NSE4 | Exact NSE4 Exam Dumps 2019

for Fortinet certification, Real Success Guaranteed with Updated . 100% PASS NSE4 Fortinet Network Security Expert 4 Written Exam (400) exam Today!

Free NSE4 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?

  • A. The name of the attribute that identifies each user (Common Name Identifier).
  • B. The user account or group element names (user DN).
  • C. The server secret to allow for remote queries (Primary server secret).
  • D. The credentials for an LDAP administrator (password).

Answer: C

NEW QUESTION 2
Examine the following spanning tree configuration on a FortiGate in transparent mode:
config system interface edit <interface name> set stp-forward enable end
Which statement is correct for the above configuration?

  • A. The FortiGate participates in spanning tree.
  • B. The FortiGate device forwards received spanning tree messages.
  • C. Ethernet layer-2 loops are likely to occur.
  • D. The FortiGate generates spanning tree BPDU frames.

Answer: B

NEW QUESTION 3
Which statement is correct regarding virus scanning on a FortiGate unit?

  • A. Virus scanning is enabled by default.
  • B. Fortinet customer support enables virus scanning remotely for you.
  • C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
  • D. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.

Answer: C

NEW QUESTION 4
Which of the following statements are correct regarding a master HA unit? (Choose two)

  • A. There should be only one master unit is each HA virtual cluster.
  • B. The Master synchronizes cluster configuration with slaves.
  • C. Only the master has a reserved management HA interface.
  • D. Heartbeat interfaces are not required on a master unit.

Answer: AB

NEW QUESTION 5
What log type would indicate whether a VPN is going up or down?

  • A. Event log
  • B. Security log
  • C. Forward log
  • D. Syslog

Answer: A

NEW QUESTION 6
Which statements regarding banned words are correct? (Choose two.)

  • A. Content is automatically blocked if a single instance of a banned word appears.
  • B. The FortiGate updates banned words on a periodic basis.
  • C. The FortiGate can scan web pages and email messages for instances of banned words.
  • D. Banned words can be expressed as simple text, wildcards and regular expressions.

Answer: CD

NEW QUESTION 7
An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

  • A. The IPsec firewall policies must be placed at the top of the list.
  • B. This VPN cannot be used as a part of a hub and spoke topology.
  • C. Routes are automatically created based on the quick mode selectors.
  • D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

Answer: D

NEW QUESTION 8
Which of the following statements describes the objectives of the gratuitous ARP packets sent by an HA cluster?

  • A. To synchronize the ARp tables in all the FortiGate Unis that are part of the HA cluster.
  • B. To notify the network switches that a new HA master unit has been elected.
  • C. To notify the master unit that the slave devices are still up and alive.
  • D. To notify the master unit about the physical MAC addresses of the slave units.

Answer: B

NEW QUESTION 9
Which of the following authentication methods can be used for SSL VPN authentication? (Choose three.)

  • A. Remote Password Authentication (RADIUS, LDAP)
  • B. Two-Factor Authentication
  • C. Local Password Authentication
  • D. FSSO
  • E. RSSO

Answer: ABC

NEW QUESTION 10
The exhibit shows a part output of the diagnostic command 'diagnose debug application ike 255', taken during establishment of a VPN. Which of the following statement are correct concerning this output? (choose two)
NSE4 dumps exhibit

  • A. The quick mode selectors negotiated between both IPsec VPN peers is 0.0.0.0/32 for both source and destination addresses.
  • B. The output corresponds to a phase 2 negotiation
  • C. NAT-T enabled and there is third device in the path performing NAT of the traffic between both IPsec VPN peers.
  • D. The IP address of the remote IPsec VPN peer is 172.20.187.114

Answer: BD

NEW QUESTION 11
Which of the following statements are true about PKI users created in a FortiGate device? (Choose two.)

  • A. Can be used for token-based authentication
  • B. Can be used for two-factor authentication
  • C. Are used for certificate-based authentication
  • D. Cannot be members of user groups

Answer: AB

NEW QUESTION 12
Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)

  • A. Fragmented packets.
  • B. Multicast packet.
  • C. SCTP packet.
  • D. GRE packet.

Answer: BC

NEW QUESTION 13
Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.)

  • A. IP Address Check
  • B. Open Relay Database List (ORDBL)
  • C. Black/White List
  • D. Return Email DNS Check
  • E. Email Checksum Check

Answer: ABCDE

NEW QUESTION 14
Where are most of the security events logged?

  • A. Security log
  • B. Forward Traffic log
  • C. Event log
  • D. Alert log
  • E. Alert Monitoring Console

Answer: C

NEW QUESTION 15
Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three)

  • A. Source IP address.
  • B. TCP flags
  • C. Source TCP/UDP ports
  • D. Type of service.
  • E. Checksum

Answer: ACD

NEW QUESTION 16
Which of the following statements are correct concerning IPsec dialup VPN configurations for FortiGate devices? (Choose two)

  • A. Main mode mist be used when there is no more than one IPsec dialup VPN configured on the same FortiGate device.
  • B. A FortiGate device with an IPsec VPN configured as dialup can initiate the tunnel connection to any remote IP address.
  • C. Peer ID must be used when there is more than one aggressive-mode IPsec dialup VPN on the same FortiGate device.
  • D. The FortiGate will automatically add a static route to the source quick mode selector address received from each remote peer.

Answer: CD

Recommend!! Get the Full NSE4 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/NSE4-exam-dumps.html (New 301 Q&As Version)