getcertified4sure.com

NSE4 Exam

fortinet nse4 exam : Mar 2021 Edition



Testking offers free demo for nse4 dumps exam. "Fortinet Network Security Expert 4 Written Exam (400)", also known as nse4 exam exam, is a Fortinet Certification. This set of posts, Passing the Fortinet nse4 exam dump exam, will help you answer those questions. The fortinet nse4 exam Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet nse4 fortinet exams and revised by experts!

Q41. - (Topic 4) 

The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below. 

Based on the firewall configuration illustrated in the exhibit, which statement is correct? 

A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge. 

B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. 

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services. 

D. DNS Internet access is always allowed, even for users that has not authenticated. 

Answer:


Q42. - (Topic 2) 

Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit? 

A. MIB-based report uploads. 

B. SNMP access limited by access lists. 

C. Packet encryption. 

D. Running SNMP service on a non-standard port is possible. 

Answer:


Q43. - (Topic 14) 

In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit? 

A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

B. Request: internal host; slave FortiGate; Internet; web server. 

C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server. 

Answer:


Q44. - (Topic 14) 

What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.) 

A. Enable session pick-up. 

B. Enable override. 

C. Connections must be UDP or ICMP. 

D. Connections must not be handled by a proxy. 

Answer: A,D 


Q45. - (Topic 1) 

When creating FortiGate administrative users, which configuration objects specify the account rights? 

A. Remote access profiles. 

B. User groups. 

C. Administrator profiles. 

D. Local-in policies. 

Answer:


Q46. - (Topic 8) 

Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.) 

A. Only one proxy is supported. 

B. Can be manually imported to the browser. 

C. The browser can automatically download it from a web server. 

D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy. 

Answer: C,D 


Q47. - (Topic 13) 

Which statements are correct for port pairing and forwarding domains? (Choose two.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domain only applies to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

Answer: A,D 


Q48. - (Topic 7) 

Which statements regarding banned words are correct? (Choose two.) 

A. Content is automatically blocked if a single instance of a banned word appears. 

B. The FortiGate updates banned words on a periodic basis. 

C. The FortiGate can scan web pages and email messages for instances of banned words. 

D. Banned words can be expressed as simple text, wildcards and regular expressions. 

Answer: C,D 


Q49. - (Topic 11) 

Examine the exhibit; then answer the question below. 

The Vancouver FortiGate initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, port2 

C 172.21.0.0/16 is directly connected, port2 C 172.11.11.0/24 is directly connected, port1 Afterwards, the following static route was added: config router static edit 6 set dst 172.20.1.0 255.255.255.0 set pririoty 0 set device port1 set gateway 172.11.12.1 next end Since this change, the new static route is NOT showing up in the routing table. Given the 

information provided, which of the following describes the cause of this problem? 

A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first. 

B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1. 

C. The priority is 0, which means that the route will remain inactive. 

D. The static route configuration is missing the distance setting. 

Answer:


Q50. - (Topic 22) 

Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.) 

A. Both proxy-based and flow-based inspection are supported. 

B. A replacement message cannot be presented to users when a virus has been detected. 

C. It saves CPU resources. 

D. The ingress and egress interfaces can be in different SPs. 

Answer: B,C 


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.