♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Fortinet NSE4 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/NSE4-exam-dumps.html

Q11. - (Topic 15) 

Review the IKE debug output for IPsec shown in the exhibit below. 

Which statements is correct regarding this output? 

A. The output is a phase 1 negotiation. 

B. The output is a phase 2 negotiation. 

C. The output captures the dead peer detection messages. 

D. The output captures the dead gateway detection packets. 

Answer:


Q12. - (Topic 12) 

A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. 

Which of the following settings will this administrator be able to configure? (Choose two.) 

A. Firewall addresses. 

B. DHCP servers. 

C. FortiGuard Distribution Network configuration. 

D. System hostname. 

Answer: A,B 


Q13. - (Topic 11) 

Examine the exhibit below; then answer the question following it. 

In this scenario, the FortiGate unit in Ottawa has the following routing table: 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2 

C 172.20.167.0/24 is directly connected, port1 

C 172.20.170.0/24 is directly connected, port2 

Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets? 

A. The forward policy check. 

B. The reverse path forwarding check. 

C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate’s routing table. 

D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table. 

Answer:


Q14. - (Topic 10) 

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent? 

A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. 

B. Enable the shape option in a firewall policy with service set to BitTorrent. 

C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled. 

D. Apply a traffic shaper to a protocol options profile. 

Answer:


Q15. - (Topic 15) 

Which statement is an advantage of using a hub and spoke IPsec VPN configuration 

instead of a fully-meshed set of IPsec tunnels? 

A. Using a hub and spoke topology provides full redundancy. 

B. Using a hub and spoke topology requires fewer tunnels. 

C. Using a hub and spoke topology uses stronger encryption protocols. 

D. Using a hub and spoke topology requires more routes. 

Answer:


Q16. - (Topic 3) 

The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function? 

A. set order 

B. edit policy 

C. reorder 

D. move 

Answer:


Q17. - (Topic 11) 

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2 

next 

end 

Which of the following statements correctly describes the static routing configuration provided above? 

A. The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes. 

B. The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic. 

C. The FortiGate sends all the traffic to 172.20.168.0/24 through port1. 

D. Only the route that is using port1 will show up in the routing table. 

Answer:


Q18. - (Topic 14) 

Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled? 

A. 1. port monitor, 2. unit priority, 3. up time, 4. serial number. 

B. 1. port monitor, 2. up time, 3. unit priority, 4. serial number. 

C. 1. unit priority, 2. up time, 3. port monitor, 4. serial number. 

D. 1. up time, 2. unit priority, 3. port monitor, 4. serial number. 

Answer:


Q19. - (Topic 14) 

In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit? 

A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

B. Request: internal host; slave FortiGate; Internet; web server. 

C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server. 

Answer:


Q20. - (Topic 17) 

With FSSO, a domain user could authenticate either against the domain controller running the collector agent and domain controller agent, or a domain controller running only the domain controller agent. 

If you attempt to authenticate with a domain controller running only the domain controller agent, which statements are correct? (Choose two.) 

A. The login event is sent to the collector agent. 

B. The FortiGate receives the user information directly from the receiving domain controller agent of the secondary domain controller. 

C. The domain collector agent may perform a DNS lookup for the authenticated client's IP address. 

D. The user cannot be authenticated with the FortiGate in this manner because each domain controller agent requires a dedicated collector agent. 

Answer: A,C