Fortinet NSE4 Dumps 2021

Proper study guides for NSE4 Fortinet Network Security Expert 4 Written Exam (400) certified begins with preparation products which designed to deliver the by making you pass the NSE4 test at your first time. Try the free right now.

Free NSE4 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
Which of the following actions that can be taken by the Data Leak Prevention scanning? (Choose three.)

  • A. Block
  • B. Reject
  • C. Tag
  • D. Log only
  • E. Quarantine IP address

Answer: ADE

NEW QUESTION 2
Which of the following statements are true about the SSL Proxy certificate that must be used for SSL Content Inspection? (Choose two.)

  • A. It cannot be signed by a private CA
  • B. It must have either the field “CA=True” or the filed “Key Usage=KeyCertSign”
  • C. It must be installed in the FortiGate device
  • D. The subject filed must contain either the FQDN, or the IP address of the FortiGate device

Answer: CD

NEW QUESTION 3
Which of the following statements describes the objectives of the gratuitous ARP packets sent by an HA cluster?

  • A. To synchronize the ARp tables in all the FortiGate Unis that are part of the HA cluster.
  • B. To notify the network switches that a new HA master unit has been elected.
  • C. To notify the master unit that the slave devices are still up and alive.
  • D. To notify the master unit about the physical MAC addresses of the slave units.

Answer: B

NEW QUESTION 4
A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode. Which one of the following statements is correct regarding the use of web-only mode SSL VPN?

  • A. Web-only mode supports SSL version 3 only.
  • B. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN.
  • C. Web-only mode requires the user to have a web browser that supports 64-bit cipher length.
  • D. The JAVA run-time environment must be installed on the client to be able to connect to a web-only mode SSL VPN.

Answer: C

NEW QUESTION 5
Which statements are correct regarding application control? (Choose two.)

  • A. It is based on the IPS engine.
  • B. It is based on the AV engine.
  • C. It can be applied to SSL encrypted traffic.
  • D. It cannot be applied to SSL encrypted traffic.

Answer: AC

NEW QUESTION 6
A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, they are not being received.
Which is one reason for this problem?

  • A. The FortiGate is connected to multiple ISPs.
  • B. FortiGuard scheduled updates are enabled in the FortiGate configuration.
  • C. The FortiGate is in Transparent mode.
  • D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.

Answer: D

NEW QUESTION 7
Review the configuration for FortiClient IPsec shown in the exhibit.
NSE4 dumps exhibit
Which statement is correct regarding this configuration?

  • A. The connecting VPN client will install a route to a destination corresponding to the student internal address object.
  • B. The connecting VPN client will install a default route.
  • C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range.
  • D. The connecting VPN client will connect in web portal mode and no route will be installed.

Answer: A

NEW QUESTION 8
Which statement is correct concerning an IPsec VPN with the remote gateway setting configured as 'Dynamic DNS'?

  • A. The FortiGate will accept IPsec VPN connection from any IP address.
  • B. The FQDN resolution of the local FortiGate IP address where the VPN is terminated must be provided by a dynamic DNS provider.
  • C. The FortiGate will Accept IPsec VPN connections only from IP addresses included on a dynamic DNS access list.
  • D. The remote gateway IP address can change dynamically.

Answer: D

NEW QUESTION 9
Which is not a FortiGate feature?

  • A. Database auditing
  • B. Intrusion prevention
  • C. Web filtering
  • D. Application control

Answer: A

NEW QUESTION 10
Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.
NSE4 dumps exhibit
Which two statements are correct regarding this output? (Choose two.)

  • A. There will be six routes in the routing table.
  • B. There will be seven routes in the routing table.
  • C. There will be two default routes in the routing table.
  • D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.

Answer: AC

NEW QUESTION 11
Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with the firewall policy? (Choose two.)

  • A. Shared traffic shaping cannot be used.
  • B. Only traffic matching the application control signature is shaped.
  • C. Can limit the bandwidth usage of heavy traffic applications.
  • D. Per-IP traffic shaping cannot be used.

Answer: BC

NEW QUESTION 12
Which is NOT true about source matching with firewall policies?

  • A. A source address object must be selected in the firewall policy.
  • B. A source user/group may be selected in the firewall policy.
  • C. A source device may be defined in the firewall policy.
  • D. A source interface must be selected in the firewall policy.
  • E. A source user/group and device must be specified in the firewall policy.

Answer: E

NEW QUESTION 13
What are the advantages of FSSO DC mode over polling mode?

  • A. Redundancy in the collector agent.
  • B. Allows transparent authentication.
  • C. DC agents are not required in the AD domain controllers.
  • D. Scalability

Answer: C

NEW QUESTION 14
Which of the following email spam filtering features is NOT supported on a FortiGate unit?

  • A. Multipurpose Internet Mail Extensions (MIME) Header Check
  • B. HELO DNS Lookup
  • C. Greylisting
  • D. Banned Word

Answer: C

NEW QUESTION 15
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.
NSE4 dumps exhibit
Which statements are correct regarding this configuration? (Choose two.)

  • A. The Phase 2 will re-key even if there is no traffic.
  • B. There will be a DH exchange for each re-key.
  • C. The sequence number of ESP packets received from the peer will not be checked.
  • D. Quick mode selectors will default to those used in the firewall policy.

Answer: AB

NEW QUESTION 16
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

  • A. Client - > slave FortiGate - > master FortiGate - > web server.
  • B. Client - > slave FortiGate - > web server.
  • C. Client - > master FortiGate - > slave FortiGate - > master FortiGate - >web server.
  • D. Client - > master FortiGate - >slave FortiGate - > web server.

Answer: D

NEW QUESTION 17
Which of the following statements is true regarding a FortiGate device operating in transparent mode? (Choose three.)

  • A. It acts as a layer 2 bridge
  • B. It acts as a layer 3 router
  • C. It forwards frames using the destination MAC address.
  • D. It forwards packets using the destination IP address.
  • E. It can perform content inspection (antivirus, web filtering, etc)

Answer: ACE

NEW QUESTION 18
Which type of conserve mode writes a log message immediately, rather than when the device exits conserve mode?

  • A. Kernel
  • B. Proxy
  • C. System
  • D. Device

Answer: B

Thanks for reading the newest NSE4 exam dumps! We recommend you to try the PREMIUM Certleader NSE4 dumps in VCE and PDF here: https://www.certleader.com/NSE4-dumps.html (301 Q&As Dumps)