Free to share the latest updated Fortinet NSE4_FGT-6.4 exam questions and answers, all exam questions come from the exam laboratory and real-question cracking. All Fortinet NSE4_FGT-6.4 exam questions shared on this site are provided by Lead4Pass exam experts. You can get the latest NSE4_FGT-6.4 dumps, NSE4_FGT-6.4 pdf, NSE4_FGT-6.4 exam questions here. Get the complete NSE4_FGT-6.4 dumps exam path: https://www.leads4pass.com/nse4_fgt-6-4.html (Q&A: 155). All Fortinet NSE4_FGT-6.4 exam questions have been updated and the answers have been corrected!
Make sure your exam questions are true and valid to help you pass the first exam!
[Fortinet NSE4_FGT-6.4 exam pdf] Fortinet NSE4_FGT-6.4 exam PDF uploaded from google drive, online download provided by the latest update of Lead4pass:
https://drive.google.com/file/d/1nr6xFEyW6ACkj7j7juT_LjhYuoxZb8Lc/
Latest update Fortinet NSE4_FGT-6.4 exam questions and answers online practice test
QUESTION 1
Examine the two static routes shown in the exhibit, then answer the following question.
Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?
A. FortiGate will load balance all traffic across both routers.
B. FortiGate will use the port1 route as the primary candidate.
C. FortiGate will route twice as much traffic to the port2 route
D. FortiGate will only actuate the port1 route in the routing table
Correct Answer: B
“If multiple static routes have the same distance, they are all active; however, only the one with the lowest priority is
considered the best path.”
QUESTION 2
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose
two.)
A. FortiGuard web filter cache
B. FortiGate hostname
C. NTP
D. DNS
Correct Answer: CD
QUESTION 3
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
A. A CRL
B. A person
C. A subordinate CA
D. A root CA
Correct Answer: D
QUESTION 4
Refer to the exhibit, which contains a static route configuration.
An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to
view the route?
A. get router info routing-table all
B. get an internet service route list
C. get router info routing-table database
D. diagnose firewall route list
Correct Answer: A
Reference: https://docs.fortinet.com/document/fortigate/latest/administration-guide/139692/routingconcepts
QUESTION 5
Which three methods are used by the collector agent for AD polling? (Choose three.)
A. FortiGate polling
B. NetAPI
C. Novell API
D. WMI
E. WinSecLog
Correct Answer: BDE
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47732
QUESTION 6
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance
SLA? (Choose two.)
A. DNS
B. ping
C. UDP-echo
D. TWAMP
Correct Answer: AC
QUESTION 7
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
A. By default, FortiGate uses WINS servers to resolve names.
B. By default, the SSL VPN portal requires the installation of a client\\’s certificate.
C. By default, split tunneling is enabled.
D. By default, the admin GUI and SSL VPN portal use the same HTTPS port.
Correct Answer: D
QUESTION 8
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
A. Fabric Coverage
B. Automated Response
C. Security Posture
D. Optimization
Correct Answer: A
Reference: https://www.fortinet.com/content/dam/fortinet/assets/support/fortinet-recommendedsecuritybestpractices.pdf
QUESTION 9
Refer to the exhibits.
The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to
SSL VPN?
A. Change the SSL VPN port on the client.
B. Change the Server IP address.
C. Change the idle timeout.
D. Change the SSL VPN portal to the tunnel.
Correct Answer: A
Reference: https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/150494
QUESTION 10
An administrator Is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in
both sites has been configured as a Static IP Address. For the site the local quick mode selector is
192.160.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B?
A. 192.168.1.0/24
B. 192.168.0.0/24
C. 192.168.2.0/24
D. 192.168.3.0/24
Correct Answer: B
QUESTION 11
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
A. The strict RPF check is run on the first sent and reply packet of any new session.
B. Strict RPF checks the best route back to the source using the incoming interface.
C. Strict RPF checks only for the existence of at-cast one active route back to the source using the incoming interface.
D. Strict RPF allows packets back to sources with all active routes.
Correct Answer: A
QUESTION 12
Refer to the exhibit.
Which contains a session list output. Based on the information shown in the exhibit, which statement is true?
A. Destination NAT is disabled in the firewall policy.
B. One-to-one NAT IP pool is used in the firewall policy.
C. Overload NAT IP pool is used in the firewall policy.
D. Port block allocation IP pool is used in the firewall policy.
Correct Answer: A
QUESTION 13
Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a
third-party CA?
A. The public key of the web server certificate must be installed on the browser.
B. The web-server certificate must be installed on the browser.
C. The CA certificate that signed the web-server certificate must be installed on the browser.
D. The private key of the CA certificate that signed the browser certificate must be installed on the browser.
Correct Answer: C
The above content: shared NSE4_FGT-6.4 exam pdf, NSE4_FGT-6.4 exam questions And answers, NSE4_FGT-6.4 exam video,
and get the complete NSE4_FGT-6.4 exam dumps path. For information about NSE4_FGT-6.4 Dumps from Lead4pass (including PDF and VCE), please visit: https://www.leads4pass.com/nse4_fgt-6-4.html (155 Q&A)
ps.
Get free Fortinet NSE4_FGT-6.4 dumps PDF online: https://drive.google.com/file/d/1nr6xFEyW6ACkj7j7juT_LjhYuoxZb8Lc/