[Dec 22, 2021] Fortinet NSE4_FGT-6.4 Real Exam Questions and Answers FREE
Pass Fortinet NSE4_FGT-6.4 Exam Info and Free Practice Test
How to study the Network Security Professional (Fortinet NSE4_FGT-6.4) Professional Exam
Test Preparation teaches how the exam questions can to be decoded. Our Exam Preparedness: Fortinet NSE4_FGT-6.4â Technical arrangement course is delivered in multiple configurations: study hall preparing for learning or taking an interest in a physical homeroom with an NSE4 Approved Learner. Free media preparing for learning whenever it is suitable for you. The course surveys test inquiries in each branch of knowledge and how the themes tried ought to be seen to such an extent that off base answers are easier to stay away from. Our course will help you in tracking down the correct answers.
FORTINET NSE4_FGT-6.4 practice test can be used for preparation.
NEW QUESTION 79
Refer to the exhibit.
Examine the intrusion prevention system (IPS) diagnostic command.
Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
- A. The IPS engine will continue to run in a normal state.
- B. The IPS engine was unable to prevent an intrusion attack.
- C. The IPS engine was blocking all traffic.
- D. The IPS engine was inspecting high volume of traffic.
Answer: D
NEW QUESTION 80
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies.
Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)
- A. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
- B. The IP version of the sources and destinations in a policy must match.
- C. The Incoming Interface. Outgoing Interface. Schedule, and Service fields can be shared with both IPv4 and IPv6.
- D. The IP version of the sources and destinations in a firewall policy must be different.
- E. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
Answer: A,D,E
NEW QUESTION 81
An administrator has configured the following settings:
- A. A session for denied traffic is created.
- B. The number of logs generated by denied traffic is reduced.
Explanation Explanation/Reference: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46328 Explanation/Reference:
Explanation Explanation/Reference: Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46328 - C. Device detection on all interfaces is enforced for 30 minutes.
- D. Denied users are blocked for 30 minutes.
Answer: A,B
NEW QUESTION 82
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)
- A. On Remote-FortiGate, set port2 as Interface.
- B. On HQ-FortiGate, set IKE mode to Main (ID protection).
- C. On HQ-FortiGate, disable Diffie-Helman group 2.
- D. On both FortiGate devices, set Dead Peer Detection to On Demand.
Answer: A,B
NEW QUESTION 83
Refer to the exhibit.

The exhibit contains the configuration for an SD-WAN Performance SLA, as well as the output of diagnose sys virtual-wan-link health-check.
Which interface will be selected as an outgoing interface?
- A. port1
- B. port3
- C. port4
- D. port2
Answer: A
NEW QUESTION 84
Refer to the exhibit. Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?
- A. Read/Write permission for Firewall
- B. Read/Write permission for Log & Report
- C. Custom permission for Network
- D. CLI diagnostics commands permission
Answer: C
NEW QUESTION 85
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
- A. Pre-shared Key
- B. Static IP Address
- C. Dialup User
- D. Dynamic DNS
Answer: C
NEW QUESTION 86
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
- A. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
- B. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
- C. Enable Dead Peer Detection.
- D. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
Answer: B,C
NEW QUESTION 87
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
- A. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
- B. The CA certificate that signed the web-server certificate must be installed on the browser.
- C. The public key of the web servercertificate must be installed on the browser.
- D. The web-server certificate must be installed on the browser.
Answer: B
NEW QUESTION 88
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must an administrator do to achieve this objective?
- A. The administrator can use a third-party radius OTP server.
- B. The administrator must use a FortiAuthenticator device.
- C. The administrator must use the user self-registration server.
- D. The administrator can register the same FortiToken on more than one FortiGate.
Answer: B
NEW QUESTION 89
Refer to the exhibit, which contains a session diagnostic output.
Which statement is true about the session diagnostic output?
- A. The session is in TCP ESTABLISHED state.
- B. The session is a bidirectional UDP connection.
- C. The session is a UDP unidirectional state.
- D. The session is a bidirectional TCP connection.
Answer: B
NEW QUESTION 90
Examine the exhibit, which contains a virtual IP and firewall policy configuration.


The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
- A. 10.200.1.1
- B. 10.200.1.10
- C. 10.0.1.254
- D. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
Answer: B
Explanation:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Virtual%20IPs.htm
NEW QUESTION 91
Refer to the exhibit.
Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?
- A. The signature setting uses a custom rating threshold.
- B. The signature setting includes a group of other signatures.
- C. Traffic matching the signature will be allowed and logged.
- D. Traffic matching the signature will be silently dropped and logged.
Answer: C
NEW QUESTION 92
An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?
- A. Enable asymmetric routing, so the RPF check will be bypassed.
- B. Enable asymmetric routing at the interface level.
- C. Disable the RPF check at the FortiGate interface level for the reply check.
- D. Disable the RPF check at the FortiGate interface level for the source check.
Answer: B
NEW QUESTION 93
Which of the following statements about central NAT are true? (Choose two.)
- A. Source NAT, using central NAT, requires at least one central SNAT policy.
- B. IP tool references must be removed from existing firewall policies before enabling central NAT.
- C. Central NAT can be enabled or disabled from the CLI only.
- D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
Answer: B,C
NEW QUESTION 94
An administrator has configured the following settings:
- A. The number of logs generated by denied traffic is reduced.
- B. A session for denied traffic is created.
- C. Device detection on all interfaces is enforced for 30 minutes.
- D. Denied users are blocked for 30 minutes.
Answer: A,B
NEW QUESTION 95
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
- A. By default, all interfaces are part of the same broadcast domain.
- B. FortiGate forwards frames without changing the MAC address.
- C. Static routes are required to allow traffic to the next hop.
- D. The existing network IP schema must be changed when installing a transparent mode.
Answer: A,B
NEW QUESTION 96
......
Fortinet NSE4_FGT-6.4 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
How much Network Security Professional (Fortinet NSE4_FGT-6.4) Professional Exam Cost
The cost of the Network Security Professional (Fortinet NSE4_FGT-6.4) Exam is 400 USD. For more information related to exam price, please visit the official website AWS Website as the cost of exams may be subjected to vary county-wise.
Latest NSE4_FGT-6.4 Exam Dumps Fortinet Exam: https://validdumps.free4torrent.com/NSE4_FGT-6.4-valid-dumps-torrent.html