NSE4 Questions And Answers
$58
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Updated: 2018-12-14
Q & A: 110
- Reviews
-
Tad AltemusDec 02,2018Awesome test reference. I passed NSE4_FGT-5.6 today. I would highly recommend this test dump.
-
Stephen MorsellNov 15,2018This NSE4_FGT-5.6 exam helped me identify both my strong and weak points.I am facing no more difficulties during my exam preparation just after I joined the valid NSE4_FGT-5.6 exam materials.
-
Randall NorlingSep 28,2018Great question! I achieved high score with the help of NSE4-5.4 question, I will continue use this question and introduce it to others.
NSE4 Frequently Asked Questions
Q1: Can I use NSE4 exam Q&As in my phone?
Yes, PassQuestion provides Network Security Expert Program NSE4 pdf Q&As which you can download to study on your computer or mobile device, we also provide NSE4 pdf free demo which from the full version to check its quality before purchasing.
Q2: What are the formats of your Fortinet NSE4 exam questions?
PassQuestion provides Fortinet NSE4 exam questions with pdf format and software format, pdf file will be sent in attachment and software file in a download link, you need to download the link in a week, it will be automatically invalid after a week.
Q3: How can I download my NSE4 test questions after purchasing?
We will send Network Security Expert Program NSE4 test questions to your email once we receive your order, pls make sure your email address valid or leave an alternate email.
Q4: How long can I get my Network Security Expert Program NSE4 questions and answers after purchasing?
We will send Network Security Expert Program NSE4 questions and answers to your email in 10 minutes in our working time and no less than 12 hours in our off time.
Working Time:
GMT+8: Monday- Saturday 8:00 AM-18:00 PM
GMT: Monday- Saturday 0:00 AM-10:00 AM
Q5: Can I pass my test with your Network Security Expert Program NSE4 practice questions only?
Sure! All of PassQuestion Network Security Expert Program NSE4 practice questions come from real test. If you can practice well and get a good score in our practice Q&As, we ensure you can pass your Fortinet Network Security Expert 4 Written Exam (400) exam easily.
Q6: How can I know my NSE4 updated?
You can check the number of questions, if it is changed,that means we have updated this exam ,you can contact us anytime to ask for an free update. our sales email : [email protected]
Q7: What is your refund process if I fail Fortinet NSE4 test?
If you fail your NSE4 test by studying our study material, just scan your score report and send to us in attchment,when we check, we will give you full refund.
Q8. What other payment menthod can I use except Paypal?
If your country don't support Paypal, we offer another Payment method Western Union,it is also safe and fast. Pls contact us for the details, we will send it to your email.
Question No : 1
Which statements are correct based on this output? (Choose two.)
A. The global configuration is synchronized between the primary and secondary FortiGate.
B. The all VDOM is not synchronized between the primary and secondary FortiGate.
C. The root VDOM is not synchronized between the primary and secondary FortiGate.
D. The FortiGates have three VDOMs.
Answer: A,B
Question No : 2
An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?
A. Disabling split tunneling
B. Configuring web bookmarks
C. Assigning public IP addresses to SSL VPN clients
D. Using web-only mode
A. Disabling split tunneling
B. Configuring web bookmarks
C. Assigning public IP addresses to SSL VPN clients
D. Using web-only mode
Answer: A
Question No : 3
Under what circumstance would you enable LEARN as the Action on a firewall policy?
A. You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.
B. You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.
C. You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.
D. You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.
Answer: B
Question No : 4
Which statement is correct based on this configuration?
A. The MAC address 00:0c:29:29:38:da belongs to the port1 interface.
B. Access to the network is blocked for the devices with the MAC address 00:0c:29:29:38:da and the IP address 10.0.1.254.
C. 00:0c:29:29:38:da is the virtual MAC address assigned to the secondary IP address (10.0.1.254) of the port1 interface.
D. The IP address 10.0.1.254 is reserves for the device with the MAC address 00:0c:29:29:38:da.
Answer: D
Question No : 5
Which header field can be used in a firewall policy for traffic matching?
A. ICMP type and code.
B. DSCP.
C. TCP window size.
D. TCP sequence number.
A. ICMP type and code.
B. DSCP.
C. TCP window size.
D. TCP sequence number.
Answer: A
Question No : 6
What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.)
