CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-6.0

Free NSE4_FGT-6.0 Exam Braindumps (page: 7)

Page 7 of 32
PDF with 127 Questions

View the exhibit.



Which of the following statements are correct? (Choose two.)

  1. This setup requires at least two firewall policies with the action set to IPsec.
  2. Dead peer detection must be disabled to support this type of IPsec setup.
  3. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  4. This is a redundant IPsec setup.

Answer(s): C,D



Which one of the following processes is involved in updating IPS from FortiGuard?

  1. FortiGate IPS update requests are sent using UDP port 443.
  2. Protocol decoder update requests are sent to service.fortiguard.net.
  3. IPS signature update requests are sent to update.fortiguard.net.
  4. IPS engine updates can only be obtained using push updates.

Answer(s): C



How does FortiGate select the central SNAT policy that is applied to a TCP session?

  1. It selects the SNAT policy specified in the configuration of the outgoing interface.
  2. It selects the first matching central SNAT policy, reviewing from top to bottom.
  3. It selects the central SNAT policy with the lowest priority.
  4. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Answer(s): B



Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

  1. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.
  2. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPSec.
  3. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.
  4. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

Answer(s): B,C



Page 7 of 32



Post your Comments and Discuss Fortinet NSE4_FGT-6.0 exam with other Community members:

jack commented on May 18, 2019
Doing the exam today
Anonymous
upvote

D.L commented on January 26, 2019
What an amazing site and product. It helped me pass. Good value for the buck.
SWEDEN
upvote