Virtual NSE4 Exam Dumps 2021

Cause all that matters here is passing exam with . Cause all that you need is a high score of . The only one thing you need to do is downloading free now. We will not let you down with our money-back guarantee.

Fortinet NSE4 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
Which of the following statements best describes what the Document Fingerprinting feature is for?

  • A. Protects sensitive documents from leakage
  • B. Appends a fingerprint signature to all documents sent by users
  • C. Appends a fingerprint signature to all the emails sent by users
  • D. Validates the fingerprint signature in users’ emails

Answer: A

NEW QUESTION 2
Which of the following FSSO agents are required for a DC agent mode solution? (Choose two.)

  • A. FSSO agent
  • B. DC agent
  • C. Collector agent
  • D. Radius server

Answer: BC

NEW QUESTION 3
Which of the following statements are correct differences between NAT/route and transparent mode? (Choose two.)

  • A. In transparent mode, interfaces do not have IP addresses.
  • B. Firewall polices are only used in NAT/ route mode.
  • C. Static routers are only used in NAT/route mode.
  • D. Only transparent mode permits inline traffic inspection at layer 2.

Answer: AC

NEW QUESTION 4
Which of the following statements best describe what a FortiGate does when packets match a black hole route?

  • A. Packets are dropped.
  • B. Packets are routed based on the information in the policy-based routing table.
  • C. An ICMP error message is sent back to the originator.
  • D. Packet are routed back to the originator.

Answer: A

NEW QUESTION 5
Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.)

  • A. The source quick mode selector must be an IPv4 address.
  • B. The destination quick mode selector must be an IPv6 address.
  • C. The Local Gateway IP must be an IPv4 address.
  • D. The remote gateway IP must be an IPv6 address.

Answer: BC

NEW QUESTION 6
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below.
NSE4 dumps exhibit
Which statements are correct regarding this setting? (Choose two.)

  • A. Interface settings on port7 will not be synchronized with other cluster members.
  • B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.
  • C. When connecting to port7 you always connect to the master device.
  • D. A gateway address may be configured for port7.

Answer: AD

NEW QUESTION 7
Examine the following log message for IPS:
2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity=''critical'' src=''192.168.3.168'' dst=''192.168.3.170'' src_int=''port2'' serial=0 status=''detected'' proto=1 service=''icmp'' count=1 attack_name=''icmp_flood''
icmp_id=''0xa8a4''
icmp_type=''0x08'' icmp_code=''0x00'' attack_id=16777316 sensor=''1'' ref=''http://www.fortinet.com/ids/VID16777316'' msg=''anomaly: icmp_flood, 51 > threshold
50''
Which statement is correct about the above log? (Choose two.)

  • A. The target is 192.168.3.168.
  • B. The target is 192.168.3.170.
  • C. The attack was NOT blocked.
  • D. The attack was blocked.

Answer: BD

NEW QUESTION 8
When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)

  • A. SMTP
  • B. POP3
  • C. HTTP
  • D. FTP

Answer: CD

NEW QUESTION 9
What are required to be the same for two FortiGate units to form an HA cluster? (Choose two)

  • A. Firmware.
  • B. Model.
  • C. Hostname.
  • D. System time zone.

Answer: AB

NEW QUESTION 10
Which of the following statements best describe the main requirements for a traffic session to be offload eligible to an NP6 processor? (Choose three.)

  • A. Session packets do NOT have an 802.1Q VLAN tag.
  • B. It is NOT multicast traffic.
  • C. It does NOT require proxy-based inspection.
  • D. Layer 4 protocol must be UDP, TCP, SCTP or ICMP.
  • E. It does NOT require flow-based inspection.

Answer: CDE

NEW QUESTION 11
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
NSE4 dumps exhibit
Which of the following statements correctly describes the static routing configuration provided above?

  • A. The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.
  • B. The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
  • C. The FortiGate sends all the traffic to 172.20.168.0/24 through port1.
  • D. Only the route that is using port1 will show up in the routing table.

Answer: C

NEW QUESTION 12
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory.
Which of the following statements are correct regarding FSSO in a Windows domain environment when DC-agent mode is used? (Choose two.)

  • A. An FSSO collector agent must be installed on every domain controller.
  • B. An FSSO domain controller agent must be installed on every domain controller.
  • C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit.
  • D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit.

Answer: BD

NEW QUESTION 13
Where are most of the security events logged?

  • A. Security log
  • B. Forward Traffic log
  • C. Event log
  • D. Alert log
  • E. Alert Monitoring Console

Answer: C

NEW QUESTION 14
An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has enabled split tunneling.
NSE4 dumps exhibit
Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table.

  • A. A route to destination matching the `WIN2K3' address object.
  • B. A route to the destination matching the `all' address object.
  • C. A default route.
  • D. No route is added.

Answer: A

NEW QUESTION 15
Which statements regarding banned words are correct? (Choose two.)

  • A. Content is automatically blocked if a single instance of a banned word appears.
  • B. The FortiGate updates banned words on a periodic basis.
  • C. The FortiGate can scan web pages and email messages for instances of banned words.
  • D. Banned words can be expressed as simple text, wildcards and regular expressions.

Answer: CD

NEW QUESTION 16
What log type would indicate whether a VPN is going up or down?

  • A. Event log
  • B. Security log
  • C. Forward log
  • D. Syslog

Answer: A

NEW QUESTION 17
Which of the following statements is true regarding the TCP SYN packets that go from a client, through an implicit web proxy (transparent proxy), to a web server listening at TCP port 80? (Choose three.)

  • A. The source IP address matches the client IP address.
  • B. The source IP address matches the proxy IP address.
  • C. The destination IP address matches the proxy IP address.
  • D. The destination IP address matches the server IP addresses.
  • E. The destination TCP port number is 80.

Answer: ADE

NEW QUESTION 18
Which statement is not correct regarding SSL VPN Tunnel mode?

  • A. IP traffic is encapsulated over HTTPS.
  • B. The standalone FortiClient SSL VPN client can be used to establish a Tunnel mode SSL VPN.
  • C. A limited amount of IP applications are supported.
  • D. The FortiGate device will dynamically assign an IP address to the SSL VPN network adapter.

Answer: C

Recommend!! Get the Full NSE4 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/NSE4-exam-dumps.html (New 301 Q&As Version)