CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-6.0

Free NSE4_FGT-6.0 Exam Braindumps (page: 11)

Page 10 of 32
PDF with 127 Questions

Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

  1. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
  2. FortiGate is able to handle NATed connections only in aggressive mode.
  3. FortiClient only supports aggressive mode.
  4. Main mode does not support XAuth for user authentication.

Answer(s): A



Examine this output from a debug flow:



Why did the FortiGate drop the packet?

  1. The next-hop IP address is unreachable.
  2. It failed the RPF check.
  3. It matched an explicitly configured firewall policy with the action DENY.
  4. It matched the default implicit firewall policy.

Answer(s): D



View the exhibit:



The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:



What should be done next to troubleshoot the problem?

  1. Run a sniffer in the web server.
  2. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
  3. Capture the traffic using an external sniffer connected to port1.
  4. Execute a debug flow.

Answer(s): D



Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

  1. They can be configured in both NAT/Route and transparent operation modes.
  2. They support L2TP-over-IPsec.
  3. They require two firewall policies: one for each directions of traffic flow.
  4. They support GRE-over-IPsec.

Answer(s): A,B






Post your Comments and Discuss Fortinet NSE4_FGT-6.0 exam with other Community members:

NSE4_FGT-6.0 Discussions & Posts