Top 15 training materials NSE4 for IT engineers (61 to 75)

NSE4 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Product Description:
Exam Number/Code: NSE4
Exam name: Fortinet Network Security Expert 4 Written Exam (400)
n questions with full explanations
Certification: Fortinet Certification
Last updated on Global synchronizing

Free Certification Real IT NSE4 Exam pdf Collection

Actual of NSE4 practice test materials and questions for Fortinet certification for client, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!

2016 Apr NSE4 Study Guide Questions:

Q61. - (Topic 5) 

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? 

A. The remote user's virtual IP address. 

B. The FortiGate unit's internal IP address. 

C. The remote user's public IP address. 

D. The FortiGate unit's external IP address. 

Answer: B 

Q62. - (Topic 1) 

How is the FortiGate password recovery process? 

A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. 

B. Log in through the console port using the “maintainer” account within several seconds of physically power cycling the FortiGate. 

C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. 

D. Interrupt the boot sequence and restore a configuration file for which the password has 

been modified. 

Answer: B 

Q63. - (Topic 7) 

Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols? 

A. Proxy-based. 

B. DNS-based. 

C. Flow-based. 

D. Man-in-the-middle. 

Answer: C 

Q64. - (Topic 1) 

What capabilities can a FortiGate provide? (Choose three.) 

A. Mail relay. 

B. Email filtering. 

C. Firewall. 

D. VPN gateway. 

E. Mail server. 

Answer: B,C,D 

Q65. - (Topic 11) 

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway? 

A. A lookup is done only when the first packet coming from the client (SYN) arrives. 

B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives. 

C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK). 

D. A lookup is always done each time a packet arrives, from either the server or the client side. 

Answer: B 


Leading NSE4 practice test:

Q66. - (Topic 12) 

Which statements are correct regarding virtual domains (VDOMs)? (Choose two.) 

A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs. 

B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. 

C. VDOMs share firmware versions, as well as antivirus and IPS databases. 

D. Different time zones can be configured in each VDOM. 

Answer: B,C 

Q67. - (Topic 19) 

Data leak prevention archiving gives the ability to store files and message data onto a 

FortiAnalyzer unit for which of the following types of network traffic? (Choose three.) 

A. POP3 


C. IPsec 



Answer: A,D,E 

Q68. - (Topic 16) 

Examine the following log message for IPS: 

2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="" dst="" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="" msg="anomaly: icmp_flood, 51 > threshold 50" 

Which statement is correct about the above log? (Choose two.) 

A. The target is 

B. The target is 

C. The attack was NOT blocked. 

D. The attack was blocked. 

Answer: B,C 

Q69. - (Topic 6) 

You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. 

Which two configuration steps are required to achieve these objectives? (Choose two.) 

A. Create one firewall policy. 

B. Create two firewall policies. 

C. Add a route to the remote subnet. 

D. Add two IPsec phases 2. 

Answer: B,C 

Q70. - (Topic 7) 

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.) 

A. Manual update by downloading the signatures from the support site. 

B. Pull updates from the FortiGate. 

C. Push updates from a FortiAnalyzer. 

D. execute fortiguard-AV-AS command from the CLI. 

Answer: A,B 

NSE4 pdf

100% Guarantee NSE4 discount pack:

Q71. - (Topic 9) 

Which two web filtering inspection modes inspect the full URL? (Choose two.) 

A. DNS-based. 

B. Proxy-based. 

C. Flow-based. 

D. URL-based. 

Answer: B,C 

Q72. - (Topic 4) 

When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.) 


B. POP3 



Answer: C,D 

Q73. - (Topic 15) 

Which statements are correct properties of a partial mesh VPN deployment. (Choose two.) 

A. VPN tunnels interconnect between every single location. 

B. VPN tunnels are not configured between every single location. 

C. Some locations are reached via a hub location. 

D. There are no hub locations in a partial mesh. 

Answer: B,C 

Q74. - (Topic 7) 

Examine the exhibit; then answer the question below. 

Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit? 

A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network. 

B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. 

C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network. 

D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network. 

Answer: D 

Q75. - (Topic 11) 

Examine the two static routes to the same destination subnet as shown below; then answer the question following it. config router static edit 1 set dst set distance 20 set priority 10 set device port1 next edit 2 set dst set distance 20 set priority 20 set device port2 



Which of the following statements correctly describes the static routing configuration provided above? 

A. The FortiGate evenly shares the traffic to through both routes. 

B. The FortiGate shares the traffic to through both routes, but the port2 route will carry approximately twice as much of the traffic. 

C. The FortiGate sends all the traffic to through port1. 

D. Only the route that is using port1 will show up in the routing table. 

Answer: C 

see more