High quality of NSE4 exam price materials and testing material for Fortinet certification for {examinee}, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!

NEW QUESTION 1
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?

  • A. 1
  • B. 2
  • C. 3
  • D. 4

Answer: C

NEW QUESTION 2
How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?

  • A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy.
  • B. Enable the shape option in a firewall policy with service set to BitTorrent.
  • C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled.
  • D. Apply a traffic shaper to a protocol options profile.

Answer: A

NEW QUESTION 3
Which statement is correct concerning an IPsec VPN with the remote gateway setting configured as 'Dynamic DNS'?

  • A. The FortiGate will accept IPsec VPN connection from any IP address.
  • B. The FQDN resolution of the local FortiGate IP address where the VPN is terminated must be provided by a dynamic DNS provider.
  • C. The FortiGate will Accept IPsec VPN connections only from IP addresses included on a dynamic DNS access list.
  • D. The remote gateway IP address can change dynamically.

Answer: D

NEW QUESTION 4
Which of the following statements best describes what a Public Certificate Authority (CA) is?

  • A. A service that provides a digital certificate each time a user is authenticating
  • B. An entity that certifies that the information contained in a digital certificate is valid and true.
  • C. The FortiGate process in charge of generating digital certificates on the fly for SSL inspection purposes
  • D. A service that validates digital certificates for certificate-based authentication purposes

Answer: D

NEW QUESTION 5
In FortiOS session table output, what is the correct ‘proto_state’ number for an established, non-proxied TCP connection?

  • A. 00
  • B. 11
  • C. 01
  • D. 05

Answer: C

NEW QUESTION 6
Which of the following IKE modes is the one used during the IPsec phase 2 negotiation?

  • A. Aggressive mode
  • B. Quick mode
  • C. Main mode
  • D. Fast mode

Answer: B

NEW QUESTION 7
Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three)

  • A. Source IP address.
  • B. TCP flags
  • C. Source TCP/UDP ports
  • D. Type of service.
  • E. Checksum

Answer: ACD

NEW QUESTION 8
Which of the following Fortinet products can receive updates from the FortiGuard Distribution Network?

  • A. FortiGate
  • B. FortiClient
  • C. FortiMail
  • D. FortiAnalyzer

Answer: ABC

NEW QUESTION 9
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory.
Which of the following statements are correct regarding FSSO in a Windows domain environment when DC-agent mode is used? (Choose two.)

  • A. An FSSO collector agent must be installed on every domain controller.
  • B. An FSSO domain controller agent must be installed on every domain controller.
  • C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit.
  • D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit.

Answer: BD

NEW QUESTION 10
Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled?

  • A. 1. port monitor, 2. unit priority, 3. up time, 4. serial number.
  • B. 1. port monitor, 2. up time, 3. unit priority, 4. serial number.
  • C. 1. unit priority, 2. up time, 3. port monitor, 4. serial number.
  • D. 1. up time, 2. unit priority, 3. port monitor, 4. serial number.

Answer: B

NEW QUESTION 11
Which UTM feature sends a UDP query to FortiGuard servers each time FortiGate scans a packet (unless the response is locally cached)?

  • A. Antivirus
  • B. VPN
  • C. IPS
  • D. Web Filtering

Answer: D

NEW QUESTION 12
Files reported as "suspicious" were subject to which Antivirus check"?

  • A. Grayware
  • B. Virus
  • C. Sandbox
  • D. Heuristic

Answer: D

NEW QUESTION 13
You are creating a custom signature. Which has incorrect syntax?

  • A. F-SBID(--attack_id 1842,--name "Ping.Death";--protocol icmp; --data_size>32000;)
  • B. F-SBID(--name "Block.SMTP.VRFY.CMD";--pattern "vrfy";-- service SMTP; --no_case;-- context header;)
  • C. F-SBID(--name "Ping.Death";--protocol icmp;--data_size>32000;)
  • D. F-SBID(--name "Block".HTTP.POST"; --protocol tcp;-- service HTTP;-- flow from_client;--pattern "POST"; -- context uri;--within 5,context;)

Answer: A

NEW QUESTION 14
Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.
NSE4 dumps exhibit
Which two statements are correct regarding this output? (Choose two.)

  • A. There will be six routes in the routing table.
  • B. There will be seven routes in the routing table.
  • C. There will be two default routes in the routing table.
  • D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.

Answer: AC

NEW QUESTION 15
Which of the following actions can be used to back up the keys and digital certificates in a FortiGate device? (Choose two.)

