Act now and download your Fortinet fortinet nse4 exam test today! Do not waste time for the worthless Fortinet nse4 dumps tutorials. Download Far out Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet nse4 fortinet with a classic professional.

Q17. - (Topic 2) 

What logging options are supported on a FortiGate unit? (Choose two.) 

A. LDAP 

B. Syslog 

C. FortiAnalyzer 

D. SNMP 

Answer: B,C 


Q18. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. 

Which statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying. 

B. Two tunnels are rekeying. 

C. Two tunnels are up. 

D. One tunnel is up. 

Answer:


Q19. - (Topic 3) 

Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) 

A. IP address pool. 

B. Virtual IP address. 

C. IP address. 

D. IP address group. 

E. MAC address. 

Answer: B,C,D 


Q20. - (Topic 17) 

With FSSO, a domain user could authenticate either against the domain controller running the collector agent and domain controller agent, or a domain controller running only the domain controller agent. 

If you attempt to authenticate with a domain controller running only the domain controller agent, which statements are correct? (Choose two.) 

A. The login event is sent to the collector agent. 

B. The FortiGate receives the user information directly from the receiving domain controller agent of the secondary domain controller. 

C. The domain collector agent may perform a DNS lookup for the authenticated client's IP address. 

D. The user cannot be authenticated with the FortiGate in this manner because each domain controller agent requires a dedicated collector agent. 

Answer: A,C 


Q21. - (Topic 7) 

Examine the exhibit; then answer the question below. 

Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit? 

A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network. 

B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. 

C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network. 

D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network. 

Answer:


Q22. - (Topic 4) 

Which statements are true regarding local user authentication? (Choose two.) 

A. Two-factor authentication can be enabled on a per user basis. 

B. Local users are for administration accounts only and cannot be used to authenticate network users. 

C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate. 

D. Both the usernames and passwords can be stored locally on the FortiGate 

Answer: A,D 


Q23. - (Topic 21) 

Which statements are true regarding IPv6 anycast addresses? (Choose two.) 

A. Multiple interfaces can share the same anycast address. 

B. They are allocated from the multicast address space. 

C. Different nodes cannot share the same anycast address. 

D. An anycast packet is routed to the nearest interface. 

Answer: A,D 


Q24. - (Topic 7) 

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. 

Which are two reasons for this problem? (Choose two.) 

A. The FortiGate is connected to multiple ISPs. 

B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network. 

C. The FortiGate is in Transparent mode. 

D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server. 

Answer: B,D 


Q25. - (Topic 1) 

How is the FortiGate password recovery process? 

A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. 

B. Log in through the console port using the “maintainer” account within several seconds of physically power cycling the FortiGate. 

C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. 

D. Interrupt the boot sequence and restore a configuration file for which the password has 

been modified. 

Answer:


Q26. - (Topic 1) 

When creating FortiGate administrative users, which configuration objects specify the account rights? 

A. Remote access profiles. 

B. User groups. 

C. Administrator profiles. 

D. Local-in policies. 

Answer:


Q27. - (Topic 7) 

Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols? 

A. Proxy-based. 

B. DNS-based. 

C. Flow-based. 

D. Man-in-the-middle. 

Answer:


Q28. - (Topic 2) 

Regarding the header and body sections in raw log messages, which statement is correct? 

A. The header and body section layouts change depending on the log type. 

B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. 

C. Some log types include multiple body sections. 

D. Some log types do not include a body section. 

Answer:


Q29. - (Topic 15) 

Which IPsec mode includes the peer id information in the first packet? 

A. Main mode. 

B. Quick mode. 

C. Aggressive mode. 

D. IKEv2 mode. 

Answer:


Q30. - (Topic 12) 

A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs? 

A. The FortiGate must be a model 1000 or above to support multiple VDOMs. 

B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled. 

C. Changing the operational mode of a VDOM requires a reboot of the FortiGate. 

D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes. 

Answer:


Q31. - (Topic 21) 

What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.) 

A. Negotiate the encryption parameters to use. 

B. Auto-adjust the MTU setting. 

C. Autoconfigure addresses and prefixes. 

D. Determine other nodes reachability. 

Answer: C,D 


Q32. - (Topic 14) 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. 

Exhibit A: 

Exhibit B 

Which one of the following is the most likely reason that the cluster fails to form? 

A. Password 

B. HA mode 

C. Hearbeat 

D. Override 

Answer: