It is impossible to pass Fortinet fortinet nse4 exam exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Fortinet nse4 dumps practice questions. You will get a surprising result by our Avant-garde Fortinet Network Security Expert 4 Written Exam (400) practice guides.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Fortinet NSE4 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/NSE4-exam-dumps.html
Q21. - (Topic 17)
Which statement describes what the CLI command diagnose debug authd fsso list is used for?
A. Monitors communications between the FSSO collector agent and FortiGate unit.
B. Displays which users are currently logged on using FSSO.
C. Displays a listing of all connected FSSO collector agents.
D. Lists all DC Agents installed on all domain controllers.
Answer: B
Q22. - (Topic 18)
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?
A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file.
C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.
D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.
Answer: C
Q23. - (Topic 14)
The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members.
What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.)
A. Port3 is configured with an IP address for management access.
B. The firewall rules are purged on the disconnected unit.
C. The HA mode changes to standalone.
D. The system hostname is set to the unit serial number.
Answer: A,C
Q24. - (Topic 7)
Which statements regarding banned words are correct? (Choose two.)
A. Content is automatically blocked if a single instance of a banned word appears.
B. The FortiGate updates banned words on a periodic basis.
C. The FortiGate can scan web pages and email messages for instances of banned words.
D. Banned words can be expressed as simple text, wildcards and regular expressions.
Answer: C,D
Q25. - (Topic 5)
Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)
A. Split tunneling is supported.
B. It requires the installation of a VPN client.
C. It requires the use of an Internet browser.
D. It does not support traffic from third-party network applications.
E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.
Answer: A,B,E
Q26. - (Topic 12)
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.
Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.)
A. The administrator can configure inter-VDOM links to avoid using external interfaces and routers.
B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links.
C. This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing.
D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.
E. As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.
Answer: A,B,E
Q27. - (Topic 1)
How is the FortiGate password recovery process?
A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry.
B. Log in through the console port using the “maintainer” account within several seconds of physically power cycling the FortiGate.
C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password.
D. Interrupt the boot sequence and restore a configuration file for which the password has
been modified.
Answer: B
Q28. - (Topic 11)
Examine the exhibit; then answer the question below.
The Vancouver FortiGate initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2 C 172.11.11.0/24 is directly connected, port1 Afterwards, the following static route was added: config router static edit 6 set dst 172.20.1.0 255.255.255.0 set pririoty 0 set device port1 set gateway 172.11.12.1 next end Since this change, the new static route is NOT showing up in the routing table. Given the
information provided, which of the following describes the cause of this problem?
A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.
B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.
C. The priority is 0, which means that the route will remain inactive.
D. The static route configuration is missing the distance setting.
Answer: B
Q29. - (Topic 14)
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?
A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
B. Request: internal host; slave FortiGate; Internet; web server.
C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.
Answer: D
Q30. - (Topic 15)
Which statement is an advantage of using a hub and spoke IPsec VPN configuration
instead of a fully-meshed set of IPsec tunnels?
A. Using a hub and spoke topology provides full redundancy.
B. Using a hub and spoke topology requires fewer tunnels.
C. Using a hub and spoke topology uses stronger encryption protocols.
D. Using a hub and spoke topology requires more routes.
Answer: B