November/2019 Braindump2go NSE4_FGT-6.0 Dumps with PDF and VCE New Updated Today! Following are some new NSE4_FGT-6.0 Exam Questions,
NGFW mode allows policy-based configured for most impaction rules. Which security profile’s configuration does not change when you enable policy-based impaction?
B. Web proxy
C. Web filtering
D. Application control
Which of the following FortiGate configuration tasks will create a route in the policy route table? (Choose two.)
A. SD-WAN rule created to route traffic based on link latency
B. Static route created with a Named Address object
C. SD-WAN route created for individual member interfaces
D. Static route created with an Internet Services object
Which statement about the IP authentication header (AH) used by IPsec is true?
A. AH does not provide any data integrity or encryption.
B. AH does not support perfect forward secrecy.
C. AH provides data integrity but no encryption.
D. AH provides strong data integrity but weak encryption.
If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?
A. The Services field removes the requirement of creating multiple VIPs for different services.
B. The Services field is used when several VIPs need to be bundled into VIP groups.
C. The Services field does not allow source NAT and destination NAT to be combined in the same policy.
D. The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a single computer.
Examine this explicit web proxy configuration:
What filter can be used u, the command diagnose sniffer packet to capture the traffic between the client and the explicit web pray?
A. ‘host 10.0.0.50 and port 80’ B. ‘host 192.168.0.1 and port 80’
C. ‘host 192.168.0.2 and port 8080’ D. ‘host 10.0.50.1 and port 8080’
View the exhibit.
VDOM1 is operating is transparent mode VDOM2 is operating in NAT Route mode. There is an inter- VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1.
What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)
A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.
B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.
C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.
D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.
Answer: A, C
View the exhibit.
Which of the following statements are correct? (Choose two.)
A. This is a redundant IPsec setup.
B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
C. This setup requires at least two firewall policies with action set to IPsec.
D. Dead peer detection must be disabled to support this type of IPsec setup.
Answer: A, B
What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)
A. Services defined in the firewall policy.
B. Incoming and outgoing interfaces
C. Highest to lowest priority defined in the firewall policy.
D. Lowest to highest policy ID number.
View the exhibit.
A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?
A. Addicting.Games is allowed based on the Application Overrides configuration.
B. Addicting.Games is blocked based on the Filter Overrides configuration.
C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
D. Addicting.Games is allowed based on the Categories configuration.
Which of the following static routes are not maintained in the routing table? (Choose two.)
A. Named Address routes
B. Dynamic routes
C. ISDB routes
D. Policy routes
Which Statements about virtual domains (VDOMs) arc true? (Choose two.)
A. Transparent mode and NAT/Route mode VDOMs cannot be combined on the same FortiGate.
B. Each VDOM can be configured with different system hostnames.
C. Different VLAN sub-interfaces of the same physical interface can be assigned to different VDOMs.
D. Each VDOM has its own routing table.
Answer: C, D
An administrator wants to configure a FortiGate as a DNS server FortiGate must use us DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you UM?
C. Forward to primary and secondary DNS
D. Forward to system DNS
1.|2019 Latest Braindump2go NSE4_FGT-6.0 Exam Dumps (PDF & VCE) Instant Download:
2.|2019 Latest Braindump2go NSE4_FGT-6.0 Exam Questions & Answers Instant Download: