NSE4_FGT-5.6 Online Practice Questions and Answers

Which statements about FortiGate inspection modes are true?

(Choose two.)

Response:

A. The default inspection mode is proxy based.

B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.

C. Proxy-based inspection is not available in VDOMs operating in transparent mode.

D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.

Which traffic inspection features can be executed by a security processor (SP)?

(Choose three.)

Response:

A. TCP SYN proxy

B. SIP session helper

C. Proxy-based antivirus

D. Attack signature matching

E. Flow-based web filtering

A FortiGate interface is configured with the following commands:

What statements about the configuration are correct?

(Choose two.)

Response:

A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.

B. FortiGate can provide DNS settings to IPv6 clients.

C. FortiGate can send IPv6 router advertisements (RAs.)

D. FortiGate can provide IPv6 addresses to DHCPv6 client.

You have configured the following log settings on the Log Settings page. Which configurations are now

required to generate log messages on traffic coming through your network?

(Choose two.)

Response:

A. Enable Log Allowed Traffic on your firewall policy.

B. Enable Local Traffic Log on the Log Settings page.

C. Enable Historical FortiView on the Log Settings page.

D. Enable a security profile on your firewall policy.

E. Enable Capture Packets on your firewall policy.

Under which circumstance is the IPsec ESP traffic encapsulated over UDP? Response:

A. When using IKE version 2 (IKEv2)

B. When the phase 1 is configured to use aggressive mode

C. When the IPsec VPN is configured as dial-up

D. When NAT-T detects there is a device between both IPsec peers doing NAT over the IPsec traffic

Which file names will match the *.tiff file name pattern configured in a DLP filter?

(Choose two.)

Response:

A. tiff.jpeg

B. tiff.tiff

C. gif.tiff

D. tiff.png

What FortiGate feature can be used to block a ping sweep scan from an attacker? Response:

A. Web application firewall (WAF)

B. Rate based IPS signatures

C. One-arm sniffer

D. DoS policies

An administrator needs to be able to view logs for application usage on your network. What configurations

are required to ensure that FortiGate generates logs for application usage activity?

(Choose two.)

Response:

A. Enable a web filtering profile on the firewall policy.

B. Create an application control policy.

C. Enable logging on the firewall policy.

D. Enable an application control security profile on the firewall policy.

Which component of FortiOS performs application control inspection? Response:

A. Kernel

B. Antivirus engine

C. IPS engine

D. Application control engine

Which of the following statements are true regarding the SD-WAN feature on FortiGate?

(Choose two.)

Response:

A. An SD-WAN static route does not require a next-hop gateway IP address.

B. Each member interface requires its own firewall policy to allow traffic.

C. SD-WAN provides route failover protection, but cannot load-balance traffic.

D. FortiGate supports only one SD-WAN interface per VDOM.