Virtual NSE4 Dumps 2021

It is more faster and easier to pass the by using . Immediate access to the and find the same core area with professionally verified answers, then PASS your exam with a high score now.

Online Fortinet NSE4 free dumps demo Below:

NEW QUESTION 1
Which statements are correct regarding URL filtering on a FortiGate unit? (Choose two.)

  • A. The allowed actions for URL filtering include allow, block, monitor and exempt.
  • B. The allow actions for URL filtering and Allow and Block only.
  • C. URL filters may be based on patterns using simple text, wildcards and regular expressions.
  • D. URL filters are based on simple text only and require an exact match.

Answer: AC

NEW QUESTION 2
Which portion of the configuration does an administrator specify the type of IPsec configuration (either policy-based or route-based)?

  • A. Under the IPsec VPN global settings.
  • B. Under the phase 2 settings.
  • C. Under the phase 1 settings.
  • D. Under the firewall policy settings.

Answer: D

NEW QUESTION 3
Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)

  • A. Manual update by downloading the signatures from the support site.
  • B. Pull updates from the FortiGate device
  • C. Push updates from the FortiGuard Distribution Network.
  • D. execute fortiguard-AV-AS command from the CLI.

Answer: ABC

NEW QUESTION 4
On your FortiGate 60D, you've configured firewall policies. They port forward traffic to your Linux Apache web server. Select the best way to protect your web server by using the IPS engine.

  • A. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache application
  • B. Configured DLP to block HTTP GET request with credit card numbers.
  • C. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache application
  • D. Configure DLP to block HTTP GET with credit card number
  • E. Also configure a DoS policy to prevent TCP SYn floods and port scans.
  • F. Non
  • G. FortiGate 60D is a desktop model, which does not support IPS.
  • H. Enable IPS signatures for Linux and windows servers with FTP, HTTP, TCP, and SSL protocols and Apache and PHP applications.

Answer: D

NEW QUESTION 5
What functions can the IPv6 Neighbor Discovery Protocol accomplish? (Choose two.)

  • A. Negotiate the encryption parameters to use.
  • B. Auto-adjust the MTU setting.
  • C. Autoconfigure addresses and prefixes.
  • D. Determine other nodes reachability.

Answer: CD

NEW QUESTION 6
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?

  • A. The workstation fails to reply to the polls frequently done by the collector agent.
  • B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
  • C. The work station notifies the DC agent that the user has logged off.
  • D. The collector agent gets the logoff events when polling the respective domain controller.

Answer: D

NEW QUESTION 7
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?

  • A. 1
  • B. 2
  • C. 3
  • D. 4

Answer: C

NEW QUESTION 8
What is the maximum number of different virus databases a FortiGate can have?

  • A. 5
  • B. 2
  • C. 3
  • D. 4

Answer: B

NEW QUESTION 9
Which of the following statements are true regarding WAN Link Load Balancing? (Choose two).

  • A. There can be only one virtual WAN Link per VDOM.
  • B. FortiGate can measure the quality of each link based on latency, jitter, or packets percentage.
  • C. Link health checks can be performed over each link member if the virtual WAN interface.
  • D. Distance and priority values are configured in each link member if the virtual WAN interface.

Answer: AC

NEW QUESTION 10
Which are outputs for the command ‘diagnose hardware deviceinfo nic’? (Choose two.)

  • A. ARP cache
  • B. Physical MAC address
  • C. Errors and collisions
  • D. Listening TCP ports

Answer: BC

NEW QUESTION 11
Which best describes the authentication timeout?

  • A. How long FortiGate waits for the user to enter his or her credentials.
  • B. How long a user is allowed to send and receive traffic before he or she must authenticate again.
  • C. How long an authenticated user can be idle (without sending traffic) before they must authenticate again.
  • D. How long a user-authenticated session can exist without having to authenticate again.

Answer: C

NEW QUESTION 12
Which statement is correct concerning creating a custom signature?

  • A. It must start with the name
  • B. It must indicate whether the traffic flow is from the client or the server.
  • C. It must specify the protoco
  • D. Otherwise, it could accidentally match lower-layer protocols.
  • E. It is not supported by Fortinet Technical Support.

Answer: A

NEW QUESTION 13
Which statements are correct for port pairing and forwarding domains? (Choose two.)

  • A. They both create separate broadcast domains.
  • B. Port Pairing works only for physical interfaces.
  • C. Forwarding Domain only applies to virtual interfaces
  • D. They may contain physical and/or virtual interfaces.

Answer: AD

NEW QUESTION 14
Files that are larger than the oversized limit are subjected to which Antivirus check?

  • A. Grayware
  • B. Virus
  • C. Sandbox
  • D. Heuristic

Answer: C

NEW QUESTION 15
Which of the following IPsec configuration modes can be used for implementing L2TP- over-IPSec VPNs?

  • A. Policy-based IPsec only.
  • B. Route-based IPsec only.
  • C. Both policy-based and route-based VPN.
  • D. L2TP-over-IPSec is not supported by FortiGate devices.

Answer: A

NEW QUESTION 16
In transparent mode, forward-domain is a CLI setting associated with .

  • A. a static route.
  • B. a firewall policy.
  • C. an interface.
  • D. a virtual domain.

Answer: C

NEW QUESTION 17
Which of the following statements best describes what a Public Certificate Authority (CA) is?

  • A. A service that provides a digital certificate each time a user is authenticating
  • B. An entity that certifies that the information contained in a digital certificate is valid and true.
  • C. The FortiGate process in charge of generating digital certificates on the fly for SSL inspection purposes
  • D. A service that validates digital certificates for certificate-based authentication purposes

Answer: D

NEW QUESTION 18
Which statements correctly describe transparent mode operation? (Choose three.)

  • A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
  • B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
  • C. The transparent FortiGate is clearly visible to network hosts in an IP trace route.
  • D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • E. All interfaces of the transparent mode FortiGate device most be on different IP subnets.

Answer: ABD

P.S. Easily pass NSE4 Exam with 301 Q&As 2passeasy Dumps & pdf Version, Welcome to Download the Newest 2passeasy NSE4 Dumps: https://www.2passeasy.com/dumps/NSE4/ (301 New Questions)