Free NSE4_FGT-6.0 Vce 2021

NEW QUESTION 1
Examine this FortiGate configuration:

How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

• A. It always authorizes the traffic without requiring authentication.
• B. It drops the traffic.
• C. It authenticates the traffic using the authentication scheme SCHEME2.
• D. It authenticates the traffic using the authentication scheme SCHEME1.

Answer: C

NEW QUESTION 2
Which statement about the IP authentication header (AH) used by IPsec is true?

• A. AH does not provide any data integrity or encryption.
• B. AH does not support perfect forward secrecy.
• C. AH provides data integrity but no encryption.
• D. AH provides strong data integrity but weak encryption.

Answer: C

NEW QUESTION 3
Which is the correct description of a hash result as it relates to digital certificates?

• A. A unique value used to verify the input data
• B. An output value that is used to identify the person or deuce that authored the input data.
• C. An obfuscation used to mask the input data.
• D. An encrypted output value used to safe-guard die input data

Answer: A

NEW QUESTION 4
Which statement is true regarding SSL VPN timers? (Choose two.)

• A. Allow to mitigate DoS attacks from partial HTTP requests.
• B. SSL VPN settings do not have customizable timers.
• C. Disconnect idle SSL VPN users when a firewall policy authentication timeout occurs.
• D. Prevent SSL VPN users from being logged out because of high network latency.

Answer: AD

NEW QUESTION 5
Which statement about DLP on FortiGate is true?

• A. It can archive files and messages.
• B. It can be applied to a firewall policy in a flow-based VDOM
• C. Traffic shaping can be applied to DLP sensors.
• D. Files can be sent to FortiSandbox for detecting DLP threats.

Answer: A

NEW QUESTION 6
If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?

• A. It notifies the administrator by sending an email.
• B. It provides a DLP block replacement page with a link to download the file.
• C. It blocks all future traffic for that IP address for a configured interval.
• D. It archives the data for that IP address.

Answer: C

NEW QUESTION 7
Which of the following statements about NTLM authentication are correct? (Choose two.)

• A. It is useful when users log in to DCs that are not monitored by a collector agent.
• B. It takes over as the primary authentication method when configured alongside FSSO.
• C. Multi-domain environments require DC agents on every domain controller.
• D. NTLM-enabled web browsers are required.

Answer: AD

NEW QUESTION 8
Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.)

• A. The NetSessionEnum function is used to track user logoffs.
• B. WMI polling can increase bandwidth usage in large networks.
• C. The collector agent uses a Windows API to query DCs for user logins.
• D. The collector agent do not need to search any security event logs.

Answer: BC

NEW QUESTION 9
Which one of the following processes is involved in updating IPS from FortiGuard?

• A. FortiGate IPS update requests are sent using UDP port 443.
• B. Protocol decoder update requests are sent to service.fortiguard.net.
• C. IPS signature update requests are sent to update.fortiguard.net.
• D. IPS engine updates can only be obtained using push updates.

Answer: C

NEW QUESTION 10
Which of the following statements about the FSSO collector agent timers is true?

• A. The workstation verify interval is used to periodically check of a workstation is still a domain member.
• B. The IP address change verify interval monitors the server IP address where the collector agent isinstalled, and the updates the collector agent configuration if it changes.
• C. The user group cache expiry is used to age out the monitored groups.
• D. The dead entry timeout interval is used to age out entries with an unverified status.

Answer: D

NEW QUESTION 11
How does FortiGate select the central SNAT policy that is applied to a TCP session?

• A. It selects the SNAT policy specified in the configuration of the outgoing interface.
• B. It selects the first matching central SNAT policy, reviewing from top to bottom.
• C. It selects the central SNAT policy with the lowest priority.
• D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Answer: B

NEW QUESTION 12
Examine the following web filtering log.

Which statement about the log message is true?

• A. The action for the category Games is set to block.
• B. The usage quota for the IP address 10.0.1.10 has expired.
• C. The name of the applied web filter profile is default.
• D. The web site miniclip.com matches a static URL filter whose action is set to Warning.

Answer: D

NEW QUESTION 13
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

• A. Log downloads from the GUI are limited to the current log filter view
• B. Log backups from the CLI cannot be restored to another FortiGate.
• C. Log backups from the CLI can be configured to upload to FTP at a scheduled time
• D. Log downloads from the GUI are stored as LZ4 compressed files.

Answer: BC

NEW QUESTION 14
Examine the exhibit, which contains a session diagnostic output.

Which of the following statements about the session diagnostic output is true?

• A. The session is in ESTABLISHED state.
• B. The session is in LISTEN state.
• C. The session is in TIME_WAIT state.
• D. The session is in CLOSE_WAIT state.

Answer: A

NEW QUESTION 15
Which statements about antivirus scanning mode are true? (Choose two.)

• A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.
• B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.
• C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.
• D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.

Answer: BD

NEW QUESTION 16
Examine the exhibit, which shows the output of a web filtering real time debug.

Why is the site www.bing.com being blocked?

• A. The web site www.bing.com is categorized by FortiGuard as Malicious Websites.
• B. The user has not authenticated with the FortiGate yet.
• C. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.
• D. The rating for the web site www.bing.com has been locally overridden to a category that is being blocked.

Answer: D

NEW QUESTION 17
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)

• A. Enable Event Logging.
• B. Enable a web filter security profile on the Full Access firewall policy.
• C. Enable Log Allowed Traffic on the Full Access firewall policy.
• D. Enable disk logging.

Answer: BC

NEW QUESTION 18
Examine the exhibit, which shows the partial output of an IKE real-time debug.

Which of the following statement about the output is true?

• A. The VPN is configured to use pre-shared key authentication.
• B. Extended authentication (XAuth) was successful.
• C. Remote is the host name of the remote IPsec peer.
• D. Phase 1 went down.

Answer: A

NEW QUESTION 19
By default, when logging to disk, when does FortiGate delete logs?

• A. 30 days
• B. 1 year
• C. Never
• D. 7 days

Answer: D

NEW QUESTION 20
View the exhibit.


What does this raw log indicate? (Choose two.)

• A. FortiGate blocked the traffic.
• B. type indicates that a security event was recorded.
• C. 10.0.1.20 is the IP address for lavito.tk.
• D. policyid indicates that traffic went through the IPS firewall policy.

Answer: BD

NEW QUESTION 21
......