Q21. - (Topic 15) 

Review the configuration for FortiClient IPsec shown in the exhibit. 

Which statement is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the student_internal address object. 

B. The connecting VPN client will install a default route. 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. 

D. The connecting VPN client will connect in web portal mode and no route will be installed. 

Answer:


Q22. - (Topic 8) 

What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution? 

A. Users are required to manually enter their credentials each time they connect to a different web site. 

B. Proxy users are authenticated via FSSO. 

C. There are multiple users sharing the same IP address. 

D. Proxy users are authenticated via RADIUS. 

Answer:


Q23. - (Topic 4) 

Which statements are true regarding local user authentication? (Choose two.) 

A. Two-factor authentication can be enabled on a per user basis. 

B. Local users are for administration accounts only and cannot be used to authenticate network users. 

C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate. 

D. Both the usernames and passwords can be stored locally on the FortiGate 

Answer: A,D 


Q24. - (Topic 11) 

When does a FortiGate load-share traffic between two static routes to the same destination subnet? 

A. When they have the same cost and distance. 

B. When they have the same distance and the same weight. 

C. When they have the same distance and different priority. 

D. When they have the same distance and same priority. 

Answer:


Q25. - (Topic 11) 

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2 

next 

end 

Which of the following statements correctly describes the static routing configuration provided above? 

A. The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes. 

B. The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic. 

C. The FortiGate sends all the traffic to 172.20.168.0/24 through port1. 

D. Only the route that is using port1 will show up in the routing table. 

Answer:


Q26. - (Topic 5) 

A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration: 

Which static route is automatically added to the client’s routing table when the tunnel mode is activated? 

A. A route to a destination subnet matching the Internal_Servers address object. 

B. A route to the destination subnet configured in the tunnel mode widget. 

C. A default route. 

D. A route to the destination subnet configured in the SSL VPN global settings. 

Answer:


Q27. - (Topic 19) 

Data leak prevention archiving gives the ability to store files and message data onto a 

FortiAnalyzer unit for which of the following types of network traffic? (Choose three.) 

A. POP3 

B. SNMP 

C. IPsec 

D. SMTP 

E. HTTP 

Answer: A,D,E 


Q28. - (Topic 6) 

An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration? 

A. The IPsec firewall policies must be placed at the top of the list. 

B. This VPN cannot be used as part of a hub and spoke topology. 

C. Routes are automatically created based on the quick mode selectors. 

D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed. 

Answer:


Q29. - (Topic 16) 

Review the IPS sensor filter configuration shown in the exhibit 

Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.) 

A. It does not log attacks targeting Linux servers. 

B. It matches all traffic to Linux servers. 

C. Its action will block traffic matching these signatures. 

D. It only takes effect when the sensor is applied to a policy. 

Answer: C,D 


Q30. - (Topic 18) 

Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.) 

A. The web client SSL handshake. 

B. The web server SSL handshake. 

C. File buffering. 

D. Communication with the URL filter process. 

Answer: A,B 



To know more about the NSE4 dumps download, click here.