It is impossible to pass Fortinet fortinet nse4 exam dumps exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed Fortinet fortinet nse4 exam dumps practice questions. You will get a surprising result by our Improve Fortinet Network Security Expert 4 Written Exam (400) practice guides.

Q49. - (Topic 1) 

Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.) 

A. SNMP 

B. WINS 

C. HTTP 

D. Telnet 

E. SSH 

Answer: C,D,E 


Q50. - (Topic 21) 

Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.) 

A. The source quick mode selector must be an IPv4 address. 

B. The destination quick mode selector must be an IPv6 address. 

C. The Local Gateway IP must be an IPv4 address. 

D. The remote gateway IP must be an IPv6 address. 

Answer: B,C 


Q51. - (Topic 18) 

When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website? 

A. Organizational Unit. 

B. Common Name. 

C. Serial Number. 

D. Validity. 

Answer:


Q52. - (Topic 20) 

Examine the following output from the diagnose sys session list command: 

session info: proto=6 proto_state=65 duration=3 expire=9 timeout=3600 flags=00000000 sockflag=00000000 sockport=443 av_idx=9 use=5 origin-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

reply-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

state=redir local may_dirty ndr npu nlb os rs 

statistic(bytes/packets/allow_err): org=864/8/1 reply=2384/7/1 tuples=3 

orgin->sink: org pre->post, reply pre->post dev=7->6/6->7 gwy=172.17.87.3/10.1.10.1 

hook=post dir=org act=snat 192.168.1.110:57999->74.201.86.29:443(172.17.87.16:57999) 

hook=pre dir=reply act=dnat 74.201.86.29:443-

>172.17.87.16:57999(192.168.1.110:57999) 

hook=post dir=reply act=noop 74.201.86.29:443->192.168.1.110:57999(0.0.0.0:0) 

misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=0 

npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0/0 

Which statements are true regarding the session above? (Choose two.) 

A. Session Time-To-Live (TTL) was configured to 9 seconds. 

B. FortiGate is doing NAT of both the source and destination IP addresses on all packets coming from the 192.168.1.110 address. 

C. The IP address 192.168.1.110 is being translated to 172.17.87.16. 

D. The FortiGate is not translating the TCP port numbers of the packets in this session. 

Answer: C,D 


Q53. - (Topic 11) 

A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end Which of the following conditions are required for this static default route to be displayed in 

the FortiGate unit’s routing table? (Choose two.) 

A. The administrative status of the wan1 interface is displayed as down. 

B. The link status of the wan1 interface is displayed as up. 

C. All other default routes should have a lower distance. 

D. The wan1 interface address and gateway address are on the same subnet. 

Answer: B,D 


Q54. - (Topic 7) 

Which statements regarding banned words are correct? (Choose two.) 

A. Content is automatically blocked if a single instance of a banned word appears. 

B. The FortiGate updates banned words on a periodic basis. 

C. The FortiGate can scan web pages and email messages for instances of banned words. 

D. Banned words can be expressed as simple text, wildcards and regular expressions. 

Answer: C,D 


Q55. - (Topic 15) 

Review the static route configuration for IPsec shown in the exhibit; then answer the question below. 

Which statements are correct regarding this configuration? (Choose two.) 

A. Interface remote is an IPsec interface. 

B. A gateway address is not required because the interface is a point-to-point connection. 

C. A gateway address is not required because the default route is used. 

D. Interface remote is a zone. 

Answer: A,B 


Q56. - (Topic 13) 

In transparent mode, forward-domain is an CLI setting associate with ______________. 

A. a static route. 

B. a firewall policy. 

C. an interface. 

D. a virtual domain. 

Answer:


Q57. - (Topic 11) 

Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration 

provided? (Choose two.) 

A. All traffic to 172.20.1.0/24 is dropped by the FortiGate. 

B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route. 

C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route. 

D. The FortiGate unit creates a session entry in the session table when the traffic is being 

routed by the blackhole route. 

Answer: A,C 


Q58. - (Topic 19) 

Data leak prevention archiving gives the ability to store files and message data onto a 

FortiAnalyzer unit for which of the following types of network traffic? (Choose three.) 

A. POP3 

B. SNMP 

C. IPsec 

D. SMTP 

E. HTTP 

Answer: A,D,E 


Q59. - (Topic 1) 

What methods can be used to access the FortiGate CLI? (Choose two.) 

A. Using SNMP. 

B. A direct connection to the serial console port. 

C. Using the CLI console widget in the GUI. 

D. Using RCP. 

Answer: B,C 


Q60. - (Topic 2) 

What logging options are supported on a FortiGate unit? (Choose two.) 

A. LDAP 

B. Syslog 

C. FortiAnalyzer 

D. SNMP 

Answer: B,C 


Q61. - (Topic 8) 

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.) 

A. DHCP 

B. BOOTP 

C. DNS 

D. IPv6 autoconfiguration 

Answer: A,C 


Q62. - (Topic 1) 

What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.) 

A. Conditional-forward. 

B. Forward-only. 

C. Non-recursive. 

D. Iterative. 

E. Recursive. 

Answer: B,C,E 


Q63. - (Topic 7) 

Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols? 

A. Proxy-based. 

B. DNS-based. 

C. Flow-based. 

D. Man-in-the-middle. 

Answer:


Q64. - (Topic 12) 

A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs? 

A. The FortiGate must be a model 1000 or above to support multiple VDOMs. 

B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled. 

C. Changing the operational mode of a VDOM requires a reboot of the FortiGate. 

D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes. 

Answer:



To know more about the NSE4 dumps download, click here.