NSE4 | Exact NSE4 Exam Dumps 2019
for Fortinet certification, Real Success Guaranteed with Updated . 100% PASS NSE4 Fortinet Network Security Expert 4 Written Exam (400) exam Today!
Free NSE4 Demo Online For Microsoft Certifitcation:
NEW QUESTION 1
When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?
- A. The name of the attribute that identifies each user (Common Name Identifier).
- B. The user account or group element names (user DN).
- C. The server secret to allow for remote queries (Primary server secret).
- D. The credentials for an LDAP administrator (password).
NEW QUESTION 2
Examine the following spanning tree configuration on a FortiGate in transparent mode:
config system interface edit <interface name> set stp-forward enable end
Which statement is correct for the above configuration?
- A. The FortiGate participates in spanning tree.
- B. The FortiGate device forwards received spanning tree messages.
- C. Ethernet layer-2 loops are likely to occur.
- D. The FortiGate generates spanning tree BPDU frames.
NEW QUESTION 3
Which statement is correct regarding virus scanning on a FortiGate unit?
- A. Virus scanning is enabled by default.
- B. Fortinet customer support enables virus scanning remotely for you.
- C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
- D. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.
NEW QUESTION 4
Which of the following statements are correct regarding a master HA unit? (Choose two)
- A. There should be only one master unit is each HA virtual cluster.
- B. The Master synchronizes cluster configuration with slaves.
- C. Only the master has a reserved management HA interface.
- D. Heartbeat interfaces are not required on a master unit.
NEW QUESTION 5
What log type would indicate whether a VPN is going up or down?
- A. Event log
- B. Security log
- C. Forward log
- D. Syslog
NEW QUESTION 6
Which statements regarding banned words are correct? (Choose two.)
- A. Content is automatically blocked if a single instance of a banned word appears.
- B. The FortiGate updates banned words on a periodic basis.
- C. The FortiGate can scan web pages and email messages for instances of banned words.
- D. Banned words can be expressed as simple text, wildcards and regular expressions.
NEW QUESTION 7
An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?
- A. The IPsec firewall policies must be placed at the top of the list.
- B. This VPN cannot be used as a part of a hub and spoke topology.
- C. Routes are automatically created based on the quick mode selectors.
- D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.
NEW QUESTION 8
Which of the following statements describes the objectives of the gratuitous ARP packets sent by an HA cluster?
- A. To synchronize the ARp tables in all the FortiGate Unis that are part of the HA cluster.
- B. To notify the network switches that a new HA master unit has been elected.
- C. To notify the master unit that the slave devices are still up and alive.
- D. To notify the master unit about the physical MAC addresses of the slave units.
NEW QUESTION 9
Which of the following authentication methods can be used for SSL VPN authentication? (Choose three.)
- A. Remote Password Authentication (RADIUS, LDAP)
- B. Two-Factor Authentication
- C. Local Password Authentication
- D. FSSO
- E. RSSO
NEW QUESTION 10
The exhibit shows a part output of the diagnostic command 'diagnose debug application ike 255', taken during establishment of a VPN. Which of the following statement are correct concerning this output? (choose two)
- A. The quick mode selectors negotiated between both IPsec VPN peers is 0.0.0.0/32 for both source and destination addresses.
- B. The output corresponds to a phase 2 negotiation
- C. NAT-T enabled and there is third device in the path performing NAT of the traffic between both IPsec VPN peers.
- D. The IP address of the remote IPsec VPN peer is 172.20.187.114
NEW QUESTION 11
Which of the following statements are true about PKI users created in a FortiGate device? (Choose two.)
- A. Can be used for token-based authentication
- B. Can be used for two-factor authentication
- C. Are used for certificate-based authentication
- D. Cannot be members of user groups
NEW QUESTION 12
Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)
- A. Fragmented packets.
- B. Multicast packet.
- C. SCTP packet.
- D. GRE packet.
NEW QUESTION 13
Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.)
- A. IP Address Check
- B. Open Relay Database List (ORDBL)
- C. Black/White List
- D. Return Email DNS Check
- E. Email Checksum Check
NEW QUESTION 14
Where are most of the security events logged?
- A. Security log
- B. Forward Traffic log
- C. Event log
- D. Alert log
- E. Alert Monitoring Console
NEW QUESTION 15
Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three)
- A. Source IP address.
- B. TCP flags
- C. Source TCP/UDP ports
- D. Type of service.
- E. Checksum
NEW QUESTION 16
Which of the following statements are correct concerning IPsec dialup VPN configurations for FortiGate devices? (Choose two)
- A. Main mode mist be used when there is no more than one IPsec dialup VPN configured on the same FortiGate device.
- B. A FortiGate device with an IPsec VPN configured as dialup can initiate the tunnel connection to any remote IP address.
- C. Peer ID must be used when there is more than one aggressive-mode IPsec dialup VPN on the same FortiGate device.
- D. The FortiGate will automatically add a static route to the source quick mode selector address received from each remote peer.
Recommend!! Get the Full NSE4 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/NSE4-exam-dumps.html (New 301 Q&As Version)