Act now and download your Fortinet NSE4 test today! Do not waste time for the worthless Fortinet NSE4 tutorials. Download Leading Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet NSE4 with a classic professional.

2021 Sep NSE4 free question

Q21. - (Topic 8) 

What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution? 

A. Users are required to manually enter their credentials each time they connect to a different web site. 

B. Proxy users are authenticated via FSSO. 

C. There are multiple users sharing the same IP address. 

D. Proxy users are authenticated via RADIUS. 

Answer: C 


Q22. - (Topic 18) 

When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website? 

A. Organizational Unit. 

B. Common Name. 

C. Serial Number. 

D. Validity. 

Answer: B 


Q23. - (Topic 8) 

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.) 

A. DHCP 

B. BOOTP 

C. DNS 

D. IPv6 autoconfiguration 

Answer: A,C 


Q24. - (Topic 8) 

Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.) 

A. Only one proxy is supported. 

B. Can be manually imported to the browser. 

C. The browser can automatically download it from a web server. 

D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy. 

Answer: C,D 


Q25. - (Topic 20) 

Examine the following output from the diagnose sys session list command: 

session info: proto=6 proto_state=65 duration=3 expire=9 timeout=3600 flags=00000000 sockflag=00000000 sockport=443 av_idx=9 use=5 origin-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

reply-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

state=redir local may_dirty ndr npu nlb os rs 

statistic(bytes/packets/allow_err): org=864/8/1 reply=2384/7/1 tuples=3 

orgin->sink: org pre->post, reply pre->post dev=7->6/6->7 gwy=172.17.87.3/10.1.10.1 

hook=post dir=org act=snat 192.168.1.110:57999->74.201.86.29:443(172.17.87.16:57999) 

hook=pre dir=reply act=dnat 74.201.86.29:443-

>172.17.87.16:57999(192.168.1.110:57999) 

hook=post dir=reply act=noop 74.201.86.29:443->192.168.1.110:57999(0.0.0.0:0) 

misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=0 

npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0/0 

Which statements are true regarding the session above? (Choose two.) 

A. Session Time-To-Live (TTL) was configured to 9 seconds. 

B. FortiGate is doing NAT of both the source and destination IP addresses on all packets coming from the 192.168.1.110 address. 

C. The IP address 192.168.1.110 is being translated to 172.17.87.16. 

D. The FortiGate is not translating the TCP port numbers of the packets in this session. 

Answer: C,D 


NSE4 training

Rebirth NSE4 test questions:

Q26. - (Topic 5) 

A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration: 


Which static route is automatically added to the client’s routing table when the tunnel mode is activated? 

A. A route to a destination subnet matching the Internal_Servers address object. 

B. A route to the destination subnet configured in the tunnel mode widget. 

C. A default route. 

D. A route to the destination subnet configured in the SSL VPN global settings. 

Answer: A 


Q27. - (Topic 16) 

Which statement correctly describes the output of the command diagnose ips anomaly list? 

A. Lists the configured DoS policy. 

B. List the real-time counters for the configured DoS policy. 

C. Lists the errors captured when compiling the DoS policy. 

D. Lists the IPS signature matches. 

Answer: B 


Q28. - (Topic 4) 

Which two statements are true regarding firewall policy disclaimers? (Choose two.) 

A. They cannot be used in combination with user authentication. 

B. They can only be applied to wireless interfaces. 

C. Users must accept the disclaimer to continue. 

D. The disclaimer page is customizable. 

Answer: C,D 


Q29. - (Topic 16) 

Review the IPS sensor filter configuration shown in the exhibit 


Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.) 

A. It does not log attacks targeting Linux servers. 

B. It matches all traffic to Linux servers. 

C. Its action will block traffic matching these signatures. 

D. It only takes effect when the sensor is applied to a policy. 

Answer: C,D 


Q30. - (Topic 3) 

Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) 

A. IP address pool. 

B. Virtual IP address. 

C. IP address. 

D. IP address group. 

E. MAC address. 

Answer: B,C,D