Tips to Pass NSE4 Exam (46 to 60)

NSE4 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

Product Description:
Exam Number/Code: NSE4
Exam name: Fortinet Network Security Expert 4 Written Exam (400)
n questions with full explanations
Certification: Fortinet Certification
Last updated on Global synchronizing

Free Certification Real IT NSE4 Exam pdf Collection

Printable of NSE4 question materials and testing engine for Fortinet certification for IT specialist, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!

2016 Apr NSE4 Study Guide Questions:

Q46. - (Topic 17) 

Which statement is one disadvantage of using FSSO NetAPI polling mode over FSSO Security Event Log (WinSecLog) polling mode? 

A. It requires a DC agent installed in some of the Windows DC. 

B. It runs slower. 

C. It might miss some logon events. 

D. It requires access to a DNS server for workstation name resolution. 

Answer: C 

Q47. - (Topic 13) 

Examine the following spanning tree configuration on a FortiGate in transparent mode: 

config system interface 

edit <interface name> 

set stp-forward enable 


Which statement is correct for the above configuration? 

A. The FortiGate participates in spanning tree. 

B. The FortiGate device forwards received spanning tree messages. 

C. Ethernet layer-2 loops are likely to occur. 

D. The FortiGate generates spanning tree BPDU frames. 

Answer: B 

Q48. - (Topic 4) 

The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below. 

Based on the firewall configuration illustrated in the exhibit, which statement is correct? 

A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge. 

B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. 

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services. 

D. DNS Internet access is always allowed, even for users that has not authenticated. 

Answer: D 

Q49. - (Topic 1) 

What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.) 

A. Conditional-forward. 

B. Forward-only. 

C. Non-recursive. 

D. Iterative. 

E. Recursive. 

Answer: B,C,E 

Q50. - (Topic 12) 

A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs? 

A. The FortiGate must be a model 1000 or above to support multiple VDOMs. 

B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled. 

C. Changing the operational mode of a VDOM requires a reboot of the FortiGate. 

D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes. 

Answer: D 


Up to the immediate present NSE4 actual test:

Q51. - (Topic 3) 

In which order are firewall policies processed on a FortiGate unit? 

A. From top to down, according with their sequence number. 

B. From top to down, according with their policy ID number. 

C. Based on best match. 

D. Based on the priority value. 

Answer: A 

Q52. - (Topic 3) 

Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) 

A. IP address pool. 

B. Virtual IP address. 

C. IP address. 

D. IP address group. 

E. MAC address. 

Answer: B,C,D 

Q53. - (Topic 12) 

A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface. 

Which one of the following statements is correct regarding the VLAN IDs in this scenario? 

A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets. 

B. The two VLAN sub-interfaces must have different VLAN IDs. 

C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs. 

D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches. 

Answer: B 

Q54. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. 

Which statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying. 

B. Two tunnels are rekeying. 

C. Two tunnels are up. 

D. One tunnel is up. 

Answer: C 

Q55. - (Topic 22) 

Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor? 

A. No protection profile can be applied over the IPsec traffic. 

B. Phase-2 anti-replay must be disabled. 

C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6. 

D. IPsec traffic must not be inspected by any FortiGate session helper. 

Answer: C

NSE4 pdf

Free NSE4 pdf:

Q56. - (Topic 14) 

An administrator has formed a high availability cluster involving two FortiGate units. 

[ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] 

The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. 

Which of the following options describes the best step the administrator can take? 

The administrator should _____________________. 

A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode. 

B. Enable monitoring of all active interfaces. 

C. Set up a full-mesh design which uses redundant interfaces. 

D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted. 

Answer: C 

Q57. - (Topic 1) 

Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.) 




D. Telnet 


Answer: C,D,E 

Q58. - (Topic 14) 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. 

Exhibit A: 

Exhibit B 

Which one of the following is the most likely reason that the cluster fails to form? 

A. Password 

B. HA mode 

C. Hearbeat 

D. Override 

Answer: B 

Q59. - (Topic 6) 

What is IPsec Perfect Forwarding Secrecy (PFS)?. 

A. A phase-1 setting that allows the use of symmetric encryption. 

B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires. 

C. A ‘key-agreement’ protocol. 

D. A ‘security-association-agreement’ protocol. 

Answer: B 

Q60. - (Topic 6) 

An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. 

Which three configuration steps must be performed on both units to support this scenario? (Choose three.) 

A. Create firewall policies to allow and control traffic between the source and destination IP addresses. 

B. Configure the appropriate user groups to allow users access to the tunnel. 

C. Set the operating mode to IPsec VPN mode. 

D. Define the phase 2 parameters. 

E. Define the Phase 1 parameters. 

Answer: A,D,E 

see more