NSE4_FGT-5.6 Online Practice Questions and Answers

What is Diffie Hellman? Response:

A. An algorithm and agreement method for two peers to independently calculate a common private key after sharing only their public keys

B. An algorithm for generating a public and private key

C. An agreement method for authenticating two peers using a pre-shared key

D. An agreement method for negotiating an IKE security association (SA)

Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels? Response:

A. The FortiGate is able to handle NATed connections only with aggressive mode.

B. FortiClient supports aggressive mode.

C. The remote peers are able to provide their peer IDs in the first message with aggressive mode.

D. Main mode does not support XAuth for user authentication.

What statement is true regarding web profile overrides? Response:

A. It is not possible to completely override a web filter profile.

B. Configured users can activate this setting through an override link on the FortiGuard block page.

C. This feature is available only in flow-based inspection.

D. It is used to change the website category

FortiGate scans packets for matches in a specific order for application control. Which option provides the correct sequence order?

Response:

A. Static domain overrides -> application overrides -> filter overrides

B. Categories -> application overrides -> filter overrides

C. Application overrides -> filter overrides -> categories

D. Rate based overrides -> filter overrides -> categories

View the Exhibit.

The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet.

The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1.

What ping option needs to be enabled before running the ping?

Response:

A. Execute ping-options source port1

B. Execute ping-options source 10.200.1.1.

C. Execute ping-options source 10.200.1.2

D. Execute ping-options source 10.0.1.254

If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

Response:

A. It blocks all future traffic for that IP address for a configured interval.

B. It archives the data for that IP address.

C. It provides a DLP block replacement page with a link to download the file.

D. It notifies the administrator by sending an email.

Which of the following are factory default settings on a FortiGate?

(Choose two.)

Response:

A. Administrative account is admin

B. Password for administrative access is Fortinet

C. Port1 (or internal) interface IP is 192.168.1.99/24

D. Default gateway IP is 192.168.1.1 using porn (or internal) interface

E. Mode of operation is transparent

Which of the following network settings can an IPsec gateway assign to an IPsec client using IP config

mode?

(Choose two.)

Response:

A. Quick mode selectors

B. DNS IP address

C. NAT-T

D. IP address

Which FortiGate interface does source device type enable device detection on? Response:

A. All interfaces of FortiGate

B. Source interface of the firewall policy only

C. Destination interface of the firewall policy only

D. Both source interface and destination interface of the firewall policy

What methods can a web browser use to learn the URL where a web proxy PAC file is located?

(Choose two.)

Response:

A. Manually configuring the PAC's URL in the browser settings.

B. Using WPAD.

C. Manually appending the PAC URL to the destination server URL.

D. Using the Forwarded HTTP header.