It is more faster and easier to pass the Fortinet nse4 fortinet exam by using Best Quality Fortinet Fortinet Network Security Expert 4 Written Exam (400) questuins and answers. Immediate access to the Improved nse4 exam dump Exam and find the same core area nse4 fortinet questions with professionally verified answers, then PASS your exam with a high score now.
2017 NEW RECOMMEND
Free VCE & PDF File for Fortinet NSE4 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q11. – (Topic 22)
Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic. What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)
A. They are accelerated by hardware in the master unit.
B. They are not accelerated by hardware in the master unit.
C. They are accelerated by hardware in the slave unit.
D. They are not accelerated by hardware in the slave unit.
Q12. – (Topic 16)
Which statement correctly describes the output of the command diagnose ips anomaly list?
A. Lists the configured DoS policy.
B. List the real-time counters for the configured DoS policy.
C. Lists the errors captured when compiling the DoS policy.
D. Lists the IPS signature matches.
Q13. – (Topic 8)
Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)
A. Only one proxy is supported.
B. Can be manually imported to the browser.
C. The browser can automatically download it from a web server.
D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.
Q14. – (Topic 11)
Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.
Which two statements are correct regarding this output? (Choose two.)
A. There will be six routes in the routing table.
B. There will be seven routes in the routing table.
C. There will be two default routes in the routing table.
D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.
Q15. – (Topic 3)
The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?
A. set order
B. edit policy
Q16. – (Topic 1)
Which statements are true regarding the factory default configuration? (Choose three.)
A. The default web filtering profile is applied to the first firewall policy.
B. The âPort1â or âInternalâ interface has the IP address 192.168.1.99.
C. The implicit firewall policy action is ACCEPT.
D. The âPort1â or âInternalâ interface has a DHCP server set up and enabled (on device models that support DHCP servers).
E. Default login uses the username: admin (all lowercase) and no password.
Q17. – (Topic 19)
For data leak prevention, which statement describes the difference between the block and
A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.
B. A block action prevents the transaction. A quarantine action archives the data.
C. A block action has a finite duration. A quarantine action must be removed by an administrator.
D. A block action is used for known users. A quarantine action is used for unknown users.
Q18. – (Topic 17)
Which statement describes what the CLI command diagnose debug authd fsso list is used for?
A. Monitors communications between the FSSO collector agent and FortiGate unit.
B. Displays which users are currently logged on using FSSO.
C. Displays a listing of all connected FSSO collector agents.
D. Lists all DC Agents installed on all domain controllers.
Q19. – (Topic 4)
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.
Based on the firewall configuration illustrated in the exhibit, which statement is correct?
A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.
B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.
D. DNS Internet access is always allowed, even for users that has not authenticated.
Q20. – (Topic 21)
What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.)
A. Negotiate the encryption parameters to use.
B. Auto-adjust the MTU setting.
C. Autoconfigure addresses and prefixes.
D. Determine other nodes reachability.