It is impossible to pass Fortinet fortinet nse4 dumps exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Fortinet nse4 exam practice questions. You will get a surprising result by our Up to date Fortinet Network Security Expert 4 Written Exam (400) practice guides.
2017 NEW RECOMMEND
Free VCE & PDF File for Fortinet NSE4 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q1. – (Topic 5)
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
A. The remote user's virtual IP address.
B. The FortiGate unit's internal IP address.
C. The remote user's public IP address.
D. The FortiGate unit's external IP address.
Q2. – (Topic 7)
Which statements regarding banned words are correct? (Choose two.)
A. Content is automatically blocked if a single instance of a banned word appears.
B. The FortiGate updates banned words on a periodic basis.
C. The FortiGate can scan web pages and email messages for instances of banned words.
D. Banned words can be expressed as simple text, wildcards and regular expressions.
Q3. – (Topic 7)
A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received.
Which are two reasons for this problem? (Choose two.)
A. The FortiGate is connected to multiple ISPs.
B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network.
C. The FortiGate is in Transparent mode.
D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.
Q4. – (Topic 4)
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.
Based on the firewall configuration illustrated in the exhibit, which statement is correct?
A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.
B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.
D. DNS Internet access is always allowed, even for users that has not authenticated.
Q5. – (Topic 1)
Which statements are true regarding the factory default configuration? (Choose three.)
A. The default web filtering profile is applied to the first firewall policy.
B. The âPort1â or âInternalâ interface has the IP address 192.168.1.99.
C. The implicit firewall policy action is ACCEPT.
D. The âPort1â or âInternalâ interface has a DHCP server set up and enabled (on device models that support DHCP servers).
E. Default login uses the username: admin (all lowercase) and no password.
Q6. – (Topic 13)
Which statements correctly describe transparent mode operation? (Choose three.)
A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
C. The transparent FortiGate is clearly visible to network hosts in an IP trace route.
D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
E. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
Q7. – (Topic 11)
Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 220.127.116.11 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration
provided? (Choose two.)
A. All traffic to 172.20.1.0/24 is dropped by the FortiGate.
B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route.
C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
D. The FortiGate unit creates a session entry in the session table when the traffic is being
routed by the blackhole route.
Q8. – (Topic 14)
Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.)
A. The device this command is executed on is likely to switch from master to slave status if override is disabled.
B. The device this command is executed on is likely to switch from master to slave status if override is enabled.
C. This command has no impact on the HA algorithm.
D. This command resets the uptime variable used in the HA algorithm so it may cause a
new master to become elected.
Q9. – (Topic 21)
What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.)
A. Negotiate the encryption parameters to use.
B. Auto-adjust the MTU setting.
C. Autoconfigure addresses and prefixes.
D. Determine other nodes reachability.
Q10. – (Topic 19)
Data leak prevention archiving gives the ability to store files and message data onto a
FortiAnalyzer unit for which of the following types of network traffic? (Choose three.)