NSE4_FGT-6.0 Online Practice Questions and Answers

When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

A. Connected monitored ports > HA uptime > priority > serial number

B. Priority > Connected monitored ports > HA uptime > serial number

C. Connected monitored ports > priority > HA uptime > serial number

D. HA uptime > priority > Connected monitored ports > serial number

An administrator is running the following sniffer command:

diagnose sniffer packet any "host 10.0.2.10" 3

What information will be included in the sniffer output? (Choose three.)

A. IP header

B. Ethernet header

C. Packet payload

D. Application header

E. Interface name

View the certificate shown to the exhibit, and then answer the following question: The CA issued this certificate to which entity?

A. A root CA

B. A person

C. A bridge CA

D. A subordinate CA

Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?

A. By default, FortiGate uses WINS servers to resolve names.

B. By default, the SSL VPN portal requires the installation of a client's certificate.

C. By default, split tunneling is enabled.

D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.

Which Statements about virtual domains (VDOMs) arc true? (Choose two.)

A. Transparent mode and NAT/Route mode VDOMs cannot be combined on the same FortiGate.

B. Each VDOM can be configured with different system hostnames.

C. Different VLAN sub-interface of the same physical interface can be assigned to different VDOMs.

D. Each VDOM has its own routing table.

What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Traffic to botnetservers

B. Traffic to inappropriate web sites

C. Server information disclosure attacks

D. Credit card data leaks

E. SQL injection attacks

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scope of application control to the browser-based technology category only.

B. It limits the scope of application control to scan application traffic based on application category only.

C. It limits the scope of application control to scan application traffic using parent signatures only

D. It limits the scope of application control to scan application traffic on DNS protocol only.

The FSSO Collector Agent set to advanced access mode for the Windows Active Directory uses which of the following?

A. LDAP convention B. NTLM convention

C. Windows convention ?NetBios\Username

D. RSSO convention

How do you format the FortiGate flash disk?

A. Load a debug FortiOS image.

B. Load the hardware test (HQIP) image.

C. Execute the CLI command execute formatlogdisk.

D. Select the format boot device option from the BIOS menu.

If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?

A. The Services field removes the requirement of creating multiple VIPs for different services.

B. The Services field is used when several VIPs need to be bundled into VIP groups.

C. The Services field does not allow source NAT and destination NAT to be combined in the same policy.

D. The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a single computer.