★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/NSE4-dumps.html


Beginners or veterans inside IT area can discover all kinds of Fortinet Fortinet certification training materials from Ucertify. Whats more, the particular answers to all of the Fortinet NSE4 questions are verified by our specialists who are dedicated to making the details understandable. Practising our Fortinet NSE4 exam dumps, you happen to be bound to get from the NSE4 exam. Be one of those who pass the particular Fortinet exam is a precisely how proud thing to suit your needs. The Fortinet certification is going to be a great aid in hunting jobs.

2021 Sep NSE4 dumps

Q31. - (Topic 10) 

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent? 

A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. 

B. Enable the shape option in a firewall policy with service set to BitTorrent. 

C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled. 

D. Apply a traffic shaper to a protocol options profile. 

Answer: A 


Q32. - (Topic 20) 

In which process states is it impossible to interrupt/kill a process? (Choose two.) 

A. S – Sleep 

B. R – Running 

C. D – Uninterruptable Sleep 

D. Z – Zombie 

Answer: C,D 


Q33. - (Topic 12) 

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. 

What would be a possible cause for this problem? 

A. The administrator does not have the proper permissions to reassign the dmz interface. 

B. The dmz interface is referenced in the configuration of another VDOM. 

C. Non-management VDOMs cannot reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

Answer: B 


Q34. - (Topic 22) 

Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.) 

A. Both proxy-based and flow-based inspection are supported. 

B. A replacement message cannot be presented to users when a virus has been detected. 

C. It saves CPU resources. 

D. The ingress and egress interfaces can be in different SPs. 

Answer: B,C 


Q35. - (Topic 5) 

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) 

A. SSL VPN creates a HTTPS connection. IPsec does not. 

B. Both SSL VPNs and IPsec VPNs are standard protocols. 

C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. 

D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. 

Answer: A,D 


NSE4 download

Down to date NSE4 free practice exam:

Q36. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. 


Which statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying. 

B. Two tunnels are rekeying. 

C. Two tunnels are up. 

D. One tunnel is up. 

Answer: C 


Q37. - (Topic 5) 

Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.) 

A. Split tunneling is supported. 

B. It requires the installation of a VPN client. 

C. It requires the use of an Internet browser. 

D. It does not support traffic from third-party network applications. 

E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit. 

Answer: A,B,E 


Q38. - (Topic 2) 

Regarding the header and body sections in raw log messages, which statement is correct? 

A. The header and body section layouts change depending on the log type. 

B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. 

C. Some log types include multiple body sections. 

D. Some log types do not include a body section. 

Answer: B 


Q39. - (Topic 11) 

Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration 

provided? (Choose two.) 

A. All traffic to 172.20.1.0/24 is dropped by the FortiGate. 

B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route. 

C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route. 

D. The FortiGate unit creates a session entry in the session table when the traffic is being 

routed by the blackhole route. 

Answer: A,C 


Q40. - (Topic 16) 

Review the IPS sensor filter configuration shown in the exhibit 


Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.) 

A. It does not log attacks targeting Linux servers. 

B. It matches all traffic to Linux servers. 

C. Its action will block traffic matching these signatures. 

D. It only takes effect when the sensor is applied to a policy. 

Answer: C,D