Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-5.6

Fortinet NSE4_FGT-5.6 Exam
Fortinet NSE 4 - FortiOS 5.6 (Page 3 )

Updated On: 7-Feb-2026
Page 3 of 38
PDF with 185 Questions

Firewall policies dictate whether a user or device can (or cannot) authenticate to a network.
Which statements are true regarding firewall authentication? (Choose two.)

  1. In order to authenticate a specific user, the firewall policy must include .., both the IP address and the user as the source.
  2. Firewall policies can be configured to authenticate certificate users.
  3. Users are forced to actively authenticate when the following protocols are disabled in the firewall policy: HTTP, HTTPS, FTP, Telnet.
  4. The order of the firewall policies always determine whether a user's credentials are determined actively or passively.

Answer(s): A,B



View the exhibit. You are trying to go to http://www.clailymotion.com (Dailymotion) from the computer behind the FortiGate.
Which statement is correct regarding this application control profile?



  1. Dailymotion will be blocked, as the Video/Audio category is blocked.
  2. Dailymotion will be allowed, based on application overrides.
  3. Dailymotion will be blocked, based on filter overrides.
  4. Dailymotion will be allowed only if the action for Dailymotion is set to authenticate in application overrides.

Answer(s): B



What statement describes what DNS64 does?

  1. Converts DNS A record lookups to AAAA record lookups.
  2. Translates the destination IPv6 address of the DNS traffic to an IPv4 address.
  3. Synthesizes DNS AAAA records from A records.
  4. Translates the destination IPv4 address of the DNS traffic to an IPv6 address.

Answer(s): B



What information is flushed when the chunk-size value is changed in the config dlp settings? Response:

  1. The database for DLP document fingerprinting
  2. The supported file types in the DLP filters
  3. The archived files and messages
  4. The file name patterns in the DLP filters

Answer(s): A



What step is required to configure an SSL VPN to access to an internal server using port forward mode?

  1. Configure the virtual IP addresses to be assigned to the SSL VPN users.
  2. Install FortiClient SSL VPN client
  3. Create a SSL VPN realm reserved for clients using port forward mode.
  4. Configure the client application to forward IP traffic to a Java applet proxy.

Answer(s): D






Post your Comments and Discuss Fortinet NSE4_FGT-5.6 exam prep with other Community members:

Join the NSE4_FGT-5.6 Discussion