★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
NSE4 Product Description:
Exam Number/Code: NSE4 vce
Exam name: Fortinet Network Security Expert 4 Written Exam (400)
n questions with full explanations
Certification: Fortinet Certification
Last updated on Global synchronizing
Verified of NSE4 exam question materials and forum for Fortinet certification for IT specialist, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!
2016 Apr NSE4 Study Guide Questions:
Q31. - (Topic 15)
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.).
A. The Phase 2 will re-key even if there is no traffic.
B. There will be a DH exchange for each re-key.
C. The sequence number of ESP packets received from the peer will not be checked.
D. Quick mode selectors will default to those used in the firewall policy.
Q32. - (Topic 9)
Which statements are correct regarding URL filtering on a FortiGate unit? (Choose two.)
A. The allowed actions for URL filtering include allow, block, monitor and exempt.
B. The allowed actions for URL filtering are Allow and Block only.
C. URL filters may be based on patterns using simple text, wildcards and regular expressions.
D. URL filters are based on simple text only and require an exact match.
Q33. - (Topic 3)
Which header field can be used in a firewall policy for traffic matching?
A. ICMP type and code.
C. TCP window size.
D. TCP sequence number.
Q34. - (Topic 6)
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
A. Policy-based only.
B. Route-based only.
C. Either policy-based or route-based VPN.
D. GRE-based only.
Q35. - (Topic 2)
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?
Improve NSE4 practice:
Q36. - (Topic 15)
Which IPsec mode includes the peer id information in the first packet?
A. Main mode.
B. Quick mode.
C. Aggressive mode.
D. IKEv2 mode.
Q37. - (Topic 11)
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2
Which of the following statements correctly describes the static routing configuration provided above?
A. The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.
B. The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
C. The FortiGate sends all the traffic to 172.20.168.0/24 through port1.
D. Only the route that is using port1 will show up in the routing table.
Q38. - (Topic 1)
What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.)
Q39. - (Topic 14)
Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device.
Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)
A. STUDENT is likely to be the master device.
B. Session-pickup is likely to be enabled.
C. The cluster mode is active-passive.
D. There is not enough information to determine the cluster mode.
Q40. - (Topic 8)
What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?
A. Users are required to manually enter their credentials each time they connect to a different web site.
B. Proxy users are authenticated via FSSO.
C. There are multiple users sharing the same IP address.
D. Proxy users are authenticated via RADIUS.
Accurate NSE4 forum:
Q41. - (Topic 5)
Regarding the use of web-only mode SSL VPN, which statement is correct?
A. It supports SSL version 3 only.
B. It requires a Fortinet-supplied plug-in on the web client.
C. It requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client.
Q42. - (Topic 15)
Which statement is an advantage of using a hub and spoke IPsec VPN configuration
instead of a fully-meshed set of IPsec tunnels?
A. Using a hub and spoke topology provides full redundancy.
B. Using a hub and spoke topology requires fewer tunnels.
C. Using a hub and spoke topology uses stronger encryption protocols.
D. Using a hub and spoke topology requires more routes.
Q43. - (Topic 9)
Which of the following regular expression patterns make the terms "confidential data" case insensitive?
A. [confidential data]
B. /confidential data/i
C. i/confidential data/
D. "confidential data"
Q44. - (Topic 3)
For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?
A. The traffic is allowed and no log is generated.
B. The traffic is allowed and logged.
C. The traffic is blocked and no log is generated.
D. The traffic is blocked and logged.
Q45. - (Topic 7)
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet customer support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.
see more Fortinet Network Security Expert 4 Written Exam (400)