Exam Code: NSE4 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4 Exam.
2021 May NSE4 Study Guide Questions:
Q16. - (Topic 8)
Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)
A. Only one proxy is supported.
B. Can be manually imported to the browser.
C. The browser can automatically download it from a web server.
D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.
Answer: C,D
Q17. - (Topic 14)
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?
A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
B. Request: internal host; slave FortiGate; Internet; web server.
C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.
Answer: D
Q18. - (Topic 15)
Which IPsec mode includes the peer id information in the first packet?
A. Main mode.
B. Quick mode.
C. Aggressive mode.
D. IKEv2 mode.
Answer: C
Q19. - (Topic 4)
When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)
A. SMTP
B. POP3
C. HTTP
D. FTP
Answer: C,D
Q20. - (Topic 11)
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?
A. A lookup is done only when the first packet coming from the client (SYN) arrives.
B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.
C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).
D. A lookup is always done each time a packet arrives, from either the server or the client side.
Answer: B
Renewal NSE4 answers:
Q21. - (Topic 7)
Examine the exhibit; then answer the question below.
Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?
A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network.
B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network.
D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network.
Answer: D
Q22. - (Topic 12)
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.
Which of the following settings will this administrator be able to configure? (Choose two.)
A. Firewall addresses.
B. DHCP servers.
C. FortiGuard Distribution Network configuration.
D. System hostname.
Answer: A,B
Q23. - (Topic 9)
Which of the following regular expression patterns make the terms "confidential data" case insensitive?
A. [confidential data]
B. /confidential data/i
C. i/confidential data/
D. "confidential data"
Answer: B
Q24. - (Topic 1)
What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.)
A. Conditional-forward.
B. Forward-only.
C. Non-recursive.
D. Iterative.
E. Recursive.
Answer: B,C,E
Q25. - (Topic 3)
In which order are firewall policies processed on a FortiGate unit?
A. From top to down, according with their sequence number.
B. From top to down, according with their policy ID number.
C. Based on best match.
D. Based on the priority value.
Answer: A
Simulation NSE4 pdf:
Q26. - (Topic 13)
In transparent mode, forward-domain is an CLI setting associate with ______________.
A. a static route.
B. a firewall policy.
C. an interface.
D. a virtual domain.
Answer: C
Q27. - (Topic 13)
Examine the following spanning tree configuration on a FortiGate in transparent mode:
config system interface
edit <interface name>
set stp-forward enable
end
Which statement is correct for the above configuration?
A. The FortiGate participates in spanning tree.
B. The FortiGate device forwards received spanning tree messages.
C. Ethernet layer-2 loops are likely to occur.
D. The FortiGate generates spanning tree BPDU frames.
Answer: B
Q28. - (Topic 6)
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario? (Choose three.)
A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
Answer: A,D,E
Q29. - (Topic 7)
Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols?
A. Proxy-based.
B. DNS-based.
C. Flow-based.
D. Man-in-the-middle.
Answer: C
Q30. - (Topic 22)
Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)
A. Fragmented packet.
B. Multicast packet.
C. SCTP packet.
D. GRE packet.
Answer: B,C