CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-6.4

Free NSE4_FGT-6.4 Exam Braindumps

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

  1. The firmware image must be manually uploaded to each FortiGate.
  2. Only secondary FortiGate devices are rebooted.
  3. Uninterruptable upgrade is enabled by default.
  4. Traffic load balancing is temporally disabled while upgrading the firmware.

Answer(s): C,D



Refer to the exhibit.


Which contains a PerformanceSLA configuration.
An administrator has configured a performance SLA on FortiGate. Which failed to generate any traffic. Why is FortiGate not generating any traffic for the performance SLA?

  1. Participants configured are not SD-WAN members.
  2. There may not be a static route to route the performance SLA traffic.
  3. The Ping protocol is not supported for the public servers that are configured.
  4. You need to turn on the Enable probe packets switch.

Answer(s): D



A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
*All traffic must be routed through the primary tunnel when both tunnels are up
*The secondary tunnel must be used only if the primary tunnel goes down
*In addition, FortiGate should be able to detect a dead tunnel to speed up tunnelfailover
Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two, )

  1. Enable Dead Peer Detection.
  2. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
  3. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
  4. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the state route for the secondary tunnel.

Answer(s): A



Which statement regarding the firewall policy authentication timeout is true?

  1. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.
  2. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.
  3. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MA
  4. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

Answer(s): A






Post your Comments and Discuss Fortinet NSE4_FGT-6.4 exam with other Community members:

Masssy commented on July 03, 2021
Bohod Achhaa yar. Exact questions from real test.
INDIA
upvote

Danny commented on July 03, 2021
Well-put and very precise. It contains all the questions in real exam.
CANADA
upvote