CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE4_FGT-6.4

Free NSE4_FGT-6.4 Exam Braindumps (page: 3)

Page 3 of 43
PDF with 163 Questions

Refer to the exhibit.



The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10 .0.1.254. /24. The first firewall policy has NAT enabled using IP Pool. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?

  1. 10.200.1.1
  2. 10.200.3.1
  3. 10.200.1.100
  4. 10.200.1.10

Answer(s): A


Reference:

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-firewall/Concepts%20- %20Firewall/Static%20NAT.htm



Refer to the exhibits to view the firewall policy (Exhibit A) and the antivirus profile (Exhibit B).





Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?

  1. The firewall policy performs the full content inspection on the file.
  2. The flow-based inspection is used, which resets the last packet to the user.
  3. The volume of traffic being inspected is too high for this model of FortiGate.
  4. The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

Answer(s): B



Which two statements about antivirus scanning mode are true? (Choose two.)

  1. In proxy-based inspection mode, files bigger than the buffer size are scanned.
  2. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
  3. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.
  4. In flow-based inspection mode, files bigger than the buffer size are scanned.

Answer(s): B,C



Refer to the exhibit.



Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)

  1. There are five devices that are part of the security fabric.
  2. Device detection is disabled on all FortiGate devices.
  3. This security fabric topology is a logical topology view.
  4. There are 19 security recommendations for the security fabric.

Answer(s): C,D






Post your Comments and Discuss Fortinet NSE4_FGT-6.4 exam with other Community members:

NSE4_FGT-6.4 Exam Discussions & Posts