NSE4_FGT-6.0 Online Practice Questions and Answers

Which of the following FortiGate configuration tasks will create a route in the policy route table? (Choose two.)

A. Static route created with a Named Address object

B. Static route created with an Internet Services object

C. SD-WAN route created for individual member interfaces

D. SD-WAN rule created to route traffic based on link latency

An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

A. Both interfaces must belong to the same forward domain.

B. The role of the VLAN10 interface must be set to server.

C. Both interfaces must have the same VLAN ID.

D. Both interfaces must be in different VDOMs.

How does FortiGate select the central SNAT policy that is applied to a TCP session?

A. It selects the SNAT policy specified in the configuration of the outgoing interface.

B. It selects the first matching central SNAT policy, reviewing from top to bottom.

C. It selects the central SNAT policy with the lowest priority.

D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Examine this FortiGate configuration: How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires authorization?

A. It always authorizes the traffic without requiring authentication.

B. It drops the traffic.

C. It authenticates the traffic using the authentication scheme SCHEME2.

D. It authenticates the traffic using the authentication scheme SCHEME1.

Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

A. Log downloads from the GUI are limited to the current filter view

B. Log backups from the CLI cannot be restored to another FortiGate.

C. Log backups from the CLI can be configured to upload to FTP as a scheduled time

D. Log downloads from the GUI are stored as LZ4 compressed files.

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. How must the administrator configure the local quick mode selector for site B?

A. 192.168.3.0/24

B. 192.168.2.0/24

C. 192.168.1.0/24

D. 192.168.0.0/8

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

A. The firmware image must be manually uploaded to each FortiGate.

B. Only secondary FortiGate devices are rebooted.

C. Uninterruptable upgrade is enabled by default.

D. Traffic load balancing is temporally disabled while upgrading the firmware.

An administrator needs to create an SSL-VPN connection for accessing an internal server using the bookmark Port Forward. What step is required for this configuration?

A. Configure an SSL VPN realm for clients to use the port forward bookmark.

B. Configure the client application to forward IP traffic through FortiClient.

C. Configure the virtual IP address to be assigned to the SSL VPN users.

D. Configure the client application to forward IP traffic to a Java applet proxy.

Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

A. SMTP.Login.Brute.Force

B. IMAP.Login.brute.Force

C. ip_src_session

D. Location: server Protocol: SMTP

Examine the network diagram shown in the exhibit, and then answer the following question:

A firewall administrator must configure equal cost multipath (ECMP) routing on FGT1 to ensure both port1 and port3 links are used at the same time for all traffic destined for 172.20.2.0/24. Which of the following static routes will satisfy this requirement on FGT1? (Choose two.)

A. 172.20.2.0/24 (1/0) via 10.10.1.2, port1 [0/0]

B. 172.20.2.0/24 (25/0) via 10.30.3.2, port3 [5/0]

C. 172.20.2.0/24 (25/0) via 10.10.1.2, port1 [5/0]

D. 172.20.2.0/24 (1/150) via 10.30.3.2, port3 [10/0]