firewall-policies
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/554066/firewall-policies



Question 5

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)


  1. The subject field in the server certificate
  2. The serial number in the server certificate
  3. The server name indication (SNI) extension in the client hello message
  4. The subject alternative name (SAN) field in the server certificate
  5. The host field in the HTTP header
Correct answer: ACD
Explanation:
Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection
Reference: https://checkthefirewall.com/blogs/fortinet/ssl-inspection



Question 6

Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)


  1. diagnose sys top
  2. execute ping
  3. execute traceroute
  4. diagnose sniffer packet any
  5. get system arp
Correct answer: BCD



Question 7

Consider the topology:
Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.
An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.
The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
What two changes can the administrator make to resolve the issue without affecting services running
through FortiGate? (Choose two.)


  1. Set the maximum session TTL value for the TELNET service object.
  2. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.
  3. Create a new service object for TELNET and set the maximum session TTL.
  4. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.
Correct answer: CD



Question 8

NGFW mode allows policy-based configuration for most inspection rules.
Which security profile's configuration does not change when you enable policy-based inspection?


  1. Web filtering 
  2. Antivirus
  3. Web proxy
  4. Application control
Correct answer: B



Question 9

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)


  1. Log downloads from the GUI are limited to the current filter view
  2. Log backups from the CLI cannot be restored to another FortiGate.
  3. Log backups from the CLI can be configured to upload to FTP as a scheduled time
  4. Log downloads from the GUI are stored as LZ4 compressed files.
Correct answer: AB



Question 10

Which two statements are true about the FGCP protocol? (Choose two.)


  1. Not used when FortiGate is in Transparent mode
  2. Elects the primary FortiGate device
  3. Runs only over the heartbeat links
  4. Is used to discover FortiGate devices in different HA groups
Correct answer: BC









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files