web analytics
FortiGate Enterprise Firewall Exam / NSE4_FGT-6.4 Dumps / NSE4_FGT-6.4 Exam Questions / NSE4_FGT-6.4 PDF Dumps / NSE4_FGT-6.4 VCE Dumps

[23-May-2021] New PassLeader FortiOS 6.4 NSE4_FGT-6.4 Dumps with VCE and PDF (New Questions)

PassLeader just published the NEWEST Fortinet NSE4_FGT-6.4 exam dumps! And, PassLeader offer two types of the NSE4_FGT-6.4 dumps — NSE4_FGT-6.4 VCE dumps and NSE4_FGT-6.4 PDF dumps, both VCE and PDF contain the NEWEST NSE4_FGT-6.4 exam questions, they will help you PASSING the Fortinet NSE4_FGT-6.4 exam easily! Now, get the NEWEST NSE4_FGT-6.4 dumps in VCE and PDF from PassLeaderhttps://www.passleader.com/nse4-fgt-6-4.html (165 Q&As Dumps)

What’s more, part of that PassLeader NSE4_FGT-6.4 dumps now are freehttps://drive.google.com/drive/folders/1FwOSZXBNhRkZ2TNK_n-fRFtpbhnCpCEM

NEW QUESTION 140
Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

A.    diagnose sys top
B.    execute ping
C.    execute traceroute
D.    diagnose sniffer packet any
E.    get system arp

Answer: BCE

NEW QUESTION 141
Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A.    By default, all interfaces are part of the same broadcast domain.
B.    The existing network IP schema must be changed when installing a transparent mode.
C.    Static routes are required to allow traffic to the next hop.
D.    FortiGate forwards frames without changing the MAC address.

Answer: AD
Explanation:
https://kb.fortinet.com/kb/viewAttachment.do?attachID=Fortigate_Transparent_Mode_Technical_Guide_FortiOS_4_0_version1.2.pdf&documentID=FD33113

NEW QUESTION 142
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

A.    For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.
B.    FortiGate supports pre-shared key and signature as authentication methods.
C.    Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D.    A certificate is not required on the remote peer when you set the signature as the authentication method.

Answer: AB
Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/913287/ipsec-vpn-authenticating-aremote-fortigate-peer-with-a-pre-shared-key

NEW QUESTION 143
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?

A.    DNS-based web filter and proxy-based web filter.
B.    Static URL filter, FortiGuard category filter, and advanced filters.
C.    Static domain filter, SSL inspection filter, and external connectors filters.
D.    FortiGuard category filter and rating filter.

Answer: B
Explanation:
https://fortinet121.rssing.com/chan-67705148/all_p1.html

NEW QUESTION 144
What devices form the core of the security fabric?

A.    Two FortiGate devices and one FortiManager device.
B.    One FortiGate device and one FortiManager device.
C.    Two FortiGate devices and one FortiAnalyzer device.
D.    One FortiGate device and one FortiAnalyzer device.

Answer: C
Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/425100/components

NEW QUESTION 145
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

A.    The subject field in the server certificate.
B.    The serial number in the server certificate.
C.    The server name indication (SNI) extension in the client hello message.
D.    The subject alternative name (SAN) field in the server certificate.
E.    The host field in the HTTP header.

Answer: ACD
Explanation:
https://checkthefirewall.com/blogs/fortinet/ssl-inspection

NEW QUESTION 146
An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

A.    Enable asymmetric routing, so the RPF check will be bypassed.
B.    Disable the RPF check at the FortiGate interface level for the source check.
C.    Disable the RPF check at the FortiGate interface level for the reply check.
D.    Enable asymmetric routing at the interface level.

Answer: B
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD33955

NEW QUESTION 147
Which three methods are used by the collector agent for AD polling? (Choose three.)

A.    FortiGate polling
B.    NetAPI
C.    Novell API
D.    WMI
E.    WinSecLog

Answer: BDE
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732

NEW QUESTION 148
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?

A.    IP address.
B.    Once Internet Service is selected, no other object can be added.
C.    User or User Group.
D.    FQDN address.

Answer: B
Explanation:
https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/179236/using-internet-service-in-policy

NEW QUESTION 149
What is the primary FortiGate election process when the HA override setting is disabled?

A.    Connected monitored ports -> System uptime -> Priority -> FortiGate Serial number.
B.    Connected monitored ports -> HA uptime -> Priority -> FortiGate Serial number.
C.    Connected monitored ports -> Priority -> HA uptime -> FortiGate Serial number.
D.    Connected monitored ports -> Priority -> System uptime -> FortiGate Serial number.

Answer: B
Explanation:
http://myitmicroblog.blogspot.com/2018/11/what-should-you-know-about-ha-override.html

NEW QUESTION 150
Which three statements are true regarding session-based authentication? (Choose three.)

A.    HTTP sessions are treated as a single user.
B.    IP sessions from the same source IP address are treated as a single user.
C.    It can differentiate among multiple clients behind the same source IP address.
D.    It requires more resources.
E.    It is not recommended if multiple users are behind the source NAT.

Answer: ACD

NEW QUESTION 151
An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?

A.    VLAN interface.
B.    Software Switch interface.
C.    Aggregate interface.
D.    Redundant interface.

Answer: C
Explanation:
https://forum.fortinet.com/tm.aspx?m=120324

NEW QUESTION 152
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?

A.    The administrator can register the same FortiToken on more than one FortiGate.
B.    The administrator must use a FortiAuthenticator device.
C.    The administrator can use a third-party radius OTP server.
D.    The administrator must use the user self-registration server.

Answer: B

NEW QUESTION 153
An organization’s employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

A.    Change the session-ttl.
B.    Change the login timeout.
C.    Change the idle-timeout.
D.    Change the udp idle timer.

Answer: B

NEW QUESTION 154
Which two statements are true about the RPF check? (Choose two.)

A.    The RPF check is run on the first sent packet of any new session.
B.    The RPF check is run on the first reply packet of any new session.
C.    The RPF check is run on the first sent and reply packet of any new session.
D.    RPF is a mechanism that protects FortiGate and your network from IP spoofing attacks.

Answer: AD
Explanation:
https://www.programmersought.com/article/16383871634/

NEW QUESTION 155
A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

A.    The browser requires a software update.
B.    FortiGate does not support full SSL inspection when web filtering is enabled.
C.    The CA certificate set on the SSL/SSH inspection profile has not been imported into the browser.
D.    There are network connectivity issues.

Answer: C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD41394

NEW QUESTION 156
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

A.    FG-traffic
B.    Mgmt
C.    FG-Mgmt
D.    Root

Answer: AD
Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/758820/split-task-vdom-mode

NEW QUESTION 157
……


Learning the PassLeader NSE4_FGT-6.4 dumps with VCE and PDF for 100% passing Fortinet certificationhttps://www.passleader.com/nse4-fgt-6-4.html (165 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE4_FGT-6.4 dumps for freehttps://drive.google.com/drive/folders/1FwOSZXBNhRkZ2TNK_n-fRFtpbhnCpCEM