Fortinet NSE 4 - FortiOS 6.4 (NSE4_FGT-6.4) Free Practice Test

Question 1

In which two ways can RPF checking be disabled? (Choose two )

A. Disable the RPF check at the FortiGate interface level for the source check

B. Enable anti-replay in firewall policy.

C. Enable asymmetric routing.

D. Disable strict-arc-check under system settings.

Correct Answer: C,D

Question 2

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A. The CA certificate that signed the web-server certificate must be installed on the browser.

B. The web-server certificate must be installed on the browser.

C. The private key of the CA certificate that signed the browser certificate must be installed on the browser.

D. The public key of the web server certificate must be installed on the browser.

Correct Answer: A

Question 3

Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

A. get system performance status

B. get system arp

C. diagnose sys top

D. get system status

Correct Answer: B

Question 4

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Traffic to botnetservers

B. Server information disclosure attacks

C. SQL injection attacks

D. Credit card data leaks

E. Traffic to inappropriate web sites

Correct Answer: B,C,D

Question 5

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A. Once Internet Service is selected, no other object can be added

B. FQDN address

C. IP address

D. User or User Group

Correct Answer: A

Question 6

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?

A. On Idle

B. Enabled

C. Disabled

D. On Demand

Correct Answer: A

Question 7

What devices form the core of the security fabric?

A. Two FortiGate devices and one FortiManager device

B. One FortiGate device and one FortiAnalyzer device

C. One FortiGate device and one FortiManager device

D. Two FortiGate devices and one FortiAnalyzer device

Correct Answer: D

Question 8

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?

A. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.

B. No new log is recorded until you manually clear logs from the local disk.

C. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.

D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.

Correct Answer: A

Question 9

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

A. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

B. FortiGate automatically negotiates a new security association after the existing security association expires.

C. FortiGate automatically negotiates different local and remote addresses with the remote peer.

D. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

An administrator needs to increase network bandwidth and provide redundancy.
What interface type must the administrator select to bind multiple FortiGate interfaces?

A. VLAN interface

B. Software Switch interface

C. Aggregate interface

D. Redundant interface

Correct Answer: C

Question 11

Refer to the exhibit.

The exhibits show a network diagram and the explicit web proxy configuration.
In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?

A. 'host 10.0.0.50 and port 80'

B. 'host 192.168.0.1 and port 80'

C. 'host 10.0.0.50 and port 8080'

D. 'host 192.168.0.2 and port 8080'

Correct Answer: D

Question 12

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

A. The collector agent must search security event logs.

B. The collector agent uses a Windows API to query DCs for user logins.

C. The NetSession Enum function is used to track user logouts.

D. NetAPI polling can increase bandwidth usage in large networks.

Correct Answer: C

Question 13

Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

A. FortiGate will only actuate the port1 route in the routing table

B. FortiGate will load balance all traffic across both routes.

C. FortiGate will use the port1 route as the primary candidate.

D. FortiGate will route twice as much traffic to the port2 route

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 14

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A. SMMIE Capabilities value

B. Subject value

C. Subject Key Identifier value

D. Subject Alternative Name value

Correct Answer: C

Question 15

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

A. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

B. Addcting.Games is allowed based on the Categories configuration.

C. Addicting.Games is allowed based on the Application Overrides configuration.

D. Addicting.Games is blocked on the Filter Overrides configuration.

Correct Answer: C

Welcome to TestSimulate

Fortinet NSE 4 - FortiOS 6.4 (NSE4_FGT-6.4) Free Practice Test