Here you have the best Fortinet NSE4_FGT-6.4 practice exam questions
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
When FortiGate is operating in transparent mode, it functions similarly to a Layer 2 bridge. Therefore, by default, all interfaces are part of the same broadcast domain, allowing traffic to pass through without the need for separate subnets on each interface, which makes option A accurate. Furthermore, FortiGate forwards frames without altering the source or destination MAC addresses, maintaining the integrity of the original data link layer information, which makes option D correct. As such, these two statements accurately describe the behavior of a FortiGate in transparent mode.
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
When FortiGate is configured as a policy-based next-generation firewall (NGFW), it uses flow-based inspection. Flow-based inspection analyzes traffic by capturing and examining a sample of the traffic flow rather than inspecting the entire content. This method is efficient for real-time threat detection and prevention, making it suitable for policy-based NGFW configurations.
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
For IPsec authentication on FortiGate, a stronger authentication can be achieved by enabling extended authentication (XAuth) to request the remote peer to provide a username and password. Additionally, FortiGate supports both pre-shared key and signature as authentication methods, providing flexibility in how the authentication process can be handled. Therefore, the correct statements are regarding enabling XAuth for stronger authentication and FortiGate's support for pre-shared key and signature as authentication methods.
Which scanning technique on FortiGate can be enabled only on the CLI?
Heuristics scan is the scanning technique on FortiGate that can only be enabled through the CLI. This type of scan uses heuristic analysis to identify unknown or emerging threats based on patterns and behavior rather than relying solely on known virus definitions. As it is a specific configuration that involves more advanced settings, it requires access to the CLI for activation.
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
To allow traffic on a policy-based next-generation firewall (NGFW) like FortiGate, two key policies must be configured: Security policy and SSL inspection and authentication policy. The Security policy is essential for controlling the flow of traffic and ensuring proper inspection and enforcement according to defined rules. The SSL inspection and authentication policy is crucial for inspecting encrypted traffic, performing authentication, and ensuring that secure traffic complies with security requirements. These policies work in tandem to provide comprehensive security and traffic management on the firewall.