NSE4 6.0 UPDATED Exam Questions and CORRECT Answers
1 view 0 purchase
Course
NSE4 6.0
Institution
NSE4 6.0
NSE4 6.0 UPDATED Exam Questions and
CORRECT Answers
What files are sent to FortiSandbox for inspection in flow-based inspection mode?
A. All suspicious files that do not have their hash value in the FortiGuard antivirus signature
database.
B. All suspicious files that are above the defined o...
NSE4 6.0 UPDATED Exam Questions and
CORRECT Answers
What files are sent to FortiSandbox for inspection in flow-based inspection mode?
A. All suspicious files that do not have their hash value in the FortiGuard antivirus signature
database.
B. All suspicious files that are above the defined oversize limit value in the protocol options.
C. All suspicious files that match patterns defined in the antivirus profile.
D. All suspicious files that are allowed to be submitted to FortiSandbox in the antivirus
profile. - Correct Answer- C
Which statements about a One-to-One IP pool are true? (Choose two.)
A. It is used for destination NAT.
B. It allows the fixed mapping of an internal address range to an external address range.
C. It does not use port address translation.
D. It allows the configuration of ARP replies. - Correct Answer- B,C
Which of the following FortiGate configuration tasks will create a route in the policy route
table? (Choose two.)
A. Static route created with a Named Address object
B. Static route created with an Internet Services object
C. SD-WAN route created for individual member interfaces
D. SD-WAN rule created to route traffic based on link latency - Correct Answer- A,B
A company needs to provide SSL VPN access to two user groups. The company also needs to
display different welcome messages on the SSL VPN login screen
for both user groups.
What is required in the SSL VPN configuration to meet these requirements?
,A. Different SSL VPN realms for each group.
B. Two separate SSL VPNs in different interfaces mapping the same ssl.root.
C. Two firewall policies with different captive portals.
D. Different virtual SSL VPN IP addresses for each group. - Correct Answer- A
An administrator is investigating a report of users having intermittent issues with browsing
the web. The administrator ran diagnostics and received the output shown in the exhibit:
Examine the diagnostic output shown exhibit. Which of the following options is the most
likely cause of this issue?
A. NAT port exhaustion
B. High CPU usage
C. High memory usage
D. High session timeout value - Correct Answer- A
An administrator has configured central DNAT and virtual IPs. Which of the following can be
selected in the firewall policy Destination field?
A. A VIP group
B. The mapped IP address object of the VIP object
C. A VIP object
D. An IP pool - Correct Answer- B
An administrator needs to strengthen the security for SSL VPN access. Which of the
following statements are best practices to do so? (Choose three.)
A. Configure split tunneling for content inspection.
B. Configure host restrictions by IP or MAC address.
, C. Configure two-factor authentication using security certificates.
D. Configure SSL offloading to a content processor (FortiASIC).
E. Configure a client integrity check (host-check). - Correct Answer- B,C,E
Which statement about FortiGuard services for FortiGate is true?
A. The web filtering database is downloaded locally on FortiGate.
B. Antivirus signatures are downloaded locally on FortiGate.
C. FortiGate downloads IPS updates using UDP port 53 or 8888.
D. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates. -
Correct Answer- B
Which of the following route attributes must be equal for static routes to be eligible for equal
cost multipath (ECMP) routing? (Choose two.)
A. Priority
B. Metric
C. Distance
D. Cost - Correct Answer- A,C
Which statement is true regarding the policy ID number of a firewall policy?
A. Defines the order in which rules are processed.
B. Represents the number of objects used in the firewall policy.
C. Required to modify a firewall policy using the CLI.
D. Changes when firewall policies are reordered. - Correct Answer- C
Which statement is true regarding SSL VPN timers? (Choose two.)
A. Allow to mitigate DoS attacks from partial HTTP requests.
B. SSL VPN settings do not have customizable timers.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MGRADES. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
