getcertified4sure.com

NSE4 Exam

Super to nse4 dumps



We provide real fortinet nse4 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Fortinet fortinet nse4 exam dumps Exam quickly & easily. The nse4 exam PDF type is available for reading and printing. You can print more and practice many times. With the help of our Fortinet nse4 fortinet dumps pdf and vce product and material, you can easily pass the fortinet nse4 dumps exam.

Q31. - (Topic 18) 

When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website? 

A. Organizational Unit. 

B. Common Name. 

C. Serial Number. 

D. Validity. 

Answer:


Q32. - (Topic 16) 

Examine the following log message for IPS: 

2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50" 

Which statement is correct about the above log? (Choose two.) 

A. The target is 192.168.3.168. 

B. The target is 192.168.3.170. 

C. The attack was NOT blocked. 

D. The attack was blocked. 

Answer: B,C 


Q33. - (Topic 6) 

An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration? 

A. The IPsec firewall policies must be placed at the top of the list. 

B. This VPN cannot be used as part of a hub and spoke topology. 

C. Routes are automatically created based on the quick mode selectors. 

D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed. 

Answer:


Q34. - (Topic 3) 

In which order are firewall policies processed on a FortiGate unit? 

A. From top to down, according with their sequence number. 

B. From top to down, according with their policy ID number. 

C. Based on best match. 

D. Based on the priority value. 

Answer:


Q35. - (Topic 4) 

Which statements are true regarding local user authentication? (Choose two.) 

A. Two-factor authentication can be enabled on a per user basis. 

B. Local users are for administration accounts only and cannot be used to authenticate network users. 

C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate. 

D. Both the usernames and passwords can be stored locally on the FortiGate 

Answer: A,D 


Q36. - (Topic 12) 

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. 

What would be a possible cause for this problem? 

A. The administrator does not have the proper permissions to reassign the dmz interface. 

B. The dmz interface is referenced in the configuration of another VDOM. 

C. Non-management VDOMs cannot reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

Answer:


Q37. - (Topic 12) 

Which statements are correct regarding virtual domains (VDOMs)? (Choose two.) 

A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs. 

B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. 

C. VDOMs share firmware versions, as well as antivirus and IPS databases. 

D. Different time zones can be configured in each VDOM. 

Answer: B,C 


Q38. - (Topic 7) 

Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols? 

A. Proxy-based. 

B. DNS-based. 

C. Flow-based. 

D. Man-in-the-middle. 

Answer:


Q39. - (Topic 5) 

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? 

A. The remote user's virtual IP address. 

B. The FortiGate unit's internal IP address. 

C. The remote user's public IP address. 

D. The FortiGate unit's external IP address. 

Answer:


Q40. - (Topic 15) 

Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below. 

Which statements are correct regarding this configuration? (Choose two.). 

A. The Phase 2 will re-key even if there is no traffic. 

B. There will be a DH exchange for each re-key. 

C. The sequence number of ESP packets received from the peer will not be checked. 

D. Quick mode selectors will default to those used in the firewall policy. 

Answer: A,B 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.