Aug 2017 updated: nse4 exam

It is impossible to pass Fortinet fortinet nse4 dumps exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Fortinet nse4 exam practice questions. You will get a surprising result by our Up to date Fortinet Network Security Expert 4 Written Exam (400) practice guides.

2017 NEW RECOMMEND

Free VCE & PDF File for Fortinet NSE4 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on:
http://www.certleader.com/NSE4-dumps.html

Q1. – (Topic 5) 

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? 

A. The remote user's virtual IP address. 

B. The FortiGate unit's internal IP address. 

C. The remote user's public IP address. 

D. The FortiGate unit's external IP address. 

Answer:

Q2. – (Topic 7) 

Which statements regarding banned words are correct? (Choose two.) 

A. Content is automatically blocked if a single instance of a banned word appears. 

B. The FortiGate updates banned words on a periodic basis. 

C. The FortiGate can scan web pages and email messages for instances of banned words. 

D. Banned words can be expressed as simple text, wildcards and regular expressions. 

Answer: C,D 

Q3. – (Topic 7) 

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. 

Which are two reasons for this problem? (Choose two.) 

A. The FortiGate is connected to multiple ISPs. 

B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network. 

C. The FortiGate is in Transparent mode. 

D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server. 

Answer: B,D 

Q4. – (Topic 4) 

The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below. 

Based on the firewall configuration illustrated in the exhibit, which statement is correct? 

A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge. 

B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. 

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services. 

D. DNS Internet access is always allowed, even for users that has not authenticated. 

Answer:

Q5. – (Topic 1) 

Which statements are true regarding the factory default configuration? (Choose three.) 

A. The default web filtering profile is applied to the first firewall policy. 

B. The ‘Port1’ or ‘Internal’ interface has the IP address 192.168.1.99. 

C. The implicit firewall policy action is ACCEPT. 

D. The ‘Port1’ or ‘Internal’ interface has a DHCP server set up and enabled (on device models that support DHCP servers). 

E. Default login uses the username: admin (all lowercase) and no password. 

Answer: B,D,E 

Q6. – (Topic 13) 

Which statements correctly describe transparent mode operation? (Choose three.) 

A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2. 

B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses. 

C. The transparent FortiGate is clearly visible to network hosts in an IP trace route. 

D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network. 

E. All interfaces of the transparent mode FortiGate device must be on different IP subnets. 

Answer: A,B,D 

Q7. – (Topic 11) 

Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration 

provided? (Choose two.) 

A. All traffic to 172.20.1.0/24 is dropped by the FortiGate. 

B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route. 

C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route. 

D. The FortiGate unit creates a session entry in the session table when the traffic is being 

routed by the blackhole route. 

Answer: A,C 

Q8. – (Topic 14) 

Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.) 

A. The device this command is executed on is likely to switch from master to slave status if override is disabled. 

B. The device this command is executed on is likely to switch from master to slave status if override is enabled. 

C. This command has no impact on the HA algorithm. 

D. This command resets the uptime variable used in the HA algorithm so it may cause a 

new master to become elected. 

Answer: A,D 

Q9. – (Topic 21) 

What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.) 

A. Negotiate the encryption parameters to use. 

B. Auto-adjust the MTU setting. 

C. Autoconfigure addresses and prefixes. 

D. Determine other nodes reachability. 

Answer: C,D 

Q10. – (Topic 19) 

Data leak prevention archiving gives the ability to store files and message data onto a 

FortiAnalyzer unit for which of the following types of network traffic? (Choose three.) 

A. POP3 

B. SNMP 

C. IPsec 

D. SMTP 

E. HTTP 

Answer: A,D,E 

Certleader Dumps
Certleader is a company specialized on providing high quality IT exam materials and fully committed to assist our respected clients crack any IT certification tests on their 1st efforts.