Free NSE4_FGT-6.4 Exam Braindumps (page: 6)

Page 5 of 43

Which two statements are true about the FGCP protocol? (Choose two.)

  1. Not used when FortiGate is in Transparent mode
  2. Elects the primary FortiGate device
  3. Runs only over the heartbeat links
  4. Is used to discover FortiGate devices in different HA groups

Answer(s): B,C



Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?

  1. get system status
  2. get system performance status
  3. diagnose sys top
  4. get system arp

Answer(s): D



An administrator has configured two-factor authentication to strengthen SSL VPN access.
Which additional best practice can an administrator implement?

  1. Configure Source IP Pools.
  2. Configure split tunneling in tunnel mode.
  3. Configure different SSL VPN realms.
  4. Configure host check.

Answer(s): D



A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down

* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)

  1. Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
  2. Enable Dead Peer Detection.
  3. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
  4. Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Answer(s): B,C






Post your Comments and Discuss Fortinet NSE4_FGT-6.4 exam with other Community members:

Exam Discussions & Posts