Free Fortinet NSE4_FGT-6.4 Exam Dumps and NSE4

Question No: 1

MultipleChoice

Refer to the exhibit.

Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP.Login.Failed signature to the IPS sensor profile?

Options

AThe signature setting uses a custom rating threshold.

BThe signature setting includes a group of other signatures.

CTraffic matching the signature will be allowed and logged.

DTraffic matching the signature will be silently dropped and logged.

Question No: 2

MultipleChoice

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

Options

AAddicting.Games is allowed based on the Application Overrides configuration.

BAddicting.Games is blocked on the Filter Overrides configuration.

CAddicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

DAddcting.Games is allowed based on the Categories configuration.

Question No: 3

MultipleChoice

Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.

An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.

The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

Options

AIf a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

BIf a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

CIf a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

DIf a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

Question No: 4

MultipleChoice

An administrator Is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site

Options

Athe local quick mode selector is 192.160.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?

A192.168.1.0/24

B192.168.0.0/24

C192.168.2.0/24

D192.168.3.0/24

Question No: 5

MultipleChoice

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access internet. The To_lnternet VDOM is the only VDOM with internet access and is directly connected to ISP modem.

Which two statements are true? (Choose two.)

Options

AInter-VDOM links are required to allow traffic between the Local and Root VDOMs.

BA static route is required on the To_Internet VDOM to allow LAN users to access the internet.

CInter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

DInter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Question No: 6

MultipleChoice

Which statement about the policy ID number of a firewall policy is true?

D18912E1457D5D1DDCBD40AB3BF70D5D

Options

AIt is required to modify a firewall policy using the CLI.

BIt represents the number of objects used in the firewall policy.

CIt changes when firewall policies are reordered.

DIt defines the order in which rules are processed.

Question No: 7

MultipleChoice

D18912E1457D5D1DDCBD40AB3BF70D5D

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Options

AFortiGate automatically negotiates different local and remote addresses with the remote peer.

BFortiGate automatically negotiates a new security association after the existing security association expires.

CFortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

DFortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.