Free NSE4_FGT-6.4 Exam Dumps

No Installation Required, Instantly Prepare for the NSE4_FGT-6.4 exam and please click the below link to start the NSE4_FGT-6.4 Exam Simulator with a real NSE4_FGT-6.4 practice exam questions.
Use directly our on-line NSE4_FGT-6.4 exam dumps materials and try our Testing Engine to pass the NSE4_FGT-6.4 which is always updated.

Exam Code: NSE4_FGT-6.4
Exam Title: Fortinet NSE 4 - FortiOS 6.4
Vendor: Fortinet
Exam Questions: 163
Last Updated: July 3rd,2024

Question 1

An administrator is configuring an Ipsec between site A and siteB. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24. How must the administrator configure the local quick mode
selector for site B?

A. A.-192.168.3.0/24B.192.168.2.0/24C.192.168.1.0/24D.192.168.0.0/8

Correct Answer:B

Question 2

Which statement about the IP authentication header (AH) used by IPsec is true?

A. AH does not provide any data integrity or encryption.
B. AH does not support perfect forward secrecy.
C. AH provides data integrity bur no encryption.
D. AH provides strong data integrity but weak encryption.

Correct Answer:C

Question 3

An administrator has configured the following settings:
NSE4_FGT-6.4 dumps exhibit
What are the two results of this configuration? (Choose two.)

A. Device detection on all interfaces is enforced for 30 minutes.
B. Denied users are blocked for 30 minutes.
C. A session for denied traffic is created.
D. The number of logs generated by denied traffic is reduced.

Correct Answer:CD

Question 4

Examine the exhibit, which contains a virtual IP and firewall policy configuration.
NSE4_FGT-6.4 dumps exhibit

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

A. 10.200.1.10
B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
C. 10.200.1.1
D. 10.0.1.254

Correct Answer:B
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall Objects/Virtual IPs.

Question 5

Which statement regarding the firewall policy authentication timeout is true?

A. It is an idle timeou
B. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP.
C. It is a hard timeou
D. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired.
E. It is an idle timeou
F. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC.
G. It is a hard timeou
H. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired.

Correct Answer:A