Virtual of nse4 fortinet exam answers materials and bootcamp for Fortinet certification for IT specialist, Real Success Guaranteed with Updated nse4 exam dump pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!
Q21. - (Topic 3)
For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?
A. The traffic is allowed and no log is generated.
B. The traffic is allowed and logged.
C. The traffic is blocked and no log is generated.
D. The traffic is blocked and logged.
Answer: C
Q22. - (Topic 22)
Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)
A. Both proxy-based and flow-based inspection are supported.
B. A replacement message cannot be presented to users when a virus has been detected.
C. It saves CPU resources.
D. The ingress and egress interfaces can be in different SPs.
Answer: B,C
Q23. - (Topic 7)
Which statements regarding banned words are correct? (Choose two.)
A. Content is automatically blocked if a single instance of a banned word appears.
B. The FortiGate updates banned words on a periodic basis.
C. The FortiGate can scan web pages and email messages for instances of banned words.
D. Banned words can be expressed as simple text, wildcards and regular expressions.
Answer: C,D
Q24. - (Topic 12)
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.
Which of the following settings will this administrator be able to configure? (Choose two.)
A. Firewall addresses.
B. DHCP servers.
C. FortiGuard Distribution Network configuration.
D. System hostname.
Answer: A,B
Q25. - (Topic 9)
Which two web filtering inspection modes inspect the full URL? (Choose two.)
A. DNS-based.
B. Proxy-based.
C. Flow-based.
D. URL-based.
Answer: B,C
Q26. - (Topic 4)
What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.)
A. Browser pop-up window.
B. FortiToken.
C. Email.
D. Code books.
E. SMS phone message.
Answer: B,C,E
Q27. - (Topic 1)
Which statements are true regarding the factory default configuration? (Choose three.)
A. The default web filtering profile is applied to the first firewall policy.
B. The ‘Port1’ or ‘Internal’ interface has the IP address 192.168.1.99.
C. The implicit firewall policy action is ACCEPT.
D. The ‘Port1’ or ‘Internal’ interface has a DHCP server set up and enabled (on device models that support DHCP servers).
E. Default login uses the username: admin (all lowercase) and no password.
Answer: B,D,E
Q28. - (Topic 11)
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2
next
end
Which of the following statements correctly describes the static routing configuration provided above?
A. The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.
B. The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
C. The FortiGate sends all the traffic to 172.20.168.0/24 through port1.
D. Only the route that is using port1 will show up in the routing table.
Answer: C
Q29. - (Topic 6)
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario? (Choose three.)
A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
Answer: A,D,E
Q30. - (Topic 8)
What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?
A. Users are required to manually enter their credentials each time they connect to a different web site.
B. Proxy users are authenticated via FSSO.
C. There are multiple users sharing the same IP address.
D. Proxy users are authenticated via RADIUS.
Answer: C