Exam series: NSE4_FGT-6.4
Number of questions: 60
Exam time: 105 minutes
Language: English and Japanese
Product version: FortiOS 6.4
Status: Available
Exam details: exam description
NSE 4 Certification
The Network Security Professional designation identifies your ability to configure, install, and manage the day-to-day configuration, monitoring, and operation of a FortiGate device to support specific corporate network security policies.
Visit the Fortinet NSE Certification Program page for information about certification requirements.
Fortinet NSE 4—FortiOS 6.4
The Fortinet NSE 4—FortiOS 6.4 exam is part of the NSE 4 Network Security Professional program, and recognizes the successful candidate’s knowledge of and expertise with FortiGate devices.
The exam tests applied knowledge of FortiGate configuration, operation, and day-to-day administration, and includes operational scenarios, configuration extracts, and troubleshooting captures.
Audience
The Fortinet NSE 4—FortiOS 6.4 exam is intended for network and security professionals responsible for the
configuration and administration of firewall solutions in an enterprise network security infrastructure.
Exam Details
Exam name Fortinet NSE 4—FortiOS 6.4
Exam series NSE4_FGT-6.4
Time allowed 105 minutes
Exam questions 60 multiple-choice questions
Scoring Pass or fail, a score report is available from your Pearson VUE account
Language English and Japanese
Product version FortiOS 6.4
Exam Topics
Successful candidates have applied knowledge and skills in the following areas and tasks:
l FortiGate deployment
l Perform initial configuration
l Implement the Fortinet Security Fabric
l Configure log settings and diagnose problems using the logs
l Describe and configure VDOMs to split a FortiGate device into multiple virtual devices
l Identify and configure different operation modes for an FGCP HA cluster
l Diagnose resource and connectivity problems
l Firewall and authentication
l Identify and Configure how firewall policy NAT and central NAT works
l Identify and configure different methods of firewall authentication
l Explain FSSO deployment and configuration
l Content inspection
l Describe and inspect encrypted traffic using certificates
l Identify FortiGate inspection modes and configure web and DNS filtering
l Configure application control to monitor and control network applications
l Explain and configure antivirus scanning modes to neutralize malware threats
l Configure IPS, DoS, and WAF to protect the network from hacking and DDoS attacks
l Configure FortiGate to act as an implicit and explicit web proxy
l Routing and Layer 2 switching
l Configure and route packets using static and policy-based routes
l Configure SD-WAN to load balance traffic between multiple WAN links effectively
l Configure FortiGate interfaces or VDOMs to operate as Layer 2 devices
l VPN
l Configure and implement different SSL-VPN modes to provide secure access to the private network
l Implement a meshed or partially redundant IPsec VPN
Training Resources
The following resources are recommended for attaining the knowledge and skills that are covered on the exam. The recommended training is available as a foundation for exam preparation. In addition to training, candidates are
strongly encouraged to have hands-on experience with the exam topics and objectives.
NSE Training Institute Courses
l NSE 4 FortiGate Security
l NSE 4 FortiGate Infrastructure
Other Resources
l FortiOS – Administration Guide
l FortiOS – New Features Guide
Experience
l Minimum of six months of hands-on experience with FortiGate
Exam Sample Questions
A set of sample questions is available from the NSE Training Institute. These questions sample the exam content in question type and content scope. However, the questions do not necessarily represent all the exam content, nor are
they intended to assess an individual’s readiness to take the certification exam.
See the NSE Training Institute for the course that includes the sample questions.
Examination Policies and Procedures
The NSE Training Institute recommends that candidates review exam policies and procedures before registering for the exam. Access important information on the Program Polices page, and find answers to common questions on the
QUESTION 1
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
A. By default, all interfaces are part of the same broadcast domain.
B. The existing network IP schema must be changed when installing a transparent mode.
C. Static routes are required to allow traffic to the next hop.
D. FortiGate forwards frames without changing the MAC address.
Correct Answer: AD
QUESTION 2
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
A. Full Content inspection
B. Proxy-based inspection
C. Certificate inspection
D. Flow-based inspection
Correct Answer: B
QUESTION 3
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.
Correct Answer: BD
QUESTION 4
Which scanning technique on FortiGate can be enabled only on the CLI?
A. Heuristics scan
B. Trojan scan
C. Antivirus scan
D. Ransomware scan
Correct Answer: C
QUESTION 5
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
A. Firewall policy
B. Policy rule
C. Security policy
D. SSL inspection and authentication policy
Correct Answer: AB
Actualkey Fortinet NSE4_FGT-6.4 Exam pdf, Certkingdom Fortinet NSE4_FGT-6.4 PDF
Best Fortinet NSE4_FGT-6.4 Certification, NetApp Fortinet NSE4_FGT-6.4 Training at certkingdom.com