Super to nse4 exam

Exam Code: nse4 exam (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass nse4 dumps Exam.


Free VCE & PDF File for Fortinet NSE4 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on:

Q51. – (Topic 20) 

Examine at the output below from the diagnose sys top command: # diagnose sys top 1 Run Time: 11 days, 3 hours and 29 minutes 0U, 0N, 1S, 99I; 971T, 528F, 160KF sshd 123 S 1.9 1.2 ipsengine 61 S < 0.0 5.2 miglogd 45 S 0.0 4.9 

pyfcgid 75 S 0.0 4.5 

pyfcgid 73 S 0.0 3.9 

Which statements are true regarding the output above? (Choose two.) 

A. The sshd process is the one consuming most CPU. 

B. The sshd process is using 123 pages of memory. 

C. The command diagnose sys kill miglogd will restart the miglogd process. 

D. All the processes listed are in sleeping state. 

Answer: A,D 

Q52. – (Topic 12) 

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. 

What would be a possible cause for this problem? 

A. The administrator does not have the proper permissions to reassign the dmz interface. 

B. The dmz interface is referenced in the configuration of another VDOM. 

C. Non-management VDOMs cannot reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 


Q53. – (Topic 15) 

Which statements are correct properties of a partial mesh VPN deployment. (Choose two.) 

A. VPN tunnels interconnect between every single location. 

B. VPN tunnels are not configured between every single location. 

C. Some locations are reached via a hub location. 

D. There are no hub locations in a partial mesh. 

Answer: B,C 

Q54. – (Topic 7) 

Examine the exhibit; then answer the question below. 

Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit? 

A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network. 

B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. 

C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network. 

D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network. 


Q55. – (Topic 18) 

When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website? 

A. Organizational Unit. 

B. Common Name. 

C. Serial Number. 

D. Validity. 


Q56. – (Topic 9) 

Which of the following regular expression patterns make the terms "confidential data" case insensitive? 

A. [confidential data] 

B. /confidential data/i 

C. i/confidential data/ 

D. "confidential data" 


Q57. – (Topic 14) 

The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members. 

What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.) 

A. Port3 is configured with an IP address for management access. 

B. The firewall rules are purged on the disconnected unit. 

C. The HA mode changes to standalone. 

D. The system hostname is set to the unit serial number. 

Answer: A,C 

Q58. – (Topic 6) 

Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?. 

A. Policy-based only. 

B. Route-based only. 

C. Either policy-based or route-based VPN. 

D. GRE-based only. 


Q59. – (Topic 22) 

Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor? 

A. No protection profile can be applied over the IPsec traffic. 

B. Phase-2 anti-replay must be disabled. 

C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6. 

D. IPsec traffic must not be inspected by any FortiGate session helper. 

Answer: C

Q60. – (Topic 7) 

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.) 

A. Manual update by downloading the signatures from the support site. 

B. Pull updates from the FortiGate. 

C. Push updates from a FortiAnalyzer. 

D. execute fortiguard-AV-AS command from the CLI. 

Answer: A,B