NSE4 | Fortinet NSE4 Exam Questions 2021

Our pass rate is high to 98.9% and the similarity percentage between our and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE4 exam in just one try? I am currently studying for the . Latest , Try Fortinet NSE4 Brain Dumps First.

Free demo questions for Fortinet NSE4 Exam Dumps Below:

NEW QUESTION 1
Which is the following statement are true regarding application control? (choose two)

  • A. Application control is based on TCP destination port numbers.
  • B. Application control is proxy based.
  • C. Encrypted traffic can be identified by application control.
  • D. Traffic Shaping can be applied to the detected application traffic.

Answer: CD

NEW QUESTION 2
When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?

  • A. The name of the attribute that identifies each user (Common Name Identifier).
  • B. The user account or group element names (user DN).
  • C. The server secret to allow for remote queries (Primary server secret).
  • D. The credentials for an LDAP administrator (password).

Answer: C

NEW QUESTION 3
Which of the following authentication methods are supported in an IPsec phase 1? (Choose two.)

  • A. Asymmetric Keys
  • B. CA root digital certificates
  • C. RSA signature
  • D. Pre-shared keys

Answer: CD

NEW QUESTION 4
A static route is configured for a FortiGate unit from the CLI using the following commands:
config router static edit 1
set device “wan1” set distance 20
set gateway 192.168.100.1 next
end
Which of the following conditions are required for this static default route to be displayed in the FortiGate unit's routing table? (Choose two.)

  • A. The administrative status of the wan1 interface is displayed as down.
  • B. The link status of the wan1 interface is displayed as up.
  • C. All other default routers should have a lower distance.
  • D. The wan1 interface address and gateway address are on the same subnet.

Answer: BD

NEW QUESTION 5
Which statements correctly describe transparent mode operation? (Choose three.)

  • A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
  • B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
  • C. The transparent FortiGate is clearly visible to network hosts in an IP trace route.
  • D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  • E. All interfaces of the transparent mode FortiGate device most be on different IP subnets.

Answer: ABD

NEW QUESTION 6
Examine this log entry.
What does the log indicate? (Choose three.)
date=2013-12-04 time=09:30:18 logid=0100032001 type=event subtype=system level=information vd="root" user="admin" ui=http(192.168.1.112) action=login status=success reason=none profile="super_admin" msg="Administrator admin logged in successfully from http(192.168.1.112)"

  • A. In the GUI, the log entry was located under “Log & Report > Event Log > User”.
  • B. In the GUI, the log entry was located under “Log & Report > Event Log > System”.
  • C. In the GUI, the log entry was located under “Log & Report > Traffic Log > Local Traffic”.
  • D. The connection was encrypted.
  • E. The connection was unencrypted.
  • F. The IP of the FortiGate interface that “admin” connected to was 192.168.1.112.
  • G. The IP of the computer that “admin” connected from was 192.168.1.112.

Answer: BEG

NEW QUESTION 7
Which best describes the authentication timeout?

  • A. How long FortiGate waits for the user to enter his or her credentials.
  • B. How long a user is allowed to send and receive traffic before he or she must authenticate again.
  • C. How long an authenticated user can be idle (without sending traffic) before they must authenticate again.
  • D. How long a user-authenticated session can exist without having to authenticate again.

Answer: C

NEW QUESTION 8
Examine the exhibit shown below; then answer the question following it.
NSE4 dumps exhibit
Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

  • A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network.
  • B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network.
  • C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
  • D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network.

Answer: A

NEW QUESTION 9
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

  • A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
  • B. Request: internal host; slave FortiGate; Internet; web server.
  • C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
  • D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.

Answer: D

NEW QUESTION 10
What protocol cannot be used with the active authentication type?

  • A. Local
  • B. RADIUS
  • C. LDAP
  • D. RSSO

Answer: D

NEW QUESTION 11
Which of the following statements are correct regarding logging to memory on a FortiGate unit?

  • A. When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory.
  • B. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages.
  • C. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost.
  • D. None of the above.

Answer: BC

NEW QUESTION 12
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?

  • A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
  • B. Bob will use his public key to encrypt the file and Alice will use Bob’s private key to decrypt the file.
  • C. Bob will use Alice’s public key to encrypt the file and Alice will use her private key to decrypt the file.
  • D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.

Answer: C

NEW QUESTION 13
Which of the following are possible actions for static URL filtering? (Choose three.)

  • A. Allow
  • B. Block
  • C. Exempt
  • D. Warning
  • E. Shape

Answer: ABC

NEW QUESTION 14
Which is NOT true about source matching with firewall policies?

  • A. A source address object must be selected in the firewall policy.
  • B. A source user/group may be selected in the firewall policy.
  • C. A source device may be defined in the firewall policy.
  • D. A source interface must be selected in the firewall policy.
  • E. A source user/group and device must be specified in the firewall policy.

Answer: E

NEW QUESTION 15
Which statement correctly describes the output of the command diagnose ips anomaly list?

  • A. Lists the configured DoS policy.
  • B. List the real-time counters for the configured DoS policy.
  • C. Lists the errors captured when compiling the DoS policy.
  • D. Lists the IPS signature matches.

Answer: B

NEW QUESTION 16
Which of the following statements is correct regarding FortiGate interfaces and spanning tree protocol? (Choose Two)

  • A. Only FortiGate switch interfaces Participate in spanning tree.
  • B. All FortiGate interfaces in transparent mode VDOMs participate in spanning tree.
  • C. All FortiGate interfaces in NAT/route mode VDOMs Participate in spanning tree.
  • D. All FortiGate interfaces in transparent mode VDOMs may block or forward BPDUs.

Answer: BD

P.S. 2passeasy now are offering 100% pass ensure NSE4 dumps! All NSE4 exam questions have been updated with correct answers: https://www.2passeasy.com/dumps/NSE4/ (301 New Questions)