NSE4 Exam
Why You Need To nse4 exam dump?
Cause all that matters here is passing the Fortinet nse4 fortinet exam. Cause all that you need is a high score of fortinet nse4 Fortinet Network Security Expert 4 Written Exam (400) exam. The only one thing you need to do is downloading Examcollection fortinet nse4 exam exam study guides now. We will not let you down with our money-back guarantee.
Q41. - (Topic 7)
Which statements regarding banned words are correct? (Choose two.)
A. Content is automatically blocked if a single instance of a banned word appears.
B. The FortiGate updates banned words on a periodic basis.
C. The FortiGate can scan web pages and email messages for instances of banned words.
D. Banned words can be expressed as simple text, wildcards and regular expressions.
Answer: C,D
Q42. - (Topic 4)
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.
Based on the firewall configuration illustrated in the exhibit, which statement is correct?
A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.
B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.
D. DNS Internet access is always allowed, even for users that has not authenticated.
Answer: D
Q43. - (Topic 14)
The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members.
What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.)
A. Port3 is configured with an IP address for management access.
B. The firewall rules are purged on the disconnected unit.
C. The HA mode changes to standalone.
D. The system hostname is set to the unit serial number.
Answer: A,C
Q44. - (Topic 22)
Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor?
A. No protection profile can be applied over the IPsec traffic.
B. Phase-2 anti-replay must be disabled.
C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6.
D. IPsec traffic must not be inspected by any FortiGate session helper.
Answer: C
Q45. - (Topic 9)
Which of the following regular expression patterns make the terms "confidential data" case insensitive?
A. [confidential data]
B. /confidential data/i
C. i/confidential data/
D. "confidential data"
Answer: B
Q46. - (Topic 14)
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?
A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
B. Request: internal host; slave FortiGate; Internet; web server.
C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.
Answer: D
Q47. - (Topic 11)
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?
A. A lookup is done only when the first packet coming from the client (SYN) arrives.
B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.
C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).
D. A lookup is always done each time a packet arrives, from either the server or the client side.
Answer: B
Q48. - (Topic 10)
Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with a firewall policy? (Choose two.)
A. Shared traffic shaping cannot be used.
B. Only traffic matching the application control signature is shaped.
C. Can limit the bandwidth usage of heavy traffic applications.
D. Per-IP traffic shaping cannot be used.
Answer: B,C
Q49. - (Topic 22)
Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)
A. Fragmented packet.
B. Multicast packet.
C. SCTP packet.
D. GRE packet.
Answer: B,C
Q50. - (Topic 4)
Which two statements are true regarding firewall policy disclaimers? (Choose two.)
A. They cannot be used in combination with user authentication.
B. They can only be applied to wireless interfaces.
C. Users must accept the disclaimer to continue.
D. The disclaimer page is customizable.
Answer: C,D