A. Conditional-forward.
B. Forward-only.
C. Non-recursive.
D. Iterative.
E. Recursive.
A. Conditional-forward.
B. Forward-only.
C. Non-recursive.
D. Iterative.
E. Recursive.
Answer: B,C,E
Question No : 7
Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)
A. The antivirus engine starts scanning a file after the last packet arrives.
B. It does not support FortiSandbox inspection.
C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.
D. It uses the compact antivirus database.
A. The antivirus engine starts scanning a file after the last packet arrives.
B. It does not support FortiSandbox inspection.
C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.
D. It uses the compact antivirus database.
Answer: A,C
Question No : 8
What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
A. Code blocks
B. SMS phone message
C. FortiToken
D. Browser pop-up window
E. Email
A. Code blocks
B. SMS phone message
C. FortiToken
D. Browser pop-up window
E. Email
Answer: B,C,E
Question No : 9
Under what circumstance would you enable LEARN as the Action on a firewall policy?
A. You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.
B. You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.
C. You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.
D. You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.
A. You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.
B. You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.
C. You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.
D. You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.
Answer: B
Question No : 10
What step is required to configure an SSL VPN to access to an internal server using port forward mode?
A. Configure the virtual IP addresses to be assigned to the SSL VPN users.
B. Install FortiClient SSL VPN client
C. Create a SSL VPN realm reserved for clients using port forward mode.
D. Configure the client application to forward IP traffic to a Java applet proxy.
A. Configure the virtual IP addresses to be assigned to the SSL VPN users.
B. Install FortiClient SSL VPN client
C. Create a SSL VPN realm reserved for clients using port forward mode.
D. Configure the client application to forward IP traffic to a Java applet proxy.
Answer: D
Question No : 11
The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?
A. set order
B. edit policy
C. reorder
D. move
A. set order
B. edit policy
C. reorder
D. move
Answer: D
Question No : 12
You are tasked to architect a new IPsec deployment with the following criteria:
- There are two HQ sites that all satellite offices must connect to.
- The satellite offices do not need to communicate directly with other satellite offices.
- No dynamic routing will be used.
- The design should minimize the number of tunnels being configured.
Which topology should be used to satisfy all of the requirements?
A. Redundant
B. Hub-and-spoke
C. Partial mesh
D. Fully meshed
- There are two HQ sites that all satellite offices must connect to.
- The satellite offices do not need to communicate directly with other satellite offices.
- No dynamic routing will be used.
- The design should minimize the number of tunnels being configured.
Which topology should be used to satisfy all of the requirements?
A. Redundant
B. Hub-and-spoke
C. Partial mesh
D. Fully meshed
Answer: B
Question No : 13
Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.)
A. SP3
B. CP8
C. NP4
D. NP6
A. SP3
B. CP8
C. NP4
D. NP6
Answer: A,B
Question No : 14
Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)
A. The remote gateway IP must be an IPv6 address.
B. The source quick mode selector must be an IPv4 address.
C. The local gateway IP must an IPv4 address.
D. The destination quick mode selector must be an IPv6 address.
A. The remote gateway IP must be an IPv6 address.
B. The source quick mode selector must be an IPv4 address.
C. The local gateway IP must an IPv4 address.
D. The destination quick mode selector must be an IPv6 address.
Answer: B,D
Question No : 15
Which statement about data leak prevention (DLP) on a FortiGate is true?
A. Traffic shaping can be applied to DLP sensors.
B. It can be applied to a firewall policy in a flow-based VDOM.
C. Files can be sent to FortiSandbox for detecting DLP threats.
D. It can archive files and messages.
A. Traffic shaping can be applied to DLP sensors.
B. It can be applied to a firewall policy in a flow-based VDOM.
C. Files can be sent to FortiSandbox for detecting DLP threats.
D. It can archive files and messages.
Answer: D
Stephen Morsell
This NSE4_FGT-5.6 exam helped me identify both my strong and weak points.I am facing no more difficulties during my exam preparation just after I joined the valid NSE4_FGT-5.6 exam materials.
Randall Norling
Great question! I achieved high score with the help of NSE4-5.4 question, I will continue use this question and introduce it to others.
Moreci
NSE4-5.4 exam is very hot and I should pass it this month. Anyway I passed NSE4-5.4 exam test today. Due to your site valid NSE4-5.4 questions material. Thanks for your site service.
Tad Altemus