Act now and download your Fortinet NSE4 test today! Do not waste time for the worthless Fortinet NSE4 tutorials. Download Renewal Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet NSE4 with a classic professional.
2021 Mar NSE4 test engine
Q51. - (Topic 18)
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?
A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file.
C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.
D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.
Answer: C
Q52. - (Topic 1)
What methods can be used to access the FortiGate CLI? (Choose two.)
A. Using SNMP.
B. A direct connection to the serial console port.
C. Using the CLI console widget in the GUI.
D. Using RCP.
Answer: B,C
Q53. - (Topic 15)
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below.
Which statements are correct regarding this output? (Choose two.)
A. The connecting client has been allocated address 172.20.1.1.
B. In the Phase 1 settings, dead peer detection is enabled.
C. The tunnel is idle.
D. The connecting client has been allocated address 10.200.3.1.
Answer: A,B
Q54. - (Topic 21)
What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.)
A. Negotiate the encryption parameters to use.
B. Auto-adjust the MTU setting.
C. Autoconfigure addresses and prefixes.
D. Determine other nodes reachability.
Answer: C,D
Q55. - (Topic 20)
In which process states is it impossible to interrupt/kill a process? (Choose two.)
A. S – Sleep
B. R – Running
C. D – Uninterruptable Sleep
D. Z – Zombie
Answer: C,D
Down to date NSE4 test preparation:
Q56. - (Topic 18)
When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website?
A. Organizational Unit.
B. Common Name.
C. Serial Number.
D. Validity.
Answer: B
Q57. - (Topic 12)
A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM.
What would be a possible cause for this problem?
A. The administrator does not have the proper permissions to reassign the dmz interface.
B. The dmz interface is referenced in the configuration of another VDOM.
C. Non-management VDOMs cannot reference physical interfaces.
D. The dmz interface is in PPPoE or DHCP mode.
Answer: B
Q58. - (Topic 6)
An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?
A. The IPsec firewall policies must be placed at the top of the list.
B. This VPN cannot be used as part of a hub and spoke topology.
C. Routes are automatically created based on the quick mode selectors.
D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.
Answer: D
Q59. - (Topic 13)
Which statements are correct for port pairing and forwarding domains? (Choose two.)
A. They both create separate broadcast domains.
B. Port Pairing works only for physical interfaces.
C. Forwarding Domain only applies to virtual interfaces.
D. They may contain physical and/or virtual interfaces.
Answer: A,D
Q60. - (Topic 2)
Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit?
A. MIB-based report uploads.
B. SNMP access limited by access lists.
C. Packet encryption.
D. Running SNMP service on a non-standard port is possible.
Answer: C