NSE4 | Certified NSE4 Dumps Questions 2021

NEW QUESTION 1
Which two statements are true regarding firewall policy disclaimers? (Choose two.)

• A. They cannot be used in combination with user authentication.
• B. They can only be applied to wireless interfaces.
• C. Users must accept the disclaimer to continue.
• D. The disclaimer page is customizable.

Answer: CD

NEW QUESTION 2
In which process states is it impossible to interrupt/kill a process? (Choose two.)

• A. S – Sleep
• B. R – Running
• C. D – Uninterruptable Sleep
• D. Z – Zombie

Answer: CD

NEW QUESTION 3
Which of the following statements are true about PKI users created in a FortiGate device? (Choose two.)

• A. Can be used for token-based authentication
• B. Can be used for two-factor authentication
• C. Are used for certificate-based authentication
• D. Cannot be members of user groups

Answer: AB

NEW QUESTION 4
Which user group types does FortiGate support for firewall authentication? (Choose three.)

• A. RSSO
• B. Firewall
• C. LDAP
• D. NTLM
• E. FSSO

Answer: ABE

NEW QUESTION 5
A FortiGate unit has multiple VDOMs in NAT/route mode with multiple VLAN interfaces in each VDOM. Which of the following statements is correct regarding the IP addresses
assigned to each VLAN interface?

• A. Different VLANs can share the same IP address as long as they have different VLAN IDs.
• B. Different VLANs can share the same IP address as long as they are in different physical interface.
• C. Different VLANs can share the same IP address as long as they are in different VDOMs.
• D. Different VLANs can never share the same IP addresses.

Answer: C

NEW QUESTION 6
Regarding the header and body sections in raw log messages, which statement is correct?

• A. The header and body section layouts change depending on the log type.
• B. The header section layout is always the same regardless of the log typ
• C. The body section layout changes depending on the log type.
• D. Some log types include multiple body sections.
• E. Some log types do not include a body section.

Answer: B

NEW QUESTION 7
Which statement best describes what the FortiGate hardware acceleration processors main
task is?

• A. Offload traffic processing tasks from the main CPU.
• B. Offload management tasks from the main CPU.
• C. Compress and optimize the network traffic.
• D. Increase maximum bandwidth available in a FortiGate interface.

Answer: A

NEW QUESTION 8
In which order are firewall policies processed on a FortiGate unit?

• A. From top to bottom, according with their sequence number.
• B. From top to bottom, according with their policy ID number.
• C. Based on best match.
• D. Based on the priority value.

Answer: A

NEW QUESTION 9
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: C

NEW QUESTION 10
Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic.
What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)

• A. They are offloaded to the NP6 in the master unit.
• B. They are not offloaded to the NP6 in the master unit.
• C. They are offloaded to the NP6 in the slave unit.
• D. They are not offloaded to the NP6 in the slave unit.

Answer: BC

NEW QUESTION 11
Which statements are correct for port pairing and forwarding domains? (Choose two.)

• A. They both create separate broadcast domains.
• B. Port Pairing works only for physical interfaces.
• C. Forwarding Domain only applies to virtual interfaces
• D. They may contain physical and/or virtual interfaces.

Answer: AD

NEW QUESTION 12
Which operating system vulnerability can you protect when selecting signatures to include in an IPS sensor? (choose three)

• A. Irix
• B. QNIX
• C. Linux
• D. Mac OS
• E. BSD

Answer: CDE

NEW QUESTION 13
Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with the firewall policy? (Choose two.)

• A. Shared traffic shaping cannot be used.
• B. Only traffic matching the application control signature is shaped.
• C. Can limit the bandwidth usage of heavy traffic applications.
• D. Per-IP traffic shaping cannot be used.

Answer: BC

NEW QUESTION 14
Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)

• A. IP address pool.
• B. Virtual IP address.
• C. IP address.
• D. IP address group.
• E. MAC address.

Answer: BCD

NEW QUESTION 15
A FortiGate is configured with the 1.1.1.1/24 address on the wan2 interface and HTTPS Administrative Access, using the default tcp port, is enabled for that interface. Given the SSL VPN settings in the exhibit.

Which of the following SSL VPN login portal URLs are valid? (Choose two.)

• A. http://1.1.1.1:443/Training
• B. https://1.1.1.1:443/STUDENTS
• C. https://1.1.1.1/login
• D. https://1.1.1.1/

Answer: BD

NEW QUESTION 16
Examine the exhibit; then answer the question below.

The Vancouver FortiGate initially had the following information in its routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2
C 172.11.11.0/24 is directly connected, port1
Afterwards, the following static route was added:
config router static edit 6
set dst 172.20.1.0 255.255.255.0
set priority 0
set device port1
set gateway 172.11.12.1 next
Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

• A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.
• B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.
• C. The priority is 0, which means that the route will remain inactive.
• D. The static route configuration is missing the distance setting.

Answer: B