NSE4_FGT-6.4試験無料問題集（165題）「Fortinet NSE 4

出題：1

Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

A. Any web request fortinet.com is allowed to bypass the proxy.

B. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

C. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

D. Browsers can be configured to retrieve this PAC file from the FortiGate.

正解：A,D 解答を投票する

出題：2

View the exhibit.

Which of the following statements are correct? (Choose two.)

A. Dead peer detection must be disabled to support this type of IPsec setup.

B. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

C. This setup requires at least two firewall policies with the action set to IPsec.

D. This is a redundant IPsec setup.

正解：B,D 解答を投票する

出題：3

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A. ADVPN is only supported with IKEv2.

B. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

C. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

D. Tunnels are negotiated dynamically between spokes.

正解：B,D 解答を投票する

出題：4

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
What order must FortiGate use when the web filter profile has features enabled, such as safe search?

A. Static domain filter, SSL inspection filter, and external connectors filters

B. FortiGuard category filter and rating filter

C. Static URL filter, FortiGuard category filter, and advanced filters

D. DNS-based web filter and proxy-based web filter

正解：C 解答を投票する

出題：5

Which two statements about antivirus scanning mode are true? (Choose two.)

A. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

B. In proxy-based inspection mode, files bigger than the buffer size are scanned.

C. In flow-based inspection mode, files bigger than the buffer size are scanned.

D. In proxy-based inspection mode, antivirus scanning buffers the whole file for scanning, before sending it to the client.

正解：A,D 解答を投票する

出題：6

Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

A. SSL inspection and authentication policy

B. Policy rule

C. Firewall policy

D. Security policy

正解：A,D 解答を投票する

出題：7

Refer to the exhibit.

Based on the administrator profile settings, what permissions must the administrator set to run the diagnose firewall auth list CLI command on FortiGate?

A. Custom permission for Network

B. Read/Write permission for Firewall

C. Read/Write permission for Log & Report

D. CLI diagnostics commands permission

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

An administrator must disable RPF check to investigate an issue.
Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?

A. Enable asymmetric routing, so the RPF check will be bypassed.

B. Enable asymmetric routing at the interface level.

C. Disable the RPF check at the FortiGate interface level for the source check.

D. Disable the RPF check at the FortiGate interface level for the reply check.

正解：C 解答を投票する

出題：9

Which three statements about a flow-based antivirus profile are correct? (Choose three.)

A. FortiGate buffers the whole file but transmits to the client simultaneously.

B. IPS engine handles the process as a standalone.

C. Optimized performance compared to proxy-based inspection.

D. If the virus is detected, the last packet is delivered to the client.

E. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection.

正解：A,C,E 解答を投票する

出題：10

Refer to the exhibit.

The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration.
How will FortiGate handle user authentication for traffic that arrives on the LAN interface?

A. Authentication is enforced at a policy level; all users will be prompted for authentication.

B. Users from the Sales group will be prompted for authentication and can authenticate successfully with the correct credentials.

C. Users from the HR group will be prompted for authentication and can authenticate successfully with the correct credentials.

D. If there is a full-through policy in place, users will not be prompted for authentication.

正解：A 解答を投票する

NSE4_FGT-6.4試験無料問題集「Fortinet NSE 4 - FortiOS 6.4 認定」