NSE4 | Precise NSE4 Dumps Questions 2021
for Fortinet certification, Real Success Guaranteed with Updated . 100% PASS NSE4 Fortinet Network Security Expert 4 Written Exam (400) exam Today!
Also have NSE4 free dumps questions for you:
NEW QUESTION 1
Which of the following actions can be used with the FortiGuard quota feature? (Choose three.)
- A. Allow
- B. Block
- C. Monitor
- D. Warning
- E. Authenticate
Answer: CDE
NEW QUESTION 2
A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.
Which one of the following statements is correct regarding the VLAN IDs in this scenario?
- A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
- B. The two VLAN sub-interfaces must have different VLAN IDs.
- C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
- D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.
Answer: B
NEW QUESTION 3
What is valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?
- A. Users are required to manually enter their credentials each time they connect to a different web site.
- B. Proxy users are authenticated via FSSO.
- C. There are multiple users sharing the same IP address.
- D. Proxy users are authenticated via RADIUS.
Answer: C
NEW QUESTION 4
In FortiOS session table output, what are the two possible ‘proto_state’ values for a UDP session? (Choose two.)
- A. 00
- B. 11
- C. 01
- D. 05
Answer: AC
NEW QUESTION 5
Which header field can be used in a firewall policy for traffic matching?
- A. ICMP type and code.
- B. DSCP.
- C. TCP window size.
- D. TCP sequence number.
Answer: A
NEW QUESTION 6
What are required to be the same for two FortiGate units to form an HA cluster? (Choose two)
- A. Firmware.
- B. Model.
- C. Hostname.
- D. System time zone.
Answer: AB
NEW QUESTION 7
Which protocols can you use for secure administrative access to a FortiGate? (Choose two)
- A. SSH
- B. Telnet
- C. NTLM
- D. HTTPS
Answer: AD
NEW QUESTION 8
A FortiGate unit operating in NAT/route mode and configured with two sub-interface on the same physical interface. Which of the following statement is correct regarding the VLAN IDs in this scenario?
- A. The two VLAN sub-interfaces can have the same VLAN IDs only if they have IP addresses in different subnets.
- B. The two VLAN sub-interfaces must have different VLAN IDs.
- C. The two VLAN sub-interfaces can have VLAN ID only if they belong to different VDOMs.
- D. The two VLAN sub-interfaces can have the same VLAN if they are connected to different L2 IEEE 802.1Q complaint switches.
Answer: B
NEW QUESTION 9
What is not true of configuring disclaimers on the FortiGate?
- A. Disclaimers can be used in conjunction with captive portal.
- B. Disclaimers appear before users authenticate.
- C. Disclaimers can be bypassed through security exemption lists.
- D. Disclaimers must be accepted in order to continue to the authentication login or originally intended destination.
Answer: C
NEW QUESTION 10
In the debug command output shown in the exhibit, which of the following best described the MAC address 00:09:0f:69:03:7e ?
- A. It is one of the secondary MAC addresses of the port1 interface.
- B. It is the primary MAC address of the port interface.
- C. It is the MAC address of another network devices located in the same LAN segment as the FortiGate unit's port1 interface.
- D. It is the HA virtual MAC address.
Answer: C
NEW QUESTION 11
When creating FortiGate administrative users, which configuration objects specify the account rights?
- A. Remote access profiles.
- B. User groups.
- C. Administrator profiles.
- D. Local-in policies.
Answer: C
NEW QUESTION 12
What must be configured in order to keep two static routes to the same destination in the routing table?
- A. The same priority.
- B. The same distance and same priority.
- C. The same distance.
- D. The same metric.
Answer: B
NEW QUESTION 13
Which is not a FortiGate feature?
- A. Database auditing
- B. Intrusion prevention
- C. Web filtering
- D. Application control
Answer: A
NEW QUESTION 14
Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)
- A. Only one proxy is supported.
- B. Can be manually imported to the browser.
- C. The browser can automatically download it from a web server.
- D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.
Answer: CD
NEW QUESTION 15
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?
- A. The workstation fails to reply to the polls frequently done by the collector agent.
- B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
- C. The work station notifies the DC agent that the user has logged off.
- D. The collector agent gets the logoff events when polling the respective domain controller.
Answer: D
NEW QUESTION 16
Which of the following statements best describes what a Certificate Signing Request (CSR) is?
- A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.
- B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate
- C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate
- D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)
Answer: B
100% Valid and Newest Version NSE4 Questions & Answers shared by Surepassexam, Get Full Dumps HERE: https://www.surepassexam.com/NSE4-exam-dumps.html (New 301 Q&As)