Want to know Exambible NSE4 Exam practice test features? Want to lear more about Fortinet Fortinet Network Security Expert 4 Written Exam (400) certification experience? Study Verified Fortinet NSE4 answers to Update NSE4 questions at Exambible. Gat a success with an absolute guarantee to pass Fortinet NSE4 (Fortinet Network Security Expert 4 Written Exam (400)) test on your first attempt.

2016 Sep NSE4 simulations

Q51. - (Topic 12) 

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. 


Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.) 

A. The administrator can configure inter-VDOM links to avoid using external interfaces and routers. 

B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. 

C. This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing. 

D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached. 

E. As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs. 

Answer: A,B,E 


Q52. - (Topic 13) 

Which statements are correct for port pairing and forwarding domains? (Choose two.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domain only applies to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

Answer: A,D 


Q53. - (Topic 14) 

The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members. 


What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.) 

A. Port3 is configured with an IP address for management access. 

B. The firewall rules are purged on the disconnected unit. 

C. The HA mode changes to standalone. 

D. The system hostname is set to the unit serial number. 

Answer: A,C 


Q54. - (Topic 21) 

Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.) 

A. The source quick mode selector must be an IPv4 address. 

B. The destination quick mode selector must be an IPv6 address. 

C. The Local Gateway IP must be an IPv4 address. 

D. The remote gateway IP must be an IPv6 address. 

Answer: B,C 


Q55. - (Topic 12) 

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. 

What would be a possible cause for this problem? 

A. The administrator does not have the proper permissions to reassign the dmz interface. 

B. The dmz interface is referenced in the configuration of another VDOM. 

C. Non-management VDOMs cannot reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

Answer: B 


certifyforall.com

Renovate NSE4 braindumps:

Q56. - (Topic 14) 

In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit? 

A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

B. Request: internal host; slave FortiGate; Internet; web server. 

C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server. 

Answer: D 


Q57. - (Topic 15) 

Review the configuration for FortiClient IPsec shown in the exhibit. 


Which statement is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the student_internal address object. 

B. The connecting VPN client will install a default route. 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. 

D. The connecting VPN client will connect in web portal mode and no route will be installed. 

Answer: A 


Q58. - (Topic 6) 

An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. 

Which three configuration steps must be performed on both units to support this scenario? (Choose three.) 

A. Create firewall policies to allow and control traffic between the source and destination IP addresses. 

B. Configure the appropriate user groups to allow users access to the tunnel. 

C. Set the operating mode to IPsec VPN mode. 

D. Define the phase 2 parameters. 

E. Define the Phase 1 parameters. 

Answer: A,D,E 


Q59. - (Topic 9) 

Which statements are correct regarding URL filtering on a FortiGate unit? (Choose two.) 

A. The allowed actions for URL filtering include allow, block, monitor and exempt. 

B. The allowed actions for URL filtering are Allow and Block only. 

C. URL filters may be based on patterns using simple text, wildcards and regular expressions. 

D. URL filters are based on simple text only and require an exact match. 

Answer: A,C 


Q60. - (Topic 1) 

How is the FortiGate password recovery process? 

A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. 

B. Log in through the console port using the “maintainer” account within several seconds of physically power cycling the FortiGate. 

C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. 

D. Interrupt the boot sequence and restore a configuration file for which the password has 

been modified. 

Answer: B