Free NSE4_FGT-6.4 Sample Questions — Fortinet NSE 4 - FortiOS 6.4

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

• A. It limits the scanning of application traffic to the DNS protocol only
• B. It limits the scanning of application traffic to use parent signatures only
• C. It limits the scanning of application traffic to the browser-based technology category only
• D. It limits the scanning of application traffic to the application category only

An administrator does not want to report the logon events of service accounts to FortiGate. What setting on the collector agent is required to achieve this?

• A. Add the support of NTLM authentication
• B. Add user accounts to the FortiGate group filter
• C. Add user accounts to Active Directory (AD)
• D. Add user accounts to the Ignore User List

Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

• A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
• B. FortiGate supports pre-shared key and signature as authentication methods
• C. Enabling XAuth results in a faster authentication because fewer packets are exchanged
• D. certificate is not required on the remote peer when you set the signature as the authentication method

Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

• A. udp-echo
• B. DNS
• C. TWAMP
• D. ping

Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)

• A. change in the virtual IP address happens when a FortiGate device joins or leaves the cluster
• B. Heartbeat interfaces have virtual IP addresses that are manually assigned
• C. Virtual IP addresses are used to distinguish between cluster members
• D. The primary device in the cluster is always assigned IP address 169.254.0.1

Which two statements are correct about SLA targets? (Choose two.)

• A. You can configure only two SLA targets per one Performance SLA
• B. SLA targets are optional
• C. SLA targets are required for SD-WAN rules with a Best Quality strategy
• D. SLA targets are used only when referenced by an SD-WAN rule

Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

• A. FortiGuard web filter cache
• B. FortiGate hostname
• C. NTP
• D. DNS

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

• A. Source defined as Internet Services in the firewall policy
• B. Destination defined as Internet Services in the firewall policy
• C. Highest to lowest priority defined in the firewall policy
• D. Services defined in the firewall policy
• E. Lowest to highest policy ID number

Which two types of traffic are managed only by the management VDOM? (Choose two.)

• A. FortiGuard web filter queries
• B. PKI
• C. Traffic shaping
• D. DNS

How does FortiGate act when using SSL VPN in web mode?

• A. FortiGate acts as an FDS server
• B. FortiGate acts as an HTTP reverse proxy
• C. FortiGate acts as DNS server
• D. FortiGate acts as router

In which two ways can RPF checking be disabled? (Choose two.)

• A. Enable anti-replay in firewall policy
• B. Enable asymmetric routing
• C. Disable strict-src-check under system settings
• D. Disable the RPF check at the FortiGate interface level for the source check

Which of statement is true about SSL VPN web mode?

• A. The external network application sends data through the VPN
• B. It assigns a virtual IP address to the client
• C. It supports a limited number of protocols
• D. The tunnel is up while the client is connected

Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

• A. FG-traffic
• B. Mgmt
• C. FG-Mgmt
• D. Root

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

• A. The subject field in the server certificate
• B. The serial number in the server certificate
• C. The server name indication (SNI) extension in the client hello message
• D. The subject alternative name (SAN) field in the server certificate
• E. The host field in the HTTP header

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

• A. Local traffic logs
• B. Forward traffic logs
• C. System event logs
• D. Security logs

IPS Engine is used by which three security features? (Choose three.)

• A. Application control
• B. Antivirus in flow-based inspection
• C. Web filter in flow-based inspection
• D. DNS filter
• E. Web application firewall

Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)

• A. SSH
• B. HTTPS
• C. FTM
• D. FortiTelemetry

Which two statements about antivirus scanning mode are true? (Choose two.)

• A. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client
• B. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client
• C. In proxy-based inspection mode, files bigger than the buffer size are scanned
• D. In flow-based inspection mode, files bigger than the buffer size are scanned

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?

• A. IP address
• B. Once Internet Service is selected, no other object can be added
• C. User or User Group
• D. FQDN address

You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk. What is the default behavior when the local disk is full?

• A. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%
• B. No new log is recorded until you manually clear logs from the local disk
• C. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%
• D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%