NSE4_FGT-6.4 Online Practice Questions and Answers

Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?

A. Subject Key Identifier value

B. SMMIE Capabilities value

C. Subject value

D. Subject Alternative Name value

Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) tor Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

A. The SSL inspection needs to be a deep content inspection.

B. Force access to Facebook using the HTTP service.

C. Additional application signatures are required to add to the security policy.

D. Add Facebook in the URL category in the security policy.

A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.

Which statements about the VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

A. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

B. The two VLAN sub interfaces must have different VLAN IDs.

C. The two VLAN sub interfaces can have the same VLAN ID, only if they belong to different VDOMs.

D. The two VLAN sub interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?

A. Denial of Service

B. Web application firewall

C. Antivirus

D. Application control

Which of the following SD-WAN load 璪alancing method use interface weight value to distribute traffic? (Choose two.)

A. Source IP

B. Spillover

C. Volume

D. Session

Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

A. Shut down/reboot a downstream FortiGate device.

B. Disable FortiAnalyzer logging for a downstream FortiGate device.

C. Log in to a downstream FortiSwitch device.

D. Ban or unban compromised hosts.

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

A. System event logs

B. Forward traffic logs

C. Local traffic logs

D. Security logs

Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

A. SMTP.Login.Brute.Force

B. IMAP.Login.brute.Force

C. ip_src_session

D. Location: server Protocol: SMTP

Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme,

users, and firewall address.

An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies.

The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a

form-based authentication scheme for the FortiGate local user database.

Users will be prompted for authentication.

How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP

10.0.1.10 to the destination http://www.fortinet.com? (Choose two.)

A. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

B. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

C. If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

D. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA?

A. The public key of the web server certificate must be installed on the browser.

B. The web-server certificate must be installed on the browser.

C. The CA certificate that signed the web-server certificate must be installed on the browser.

D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.