Get Smart with nse4 dumps

Exam Code: fortinet nse4 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass nse4 dumps Exam.

Q33. - (Topic 14) 

Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device. 

Exhibit A: 

Exhibit B: 

Given the information provided in the exhibits, which of the following statements are correct? (Choose two.) 

A. STUDENT is likely to be the master device. 

B. Session-pickup is likely to be enabled. 

C. The cluster mode is active-passive. 

D. There is not enough information to determine the cluster mode. 

Answer: A,D 

Q34. - (Topic 7) 

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.) 

A. Manual update by downloading the signatures from the support site. 

B. Pull updates from the FortiGate. 

C. Push updates from a FortiAnalyzer. 

D. execute fortiguard-AV-AS command from the CLI. 

Answer: A,B 

Q35. - (Topic 1) 

Which statements are true regarding the factory default configuration? (Choose three.) 

A. The default web filtering profile is applied to the first firewall policy. 

B. The ‘Port1’ or ‘Internal’ interface has the IP address 192.168.1.99. 

C. The implicit firewall policy action is ACCEPT. 

D. The ‘Port1’ or ‘Internal’ interface has a DHCP server set up and enabled (on device models that support DHCP servers). 

E. Default login uses the username: admin (all lowercase) and no password. 

Answer: B,D,E 

Q36. - (Topic 6) 

You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. 

Which two configuration steps are required to achieve these objectives? (Choose two.) 

A. Create one firewall policy. 

B. Create two firewall policies. 

C. Add a route to the remote subnet. 

D. Add two IPsec phases 2. 

Answer: B,C 

Q37. - (Topic 22) 

Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.) 

A. Fragmented packet. 

B. Multicast packet. 

C. SCTP packet. 

D. GRE packet. 

Answer: B,C 

Q38. - (Topic 17) 

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory. 

Which of the following statements are correct regarding FSSO in a Windows domain environment when agent mode is used? (Choose two.) 

A. An FSSO collector agent must be installed on every domain controller. 

B. An FSSO domain controller agent must be installed on every domain controller. 

C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit. 

D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit. 

Answer: B,D 

Q39. - (Topic 12) 

Which statements are correct regarding virtual domains (VDOMs)? (Choose two.) 

A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs. 

B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. 

C. VDOMs share firmware versions, as well as antivirus and IPS databases. 

D. Different time zones can be configured in each VDOM. 

Answer: B,C 

Q40. - (Topic 8) 

Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.) 

A. Only one proxy is supported. 

B. Can be manually imported to the browser. 

C. The browser can automatically download it from a web server. 

D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy. 

Answer: C,D 

Q41. - (Topic 15) 

Which statement is an advantage of using a hub and spoke IPsec VPN configuration 

instead of a fully-meshed set of IPsec tunnels? 

A. Using a hub and spoke topology provides full redundancy. 

B. Using a hub and spoke topology requires fewer tunnels. 

C. Using a hub and spoke topology uses stronger encryption protocols. 

D. Using a hub and spoke topology requires more routes. 

Answer: B 

Q42. - (Topic 13) 

In transparent mode, forward-domain is an CLI setting associate with ______________. 

A. a static route. 

B. a firewall policy. 

C. an interface. 

D. a virtual domain. 

Answer: C 

Q43. - (Topic 3) 

For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate? 

A. The traffic is allowed and no log is generated. 

B. The traffic is allowed and logged. 

C. The traffic is blocked and no log is generated. 

D. The traffic is blocked and logged. 

Answer: C 

Q44. - (Topic 13) 

Which statements correctly describe transparent mode operation? (Choose three.) 

A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2. 

B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses. 

C. The transparent FortiGate is clearly visible to network hosts in an IP trace route. 

D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network. 

E. All interfaces of the transparent mode FortiGate device must be on different IP subnets. 

Answer: A,B,D 

Q45. - (Topic 15) 

Review the static route configuration for IPsec shown in the exhibit; then answer the question below. 

Which statements are correct regarding this configuration? (Choose two.) 

A. Interface remote is an IPsec interface. 

B. A gateway address is not required because the interface is a point-to-point connection. 

C. A gateway address is not required because the default route is used. 

D. Interface remote is a zone. 

Answer: A,B 

Q46. - (Topic 18) 

Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.) 

A. The web client SSL handshake. 

B. The web server SSL handshake. 

C. File buffering. 

D. Communication with the URL filter process. 

Answer: A,B 

Q47. - (Topic 12) 

A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface. 

Which one of the following statements is correct regarding the VLAN IDs in this scenario? 

A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets. 

B. The two VLAN sub-interfaces must have different VLAN IDs. 

C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs. 

D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches. 

Answer: B 

Q48. - (Topic 11) 

Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration 

provided? (Choose two.) 

A. All traffic to 172.20.1.0/24 is dropped by the FortiGate. 

B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route. 

C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route. 

D. The FortiGate unit creates a session entry in the session table when the traffic is being 

routed by the blackhole route. 

Answer: A,C