★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/NSE4-dumps.html


Act now and download your Fortinet NSE4 test today! Do not waste time for the worthless Fortinet NSE4 tutorials. Download Refresh Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet NSE4 with a classic professional.

2021 Sep NSE4 exam fees

Q21. - (Topic 12) 

Which statements are correct regarding virtual domains (VDOMs)? (Choose two.) 

A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs. 

B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. 

C. VDOMs share firmware versions, as well as antivirus and IPS databases. 

D. Different time zones can be configured in each VDOM. 

Answer: B,C 


Q22. - (Topic 16) 

Examine the following log message for IPS: 

2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50" 

Which statement is correct about the above log? (Choose two.) 

A. The target is 192.168.3.168. 

B. The target is 192.168.3.170. 

C. The attack was NOT blocked. 

D. The attack was blocked. 

Answer: B,C 


Q23. - (Topic 11) 

Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it. 


Which two statements are correct regarding this output? (Choose two.) 

A. There will be six routes in the routing table. 

B. There will be seven routes in the routing table. 

C. There will be two default routes in the routing table. 

D. There will be two routes for the 10.0.2.0/24 subnet in the routing table. 

Answer: A,C 


Q24. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below. 


Which statements are correct regarding this output? (Choose two.) 

A. The connecting client has been allocated address 172.20.1.1. 

B. In the Phase 1 settings, dead peer detection is enabled. 

C. The tunnel is idle. 

D. The connecting client has been allocated address 10.200.3.1. 

Answer: A,B 


Q25. - (Topic 18) 

When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website? 

A. Organizational Unit. 

B. Common Name. 

C. Serial Number. 

D. Validity. 

Answer: B 


NSE4 download

Regenerate NSE4 exam:

Q26. - (Topic 16) 

Which statement correctly describes the output of the command diagnose ips anomaly list? 

A. Lists the configured DoS policy. 

B. List the real-time counters for the configured DoS policy. 

C. Lists the errors captured when compiling the DoS policy. 

D. Lists the IPS signature matches. 

Answer: B 


Q27. - (Topic 22) 

Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor? 

A. No protection profile can be applied over the IPsec traffic. 

B. Phase-2 anti-replay must be disabled. 

C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6. 

D. IPsec traffic must not be inspected by any FortiGate session helper. 

Answer: C


Q28. - (Topic 14) 

In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below. 


Which statements are correct regarding this setting? (Choose two.) 

A. Interface settings on port7 will not be synchronized with other cluster members. 

B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface. 

C. When connecting to port7 you always connect to the master device. 

D. A gateway address may be configured for port7. 

Answer: A,D 


Q29. - (Topic 8) 

Examine the following FortiGate web proxy configuration; then answer the question below: config web-proxy explicit set pac-file-server-status enable set pac-file-server-port 8080 set pac-file-name wpad.dat end Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet 

browser use to download the PAC file? 

A. https://10.10.1.1:8080 

B. https://10.10.1.1:8080/wpad.dat 

C. http://10.10.1.1:8080/ 

D. http://10.10.1.1:8080/wpad.dat 

Answer: D 


Q30. - (Topic 13) 

Examine the following spanning tree configuration on a FortiGate in transparent mode: 

config system interface 

edit <interface name> 

set stp-forward enable 

end 

Which statement is correct for the above configuration? 

A. The FortiGate participates in spanning tree. 

B. The FortiGate device forwards received spanning tree messages. 

C. Ethernet layer-2 loops are likely to occur. 

D. The FortiGate generates spanning tree BPDU frames. 

Answer: B