post page top logo

Free Fortinet NSE4_FGT-6.4 Practice Exam questions 2022 Updated With Free NSE4-FGT-6.4 Dumps

Are you Looking for Free NSE4-FGT-6.4 Practice Exam Questions, Practice the Below questions which are offered by Certspilot for NSE4 Exam, Download Complete 140 real Exam questions for Fortinet NES4-FGT-6.4 in PDF Dumps formate, Just prepare all questions well and practice on our Practice Exam and pass your NSE4 Exam on the first attempt, Our NSE4-FGT-6.4 Dumps Include real exam questions with verified answers. Learn more about Fortinet Certification here.

Practice on Free NSE4-FGT-6.4 Dumps, Below are Real Exam questions for Fortinet Exam - 2022

1. Consider the topology:

Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.

An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.

The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

2. Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

3. What is the primary FortiGate election process when the HA override setting is disabled?

4. Refer to the exhibit.                                                                                                                                                                                                                                                                                           

The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?

5. Which three statements are true regarding session-based authentication? (Choose three.)

6. Refer to the exhibit, which contains a static route configuration.                                                             

An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?

7. An administrator needs to increase network bandwidth and provide redundancy.

What interface type must the administrator select to bind multiple FortiGate interfaces?

8. An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.

What must an administrator do to achieve this objective?

9. Refer to the exhibit.                                                                                                                                               

Why did FortiGate drop the packet?

10. Refer to the exhibit.                                                                                                                                                   

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)

11. An organization’s employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

12. Which two statements are true about the RPF check? (Choose two.)

13. Refer to the exhibit.                                                                                                                                               

The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)

14. A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

15. Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

16. Refer to the exhibit.                                                                                                                                                                                                                                                                                                                                                                                                         

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

17. Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

18. Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

19. Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

20. Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

21. An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

22. Refer to the exhibit.                                                                                                                                               

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.

Which two statements are true? (Choose two.)

23. Why does FortiGate keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?

24. Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for

Facebook.                                                                                                                                                                                                                                                                       

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

25. Which two statements are correct about a software switch on FortiGate? (Choose two.)

26. Refer to the exhibit.                                                                                                                                                 

The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?

27. Which two statements are correct about NGFW Policy-based mode? (Choose two.)

28. Refer to the exhibit showing a debug flow output.                                                                                         

Which two statements about the debug flow output are correct? (Choose two.)

29. Refer to the exhibit, which contains a radius server configuration.                                                                 

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected

the Include in every user group option.

What will be the impact of using Include in every user group option in a RADIUS configuration?

30. Which statement is true about SSL VPN web mode?

31. Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

32. An administrator has configured the following settings                                                                                 

What are the two results of this configuration? (Choose two.)

33. Refer to the exhibit.                                                                                                                                             

An administrator is running a sniffer command as shown in the exhibit.

Which three pieces of information are included in the sniffer output? (Choose three.)

34. A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.

What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

35. A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.

What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?

36. Which two statements are true about the Security Fabric rating? (Choose two.)

37. Refer to the exhibit, which contains a session list output                                                                             

Based on the information shown in the exhibit, which statement is true?

38. Which two statements are true about the FGCP protocol? (Choose two.)

39. Refer to the exhibit, which contains a session diagnostic output.                                                               

Which statement is true about the session diagnostic output?

40. Which statement about the policy ID number of a firewall policy is true?

41. An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?


 

Download full version

Related Exams

About The Author

Certspilot

Certspilot is a platform where you can get to access to free Practice test questions for all IT certification like Microsoft, AWS, CompTIA, Salesforce, Cisco, CISSP and others certifications exam, you can download Updated and Valid Exam Dumps in PDF format and prepare yourself for certification exam in very short time. If you have any other question or need assistance regarding to your certification exam, click on Live Chat Icon and get in touch with our customer support agent, we are available 24/7 for customer support or send email at
support@certspilot.com.

Leave a Comment