NSE4_FGT-6.4 Online Practice Questions and Answers

Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

A. The SSL inspection needs to be a deep content inspection.

B. Force access to Facebook using the HTTP service.

C. Additional application signatures are required to add to the security policy.

D. Add Facebook in the URL category in the security policy.

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

A. Addicting.Games is allowed based on the Application Overrides configuration.

B. Addicting.Games is blocked on the Filter Overrides configuration.

C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D. Addcting.Games is allowed based on the Categories configuration.

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

A. Heartbeat interfaces have virtual IP addresses that are manually assigned.

B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.

C. Virtual IP addresses are used to distinguish between cluster members.

D. The primary device in the cluster is always assigned IP address 169.254.0.1.

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.

Which two other security profiles can you apply to the security policy? (Choose two.)

A. Antivirus scanning

B. File filter

C. DNS filter

D. Intrusion prevention

Refer to the FortiGuard connection debug output.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

A. A local FortiManager is one of the servers FortiGate communicates with.

B. One server was contacted to retrieve the contract information.

C. There is at least one server that lost packets consecutively.

D. FortiGate is using default FortiGuard communication settings.

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

A. Firewall policy

B. Policy rule

C. Security policy

D. SSL inspection and authentication policy

Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option. What will be the impact of using Include in every user group option in a RADIUS configuration?

A. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

B. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

C. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

D. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

An administrator must disable RPF check to investigate an issue.

Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

A. Enable asymmetric routing, so the RPF check will be bypassed.

B. Disable the RPF check at the FortiGate interface level for the source check.

C. Disable the RPF check at the FortiGate interface level for the reply check.

D. Enable asymmetric routing at the interface level.

If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?

A. The Services field prevents SNAT and DNAT from being combined in the same policy.

B. The Services field is used when you need to bundle several VIPs into VIP groups.

C. The Services field removes the requirement to create multiple VIPs for different services.

D. The Services field prevents multiple sources of traffic from using multiple services to connect to a single computer.

Which of statement is true about SSL VPN web mode?

A. The tunnel is up while the client is connected.

B. It supports a limited number of protocols.

C. The external network application sends data through the VPN.

D. It assigns a virtual IP address to the client.