NSE4_FGT-6.0 Online Practice Questions and Answers

Which of the following services can be inspected by the DLP profile? (Choose three.)

A. NFS

B. FTP

C. IMAP

D. CIFS

E. HTTP-POST

View the exhibit.

Which of the following statements are correct? (Choose two.)

A. This setup requires at least two firewall policies with the action set to IPsec.

B. Dead peer detection must be disabled to support this type of IPsec setup.

C. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

D. This is a redundant IPsec setup.

When override is enabled, which of the following shows the process and selection criteria that are used to elect the primary FortiGate in an HA cluster?

A. Connected monitored ports > HA uptime > priority > serial number

B. Priority > Connected monitored ports > HA uptime > serial number

C. Connected monitored ports > priority > HA uptime > serial number

D. HA uptime > priority > Connected monitored ports > serial number

An administrator is running the following sniffer command:

diagnose sniffer packet any "host 10.0.2.10" 3

What information will be included in the sniffer output? (Choose three.)

A. IP header

B. Ethernet header

C. Packet payload

D. Application header

E. Interface name

Which statements about antivirus scanning mode are true? (Choose two.)

A. In proxy-based inspection mode antivirus buffers the whole file for scarring before sending it to the client.

B. In flow-based inspection mode, you can use the CLI to configure antivirus profiles to use protocol option profiles.

C. In proxy-based inspection mode, if a virus is detected, a replacement message may not be displayed immediately.

D. In quick scan mode, you can configure antivirus profiles to use any of the available signature data bases.

View the following exhibit, which shows the firewall policies and the object uses in the firewall policies.

The administrator is using the Policy Lookup feature and has entered the search create shown in the following exhibit.

Which of the following will be highlighted based on the input criteria?

A. Policy with ID1.

B. Policies with ID 2 and 3.

C. Policy with ID 5.

D. Policy with ID 4.

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A. The interface has been configured for one-arm sniffer.

B. The interface is a member of a virtual wire pair.

C. The operation mode is transparent.

D. The interface is a member of a zone.

E. Captive portal is enabled in the interface.

Examine the IPS sensor configuration shown in the exhibit, and then answer the question below.

An administrator has configured the WINDOS_SERVERS IPS sensor in an attempt to determine

whether the influx of HTTPS traffic is an attack attempt or not. After applying the IPS sensor, FortiGate is

still not generating any IPS logs for the HTTPS traffic.

What is a possible reason for this?

A. The IPS filter is missing the Protocol: HTTPS option.

B. The HTTPS signatures have not been added to the sensor.

C. A DoS policy should be used, instead of an IPS sensor.

D. The firewall policy is not using a full SSL inspection profile.

Which statement about DLP on FortiGate is true?

A. It can archive files and messages.

B. It can be applied to a firewall policy in a flow-based VDOM

C. Traffic shaping can be applied to DLP sensors.

D. Files can be sent to FortiSandbox for detecting DLP threats.

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games). Based on this configuration, which statement is true?

A. Addicting.Games is allowed based on the Application Overrides configuration.

B. Addicting.Games is blocked on the Filter Overrides configuration.

C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Learn.

D. Addcting.Games is allowed based on the Categories configuration.