PassLeader just published the NEWEST Fortinet NSE4_FGT-6.4 exam dumps! And, PassLeader offer two types of the NSE4_FGT-6.4 dumps — NSE4_FGT-6.4 VCE dumps and NSE4_FGT-6.4 PDF dumps, both VCE and PDF contain the NEWEST NSE4_FGT-6.4 exam questions, they will help you PASSING the Fortinet NSE4_FGT-6.4 exam easily! Now, get the NEWEST NSE4_FGT-6.4 dumps in VCE and PDF from PassLeader — https://www.passleader.com/nse4-fgt-6-4.html (111 Q&As Dumps –> 165 Q&As Dumps)
What’s more, part of that PassLeader NSE4_FGT-6.4 dumps now are free — https://drive.google.com/drive/folders/1FwOSZXBNhRkZ2TNK_n-fRFtpbhnCpCEM
NEW QUESTION 1
An administrator has configured outgoing Interface any in a firewall policy. Which statement is true about the policy list view?
A. Policy lookup will be disabled.
B. By Sequence view will be disabled.
C. Search option will be disabled.
D. Interface Pair view will be disabled.
NEW QUESTION 2
Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT, using central NAT, requires at least one central SNAT policy.
D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
NEW QUESTION 3
Which three statements about security associations (SA) in IPsec are correct? (Choose three.)
A. Phase 2 SAs are used for encrypting and decrypting the data exchanged through the tunnel.
B. An SA never expires.
C. A phase 1 SA is bidirectional, while a phase 2 SA is directional.
D. Phase 2 SA expiration can be time-based, volume-based, or both.
E. Both the phase 1 SA and phase 2 SA are bidirectional.
NEW QUESTION 4
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
NEW QUESTION 5
Which two statements are true about the Security Fabric rating? (Choose two.)
A. It provides executive summaries of the four largest areas of security focus.
B. Many of the security issues can befixed immediately by click ng Apply where available.
C. The Security Fabric rating must be run on the root FortiGate device in the Security Fabric.
D. The Security Fabric rating is a free service that comes bundled with alt FortiGate devices.
NEW QUESTION 6
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
A. Log downloads from the GUI are limited to the current filter view.
B. Log backups from the CLI cannot be restored to another FortiGate.
C. Log backups from the CLI can be configured to upload to FTP as a scheduled time.
D. Log downloads from the GUI are stored as LZ4 compressed files.
NEW QUESTION 7
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
A. Configure Source IP Pools.
B. Configure split tunneling in tunnel mode.
C. Configure different SSL VPN realms.
D. Configure host check.
NEW QUESTION 8
An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?
A. Add the support of NTLM authentication.
B. Add useraccounts to Active Directory (AD).
C. Add user accounts to the FortiGate group fitter.
D. Add user accounts to the Ignore User List.
NEW QUESTION 9
Which two statements about antivirus scanning mode are true? (Choose two.)
A. In proxy-based inspection mode, files bigger than the buffer size are scanned.
B. In flow-based inspection mode. FortiGate buffers the file, but also simultaneously transmits it to the client.
C. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
D. In flow-based inspection mode, files bigger than the buffer size are scanned.
NEW QUESTION 10
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
A. System time.
B. FortiGuaid update servers.
C. Operating mode.
D. NGFW mode.
NEW QUESTION 11
Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.
B. AH does not support perfect forward secrecy.
C. AH provides data integrity bur no encryption.
D. AH provides strong data integrity but weak encryption.
NEW QUESTION 12
To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?
B. Root FortiGate
D. Downstream FortiGate
NEW QUESTION 13
An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?
A. A phase 2 configuration is not required.
B. This VPN cannot be used as part of a hub-and-spoke topology.
C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
D. The IPsec firewall policies must be placed at the top of the list.
NEW QUESTION 14
NGFW mode allows policy-based configuration for most inspection rules. Which security profile’s configuration does not change when you enable policy-based inspection?
A. Web filtering
C. Web proxy
D. Application control
NEW QUESTION 15
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The interface has been configured for one-arm sniffer.
B. The interface is a member of a virtual wire pair.
C. The operation mode is transparent.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
NEW QUESTION 16
Which two statements are true about the FGCP protocol? (Choose two.)
A. Not used when FortiGate is in Transparent mode.
B. Elects the primary FortiGate device.
C. Runs only over the heartbeat links.
D. Is used to discover FortiGate devices in different HA groups.
NEW QUESTION 17
Why does FortiGate Keep TCP sessions in the session table for several seconds, even after both sides (client and server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
B. To finish any inspection operations.
C. To remove the NAT operation.
D. To generate logs.
NEW QUESTION 18
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
A. System event logs.
B. Forward traffic logs.
C. Local traffic logs.
D. Security logs.
NEW QUESTION 19
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
NEW QUESTION 20
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?
A. The public key of the web server certificate must be installed on the browser.
B. The web-server certificate must be installed on the browser.
C. The CA certificate that signed the web-server certificate must be installed on the browser.
D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
NEW QUESTION 21
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic, in addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should tie administrator configure on FortiGate for the new IPsec VPN tunnel to work?
A. Static IP Address
B. Dialup User
C. Dynamic DNS
D. Pre-shared Key
NEW QUESTION 22
In consolidated firewall policies, IPv4 and IPv6 policies are combined in a single consolidated policy. Instead of separate policies. Which three statements are true about consolidated IPv4 and IPv6 policy configuration? (Choose three.)
A. The IP version of the sources and destinations in a firewall policy must be different.
B. The Incoming Interface, Outgoing Interface, Schedule, and Service Fields can be shared with both IPv4 and IPv6.
C. The policy table in the GUI can be filtered to display policies with IPv4, IPv6 or IPv4 and IPv6 sources and destinations.
D. The IP version of the sources and destinations in a policy must match.
E. The policy table in the GUI will be consolidated to display policies with IPv4 and IPv6 sources and destinations.
NEW QUESTION 23
Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)
NEW QUESTION 24
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
A. The keyUsage extension must be set to keyCertSign.
B. The common name on the subject field must use a wildcard name.
C. The issuer must be a public CA.
D. The CA extension must be set to TRUE.
NEW QUESTION 25
Learning the PassLeader NSE4_FGT-6.4 dumps with VCE and PDF for 100% passing Fortinet certification — https://www.passleader.com/nse4-fgt-6-4.html (111 Q&As Dumps –> 165 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE4_FGT-6.4 dumps for free — https://drive.google.com/drive/folders/1FwOSZXBNhRkZ2TNK_n-fRFtpbhnCpCEM