NSE4_FGT-6.4 Exam - Free Fortinet Questions and Answers

Question #1 (Topic: Topic 1)

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A. By default, all interfaces are part of the same broadcast domain. B. The existing network IP schema must be changed when installing a transparent mode FortiGate in the network. C. Static routes are required to allow traffic to the next hop. D. FortiGate forwards frames without changing the MAC address.

Answer: AD

Question #2 (Topic: Topic 1)

What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Full Content inspection B. Proxy-based inspection C. Certificate inspection D. Flow-based inspection

Answer: D

Question #3 (Topic: Topic 1)

Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password. B. FortiGate supports pre-shared key and signature as authentication methods. C. Enabling XAuth results in a faster authentication because fewer packets are exchanged. D. A certificate is not required on the remote peer when you set the signature as the authentication method.

Answer: AB

Question #4 (Topic: Topic 1)

Which scanning technique on FortiGate can be enabled only on the CLI?

A. Heuristics scan B. Trojan scan C. Antivirus scan D. Ransomware scan

Answer: A

Question #5 (Topic: Topic 1)

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

A. Firewall policy B. Policy rule C. Security policy D. SSL inspection and authentication policy

Answer: AB

Fortinet NSE4_FGT-6.4 - Fortinet NSE 4 - FortiOS 6.4 Exam