NSE4 | Fortinet NSE4 Exam Dumps 2019

Exam Code: NSE4 (), Exam Name: Fortinet Network Security Expert 4 Written Exam (400), Certification Provider: Fortinet Certifitcation, Free Today! Guaranteed Training- Pass NSE4 Exam.

Free demo questions for Fortinet NSE4 Exam Dumps Below:

NEW QUESTION 1
What actions are possible with Application Control? (Choose three.)

  • A. Warn
  • B. Allow
  • C. Block
  • D. Traffic Shaping
  • E. Quarantine

Answer: BCD

NEW QUESTION 2
Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)

  • A. SMTP
  • B. WINS
  • C. HTTP
  • D. Telnet
  • E. SSH

Answer: CDE

NEW QUESTION 3
Which of the following regular expression patterns makes the terms “confidential data” case insensitive?

  • A. [confidential data]
  • B. /confidential data/i
  • C. i/confidential data/
  • D. “confidential data”

Answer: B

NEW QUESTION 4
An administrator has formed a high availability cluster involving two FortiGate units.
[Multiple upstream Layer 2 switches] – [FortiGate HA Cluster] – [Multiple downstream Layer 2 Switches]
The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.
Which of the following options describes the best step the administrator can take? The administrator should

  • A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode.
  • B. Enable monitoring of all active interfaces.
  • C. Set up a full-mesh design which uses redundant interfaces.
  • D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.

Answer: C

NEW QUESTION 5
Review the static route configuration for IPsec shown in the exhibit; then answer the question below.
NSE4 dumps exhibit
Which statements are correct regarding this configuration? (Choose two.)

  • A. Interface remote is an IPsec interface.
  • B. A gateway address is not required because the interface is a point-to-point connection.
  • C. A gateway address is not required because the default route is used.
  • D. Interface remote is a zone.

Answer: AB

NEW QUESTION 6
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory.
Which of the following statements are correct regarding FSSO in a Windows domain environment when DC-agent mode is used? (Choose two.)

  • A. An FSSO collector agent must be installed on every domain controller.
  • B. An FSSO domain controller agent must be installed on every domain controller.
  • C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit.
  • D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit.

Answer: BD

NEW QUESTION 7
Which of the following are possible actions for static URL filtering? (Choose three.)

  • A. Allow
  • B. Block
  • C. Exempt
  • D. Warning
  • E. Shape

Answer: ABC

NEW QUESTION 8
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below.
NSE4 dumps exhibit
Which statements are correct regarding this output (Choose two.)

  • A. The connecting client has been allocated address 172.20.1.1.
  • B. In the Phase 1 settings, dead peer detection is enabled.
  • C. The tunnel is idle.
  • D. The connecting client has been allocated address 10.200.3.1.

Answer: AB

NEW QUESTION 9
Which of the following statements are characteristics of a FSSO solution using advanced access mode? (Choose three.)

  • A. Protection profiles can be applied to both individual users and user groups
  • B. Nested or inherited groups are supported
  • C. Usernames follow the LDAP convention: CN=User, OU=Name, DC=Domain
  • D. Usernames follow the Windows convention: Domain\username
  • E. Protection profiles can be applied to user groups only.

Answer: BCE

NEW QUESTION 10
To which remote device can the FortiGate send logs? (Choose three.)

  • A. Syslog
  • B. FortiAnalyzer
  • C. Hard drive
  • D. Memory
  • E. FortiCloud

Answer: ABE

NEW QUESTION 11
Which is NOT true about source matching with firewall policies?

  • A. A source address object must be selected in the firewall policy.
  • B. A source user/group may be selected in the firewall policy.
  • C. A source device may be defined in the firewall policy.
  • D. A source interface must be selected in the firewall policy.
  • E. A source user/group and device must be specified in the firewall policy.

Answer: E

NEW QUESTION 12
An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the
network.
Which of the following FortiAnalyzers will be detected?

  • A. 192.168.11.100
  • B. 192.168.11.251
  • C. 192.168.10.100
  • D. 192.168.10.251

Answer: AB

NEW QUESTION 13
What is required in a FortiGate configuration to have more than one dialup IPsec VPN using aggressive mode?

  • A. All the aggressive mode dialup VPNs MUST accept connections from the same peer ID.
  • B. Each peer ID MUST match the FQDN of each remote peer.
  • C. Each aggressive mode dialup MUST accept connections from different peer ID.
  • D. The peer ID setting must NOT be used.

Answer: C

NEW QUESTION 14
Examine the static route configuration shown below; then answer the question following it.
config router static edit 1
set dst 172.20.1.0 255.255.255.0
set device port1
set gateway 172.11.12.1
set distance 10
set weight 5 next
edit 2
set dst 172.20.1.0 255.255.255.0
set blackhole enable set distance 5
set weight 10 next
end
Which of the following statements correctly describes the static routing configuration provided? (Choose two.)

  • A. All traffic to 172.20.1.0/24 is dropped by the FortiGate.
  • B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. if the interface port1 is down, the traffic is routed using the blackhole route.
  • C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
  • D. The FortiGate unit creates a session entry in the session table when the traffic is being routed by the blackhole route.

Answer: AC

NEW QUESTION 15
Which statement correctly describes the output of the command diagnose ips anomaly list?

  • A. Lists the configured DoS policy.
  • B. List the real-time counters for the configured DoS policy.
  • C. Lists the errors captured when compiling the DoS policy.
  • D. Lists the IPS signature matches.

Answer: B

NEW QUESTION 16
Review the IPsec phase 1 configuration in the exhibit; then answer the question below.
NSE4 dumps exhibit
Which statements are correct regarding this configuration? (Choose two.)

  • A. The remote gateway address is 10.200.3.1
  • B. The local IPsec interface address is 10.200.3.1
  • C. The local gateway IP is the address assigned to port1
  • D. The local gateway IP is 10.200.3.1

Answer: AC

Thanks for reading the newest NSE4 exam dumps! We recommend you to try the PREMIUM 2passeasy NSE4 dumps in VCE and PDF here: https://www.2passeasy.com/dumps/NSE4/ (301 Q&As Dumps)