[19/April/2019 Updated] Collection of NSE4_FGT-6.0 Exam Questions With Free VCE and PDF Download

New Updated NSE4_FGT-6.0 Exam Questions from PassLeader NSE4_FGT-6.0 PDF dumps! Welcome to download the newest PassLeader NSE4_FGT-6.0 VCE dumps: https://www.passleader.com/nse4-fgt-6-0.html (130 Q&As)

Keywords: NSE4_FGT-6.0 exam dumps, NSE4_FGT-6.0 exam questions, NSE4_FGT-6.0 VCE dumps, NSE4_FGT-6.0 PDF dumps, NSE4_FGT-6.0 practice tests, NSE4_FGT-6.0 study guide, NSE4_FGT-6.0 braindumps, Fortinet NSE 4 – FortiOS 6.0 Exam

P.S. New NSE4_FGT-6.0 dumps PDF: https://drive.google.com/open?id=1LY9oKBJSzxvXsmizzM-k3LOqRrDx8GtJ

NEW QUESTION 1
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)

A.    Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
B.    Extend timeout timers.
C.    Include the group of guest users in a policy.
D.    Ensure all firewalls allow the FSSO required port.

Answer: AC

NEW QUESTION 2
Which of the following statements correctly describes FortiGate’s route lookup behavior when searching for a suitable gateway? (Choose two.)

A.    Lookup is done on the trust packet from the session originator.
B.    Lookup is done on the last packet sent from the responder.
C.    Lookup is done on every packet, regardless of direction.
D.    Lookup is done on the trust reply packet from the responder.

Answer: AB

NEW QUESTION 3
An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)

A.    Define the phase 1 parameters, without enabling IPsec interface mode.
B.    Define the phase 2 parameters.
C.    Set the phase 2 encapsulation method to transport mode.
D.    Define at least one firewall policy, with the action set to IPsec.
E.    Define a route to the remote network over the IPsec tunnel.

Answer: CDE

NEW QUESTION 4
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

A.    To remove the NAT operation.
B.    To generate logs.
C.    To finish any inspection operations.
D.    To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Answer: D

NEW QUESTION 5
What information is flushed when the chunk-size value is changed in the config DLP settings?

A.    The database for DLP document fingerprinting.
B.    The supported file types in the DLP filters.
C.    The archived files and messages.
D.    The file name patterns in the DLP filters.

Answer: A

NEW QUESTION 6
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)

A.    hourly
B.    real tune
C.    on-demand
D.    store-and-upload

Answer: BD

NEW QUESTION 7
Which statement about DLP on FortiGate is true?

A.    It can archive files and messages.
B.    It can be applied to a firewall policy in a flow-based VDOM.
C.    Traffic shaping can be applied to DLP sensors.
D.    Files can be sent to FortiSandbox for detecting DLP threats.

Answer: A

NEW QUESTION 8
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?

A.    A person
B.    A subordinate CA
C.    A root CA
D.    A CRL

Answer: A

NEW QUESTION 9
Which of the following SD-WAN load-balancing method use interface weight value to distribute traffic? (Choose two.)

A.    Source IP
B.    Spillover
C.    Volume
D.    Session

Answer: CD

NEW QUESTION 10
What FortiGate components are tested during the hardware test? (Choose three.)

A.    Hard disk
B.    CPU
C.    HA heartbeat
D.    Network interfaces
E.    Administrative access

Answer: ACE

NEW QUESTION 11
Which statement about the IP authentication header (AH) used by IPsec is true?

A.    AH does not provide any data integrity or encryption.
B.    AH does not support perfect forward secrecy.
C.    AH provides data integrity but no encryption.
D.    AH provides strong data integrity but weak encryption.

Answer: C

NEW QUESTION 12
Which of the following static routes are not maintained in the routing table? (Choose two.)

A.    Named Address routes
B.    Dynamic routes
C.    ISDB routes
D.    Policy routes

Answer: BD

NEW QUESTION 13
……


Download the newest PassLeader NSE4_FGT-6.0 dumps from passleader.com now! 100% Pass Guarantee!

NSE4_FGT-6.0 PDF dumps & NSE4_FGT-6.0 VCE dumps: https://www.passleader.com/nse4-fgt-6-0.html (130 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!)

P.S. New NSE4_FGT-6.0 dumps PDF: https://drive.google.com/open?id=1LY9oKBJSzxvXsmizzM-k3LOqRrDx8GtJ

         

greatexam