NSE4_FGT-5.6 Fortinet NSE 4 – FortiOS 5.6 exam is a hot Fortinet certification exam, Exam4Training offers you the latest free online NSE4_FGT-5.6 dumps to practice. You can get online training in the following questions, all these questions are verified by Fortinet experts. If this exam changed, we will share new update questions.
Under which circumstance is the IPsec ESP traffic encapsulated over UDP?
Response: A . When using IKE version 2 (IKEv2) B . When the phase 1 is configured to use aggressive mode C . When the IPsec VPN is configured as dial-up D . When NAT-T detects there is a device between both IPsec peers doing NAT over the IPsec traffic
Which statements about IP-based explicit proxy authentication are true?
Response: A . IP-based authentication is best suited to authenticating users behind a NAT device. B . Sessions from the same source address are treated as a single user. C . IP-based authentication consumes less FortiGate’s memory than session-based authentication. D . FortiGate remembers authenticated sessions using browser cookies.
When does the FortiGate enter into fail-open session mode?
Response: A . When CPU usage goes above the red threshold. B . When a proxy (for proxy-based inspection) runs out of connections. C . When memory usage goes above the red threshold. D . When memory usage goes above the extreme threshold.
Which statement about the HA override setting in FortiGate HA clusters is true?
Response: A . Configuring the HA override will reboot the FortiGate device. B . It synchronizes device priority on all cluster members. C . It is used to enable monitored ports. D . You must configure override settings manually and separately for each cluster member.
Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true?
Response: A . The firmware image must be manually uploaded to each FortiGate. B . Only secondary FortiGate devices are rebooted. C . Uninterruptable upgrade is enabled by default. D . Traffic load balancing is temporally disabled while upgrading the firmware.
Which statements correctly describe transparent mode operation?
Response: A . All interfaces of the transparent mode FortiGate device must be on different IP subnets. B . The transparent FortiGate is visible to network hosts in an IP traceroute. C . It permits inline traffic inspection and firewalling without changing the IP scheme of the network. D . Ethernet packets are forwarded based on destination MAC addresses, not IP addresses. E . The FortiGate acts as transparent bridge and forwards traffic at Layer-2.