Act now and download your Fortinet NSE4 test today! Do not waste time for the worthless Fortinet NSE4 tutorials. Download Replace Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet NSE4 with a classic professional.
2021 Sep NSE4 exam cost
Q21. - (Topic 2)
Regarding the header and body sections in raw log messages, which statement is correct?
A. The header and body section layouts change depending on the log type.
B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type.
C. Some log types include multiple body sections.
D. Some log types do not include a body section.
Answer: B
Q22. - (Topic 6)
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
A. Policy-based only.
B. Route-based only.
C. Either policy-based or route-based VPN.
D. GRE-based only.
Answer: B
Q23. - (Topic 3)
Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line?
A. Sessions can be idle for no more than 1800 seconds.
B. The maximum length of time a session can be open is 1800 seconds.
C. After 1800 seconds, the end user must re-authenticate.
D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.
Answer: A
Q24. - (Topic 7)
A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received.
Which are two reasons for this problem? (Choose two.)
A. The FortiGate is connected to multiple ISPs.
B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network.
C. The FortiGate is in Transparent mode.
D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.
Answer: B,D
Q25. - (Topic 7)
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet customer support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.
Answer: C
Renewal NSE4 exam price:
Q26. - (Topic 5)
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
A. The remote user's virtual IP address.
B. The FortiGate unit's internal IP address.
C. The remote user's public IP address.
D. The FortiGate unit's external IP address.
Answer: B
Q27. - (Topic 3)
Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)
A. IP address pool.
B. Virtual IP address.
C. IP address.
D. IP address group.
E. MAC address.
Answer: B,C,D
Q28. - (Topic 6)
What is IPsec Perfect Forwarding Secrecy (PFS)?.
A. A phase-1 setting that allows the use of symmetric encryption.
B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.
C. A ‘key-agreement’ protocol.
D. A ‘security-association-agreement’ protocol.
Answer: B
Q29. - (Topic 1)
Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)
A. SNMP
B. WINS
C. HTTP
D. Telnet
E. SSH
Answer: C,D,E
Q30. - (Topic 1)
What capabilities can a FortiGate provide? (Choose three.)
A. Mail relay.
B. Email filtering.
C. Firewall.
D. VPN gateway.
E. Mail server.
Answer: B,C,D