  • A. Taking a full backup of the FortiGate configuration
  • B. Uploading a PKCS#10 file to a USB drive
  • C. Manually uploading the certificate information to a Certificate authority (CA)
  • D. Uploading a PKCS#12 file to a TFTP server

Answer: AD

NEW QUESTION 16
What methods can be used to access the FortiGate CLI? (Choose two.)

  • A. Using SNMP.
  • B. A direct connection to the serial console port.
  • C. Using the CLI console widget in the GUI.
  • D. Using RCP.

Answer: BC

NEW QUESTION 17
Which is true of FortiGate's session table?

  • A. NAT/PAT is shown in the central NAT table, not the session table.
  • B. It shows TCP connection states.
  • C. It shows IP, SSL, and HTTP sessions.
  • D. It does not show UDP or ICMP connection state codes, because those protocols are connectionless.

Answer: B

NEW QUESTION 18
Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)

  • A. DHCP
  • B. BOOTP
  • C. DNS
  • D. IPv6 autoconfiguration.

Answer: AC

NEW QUESTION 19
Which statements are true regarding IPv6 anycast addresses? (Choose two.)

  • A. Multiple interfaces can share the same anycast address.
  • B. They are allocated from the multicast address space.
  • C. Different nodes cannot share the same anycast address.
  • D. An anycast packet is routed to the nearest interface.

Answer: AD

NEW QUESTION 20
Which of the following statements are correct concerning IKE mode config? (Choose two)

  • A. It can dynamically assign IP addresses to IPsec VPN clients.
  • B. It can dynamically assign DNS settings to IPsec VPN clients.
  • C. It uses the ESP protocol.
  • D. It can be enabled in the phase 2 configuration.

Answer: AB

NEW QUESTION 21
Which is not a FortiGate feature?

  • A. Database auditing
  • B. Intrusion prevention
  • C. Web filtering
  • D. Application control

Answer: A

NEW QUESTION 22
Which of the following options best defines what Diffie-Hellman is?

  • A. A symmetric encryption algorithm.
  • B. A "key-agreement" protocol.
  • C. A "Security-association-agreement" protocol.
  • D. An authentication algorithm.

Answer: B

NEW QUESTION 23
Which profile could IPS engine use on an interface that is in sniffer mode? (Choose three)

  • A. Antivirus (flow based
  • B. Web filtering (PROXY BASED)
  • C. Intrusion Protection
  • D. Application Control
  • E. Endpoint control

Answer: ABD

NEW QUESTION 24
Which of the following statements is true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)

  • A. More than one proxy is supported.
  • B. Can contain a list of destinations that will be exempt from the use of any proxy.
  • C. Can contain a list of URLs that will be exempted from the FortiGate web filtering inspection.
  • D. Can contain a list of users that will be exempted from the use of any proxy.

Answer: BC

NEW QUESTION 25
Which of the following statements best describes what a Certificate Signing Request (CSR) is?

  • A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.
  • B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate
  • C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate
  • D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)

Answer: B

NEW QUESTION 26
Which of the following traffic shaping functions can be offloaded to a NP processor? (Choose two.)

  • A. Que prioritization
  • B. Traffic cap (bandwidth limit)
  • C. Differentiated services field rewriting
  • D. Guarantee bandwidth

Answer: CD

NEW QUESTION 27
A FortiGate device is configured with two VDOMs. The management VDOM is 'root' , and is configured in transparent mode,'vdom1' is configured as NAT/route mode. Which traffic is generated only by 'root' and not 'vdom1'? (Choose three.)

  • A. SNMP traps
  • B. FortiGaurd
  • C. ARP
  • D. NTP
  • E. ICMP redirect

Answer: ABD

NEW QUESTION 28
Which of the following statements is correct regarding FortiGate interfaces and spanning tree protocol? (Choose Two)

  • A. Only FortiGate switch interfaces Participate in spanning tree.
  • B. All FortiGate interfaces in transparent mode VDOMs participate in spanning tree.
  • C. All FortiGate interfaces in NAT/route mode VDOMs Participate in spanning tree.
  • D. All FortiGate interfaces in transparent mode VDOMs may block or forward BPDUs.

Answer: BD

NEW QUESTION 29
......

100% Valid and Newest Version NSE4 Questions & Answers shared by prep-labs.com, Get Full Dumps HERE: https://www.prep-labs.com/dumps/NSE4/ (New 301 Q&As)