How to pass Fortinet NSE4 Real Exam in 24 Hours [simulations 16-30]


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Fortinet NSE4 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on: http://www.certleader.com/NSE4-dumps.html


NSE4 Product Description:
Exam Number/Code: NSE4 vce
Exam name: Fortinet Network Security Expert 4 Written Exam (400)
n questions with full explanations
Certification: Fortinet Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Fortinet NSE4 Fortinet Network Security Expert 4 Written Exam (400)

NSE4 examcollection

Exam Code: NSE4 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4 Exam.

2016 May NSE4 Study Guide Questions:

Q16. - (Topic 1) 

Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.) 

A. SNMP 

B. WINS 

C. HTTP 

D. Telnet 

E. SSH 

Answer: C,D,E 


Q17. - (Topic 6) 

What is IPsec Perfect Forwarding Secrecy (PFS)?. 

A. A phase-1 setting that allows the use of symmetric encryption. 

B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires. 

C. A ‘key-agreement’ protocol. 

D. A ‘security-association-agreement’ protocol. 

Answer: B 


Q18. - (Topic 15) 

Review the configuration for FortiClient IPsec shown in the exhibit. 


Which statement is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the student_internal address object. 

B. The connecting VPN client will install a default route. 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. 

D. The connecting VPN client will connect in web portal mode and no route will be installed. 

Answer: A 


Q19. - (Topic 7) 

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. 

Which are two reasons for this problem? (Choose two.) 

A. The FortiGate is connected to multiple ISPs. 

B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network. 

C. The FortiGate is in Transparent mode. 

D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server. 

Answer: B,D 


Q20. - (Topic 13) 

Examine the following spanning tree configuration on a FortiGate in transparent mode: 

config system interface 

edit <interface name> 

set stp-forward enable 

end 

Which statement is correct for the above configuration? 

A. The FortiGate participates in spanning tree. 

B. The FortiGate device forwards received spanning tree messages. 

C. Ethernet layer-2 loops are likely to occur. 

D. The FortiGate generates spanning tree BPDU frames. 

Answer: B 


NSE4  practice

Regenerate NSE4 dumps:

Q21. - (Topic 13) 

Which statements correctly describe transparent mode operation? (Choose three.) 

A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2. 

B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses. 

C. The transparent FortiGate is clearly visible to network hosts in an IP trace route. 

D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network. 

E. All interfaces of the transparent mode FortiGate device must be on different IP subnets. 

Answer: A,B,D 


Q22. - (Topic 15) 

Review the IPsec phase 1 configuration in the exhibit; then answer the question below. 


Which statements are correct regarding this configuration? (Choose two.) 

A. The remote gateway address on 10.200.3.1. 

B. The local IPsec interface address is 10.200.3.1. 

C. The local gateway IP is the address assigned to port1. 

D. The local gateway IP address is 10.200.3.1. 

Answer: A,C 


Q23. - (Topic 18) 

Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.) 

A. The web client SSL handshake. 

B. The web server SSL handshake. 

C. File buffering. 

D. Communication with the URL filter process. 

Answer: A,B 


Q24. - (Topic 11) 

A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end Which of the following conditions are required for this static default route to be displayed in 

the FortiGate unit’s routing table? (Choose two.) 

A. The administrative status of the wan1 interface is displayed as down. 

B. The link status of the wan1 interface is displayed as up. 

C. All other default routes should have a lower distance. 

D. The wan1 interface address and gateway address are on the same subnet. 

Answer: B,D 


Q25. - (Topic 5) 

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) 

A. SSL VPN creates a HTTPS connection. IPsec does not. 

B. Both SSL VPNs and IPsec VPNs are standard protocols. 

C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. 

D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. 

Answer: A,D 


certleader.com

Download NSE4 questions:

Q26. - (Topic 9) 

Which web filtering inspection mode inspects DNS traffic? 

A. DNS-based. 

B. FQDN-based. 

C. Flow-based. 

D. URL-based. 

Answer: A 


Q27. - (Topic 17) 

Which statement describes what the CLI command diagnose debug authd fsso list is used for? 

A. Monitors communications between the FSSO collector agent and FortiGate unit. 

B. Displays which users are currently logged on using FSSO. 

C. Displays a listing of all connected FSSO collector agents. 

D. Lists all DC Agents installed on all domain controllers. 

Answer: B 


Q28. - (Topic 4) 

When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.) 

A. SMTP 

B. POP3 

C. HTTP 

D. FTP 

Answer: C,D 


Q29. - (Topic 18) 

When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website? 

A. Organizational Unit. 

B. Common Name. 

C. Serial Number. 

D. Validity. 

Answer: B 


Q30. - (Topic 15) 

Review the IKE debug output for IPsec shown in the exhibit below. 


Which statements is correct regarding this output? 

A. The output is a phase 1 negotiation. 

B. The output is a phase 2 negotiation. 

C. The output captures the dead peer detection messages. 

D. The output captures the dead gateway detection packets. 

Answer: C 



see more Fortinet Network Security Expert 4 Written Exam (400)