NSE4 | Precise NSE4 Dumps Questions 2021

NEW QUESTION 1
Which of the following actions can be used with the FortiGuard quota feature? (Choose three.)

• A. Allow
• B. Block
• C. Monitor
• D. Warning
• E. Authenticate

Answer: CDE

NEW QUESTION 2
A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.
Which one of the following statements is correct regarding the VLAN IDs in this scenario?

• A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
• B. The two VLAN sub-interfaces must have different VLAN IDs.
• C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
• D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

Answer: B

NEW QUESTION 3
What is valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?

• A. Users are required to manually enter their credentials each time they connect to a different web site.
• B. Proxy users are authenticated via FSSO.
• C. There are multiple users sharing the same IP address.
• D. Proxy users are authenticated via RADIUS.

Answer: C

NEW QUESTION 4
In FortiOS session table output, what are the two possible ‘proto_state’ values for a UDP session? (Choose two.)

• A. 00
• B. 11
• C. 01
• D. 05

Answer: AC

NEW QUESTION 5
Which header field can be used in a firewall policy for traffic matching?

• A. ICMP type and code.
• B. DSCP.
• C. TCP window size.
• D. TCP sequence number.

Answer: A

NEW QUESTION 6
What are required to be the same for two FortiGate units to form an HA cluster? (Choose two)

• A. Firmware.
• B. Model.
• C. Hostname.
• D. System time zone.

Answer: AB

NEW QUESTION 7
Which protocols can you use for secure administrative access to a FortiGate? (Choose two)

• A. SSH
• B. Telnet
• C. NTLM
• D. HTTPS

Answer: AD

NEW QUESTION 8
A FortiGate unit operating in NAT/route mode and configured with two sub-interface on the same physical interface. Which of the following statement is correct regarding the VLAN IDs in this scenario?

• A. The two VLAN sub-interfaces can have the same VLAN IDs only if they have IP addresses in different subnets.
• B. The two VLAN sub-interfaces must have different VLAN IDs.
• C. The two VLAN sub-interfaces can have VLAN ID only if they belong to different VDOMs.
• D. The two VLAN sub-interfaces can have the same VLAN if they are connected to different L2 IEEE 802.1Q complaint switches.

Answer: B

NEW QUESTION 9
What is not true of configuring disclaimers on the FortiGate?

• A. Disclaimers can be used in conjunction with captive portal.
• B. Disclaimers appear before users authenticate.
• C. Disclaimers can be bypassed through security exemption lists.
• D. Disclaimers must be accepted in order to continue to the authentication login or originally intended destination.

Answer: C

NEW QUESTION 10
In the debug command output shown in the exhibit, which of the following best described the MAC address 00:09:0f:69:03:7e ?

• A. It is one of the secondary MAC addresses of the port1 interface.
• B. It is the primary MAC address of the port interface.
• C. It is the MAC address of another network devices located in the same LAN segment as the FortiGate unit's port1 interface.
• D. It is the HA virtual MAC address.

Answer: C

NEW QUESTION 11
When creating FortiGate administrative users, which configuration objects specify the account rights?

• A. Remote access profiles.
• B. User groups.
• C. Administrator profiles.
• D. Local-in policies.

Answer: C

NEW QUESTION 12
What must be configured in order to keep two static routes to the same destination in the routing table?

• A. The same priority.
• B. The same distance and same priority.
• C. The same distance.
• D. The same metric.

Answer: B

NEW QUESTION 13
Which is not a FortiGate feature?

• A. Database auditing
• B. Intrusion prevention
• C. Web filtering
• D. Application control

Answer: A

NEW QUESTION 14
Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)

• A. Only one proxy is supported.
• B. Can be manually imported to the browser.
• C. The browser can automatically download it from a web server.
• D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.

Answer: CD

NEW QUESTION 15
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?

• A. The workstation fails to reply to the polls frequently done by the collector agent.
• B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
• C. The work station notifies the DC agent that the user has logged off.
• D. The collector agent gets the logoff events when polling the respective domain controller.

Answer: D

NEW QUESTION 16
Which of the following statements best describes what a Certificate Signing Request (CSR) is?

• A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.
• B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate
• C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate
• D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)

Answer: B