Certification Provider: Fortinet
Exam: NSE 4
Exam Code: NSE4 v7.0
Total Question : 131
Question per Quiz: 60
Updated On: 21 March 2023
Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.
1.
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
2.
How do you format the FortiGate flash disk?
3.
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
4.
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)
5.
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
6.
Which statement about the policy ID number of a firewall policy is true?
7.
Refer to the exhibit. What should the administrator do next to troubleshoot the problem?
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
8.
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. Which subnet must the administrator configure for the local quick mode selector for site B?
9.
An administrator has configured two-factor authentication to strengthen SSL VPN access. Which additional best practice can an administrator implement?
10.
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
11.
What are the two results of this configuration? (Choose two.)
An administrator has configured the following settings: config system setting
set ses-denied-traffic enable end config system global set block -session-timer 30 end
12.
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
13.
Which three security features require the intrusion prevention system (IPS) engine to function? (Choose three.)
14.
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
15.
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
16.
Which two statements about antivirus scanning mode are true? (Choose two.)
17.
An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?
18.
What is the primary FortiGate election process when the HA override setting is disabled?
19.
Which two statements are true about collector agent advanced mode? (Choose two.)
20.
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
21.
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
22.
Refer to the exhibits to view the firewall policy and the antivirus profile. Which statement is correct if a user is unable to receive a block replacement message when downloading an infected file for the first time?
23.
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not. Which configuration option is the most effective way to support this request?
24.
Refer to the exhibit. Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?
The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24. The first firewall policy has NAT enabled using IP Pool. The second firewall policy is configured with a VIP as the destination address.
25.
Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)
26.
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)
27.
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
28.
Refer to the exhibit, which contains a session list output. Based on the information shown in the exhibit, which statement is true?
29.
Which two statements are correct about a software switch on FortiGate? (Choose two.)
30.
Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
31.
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface. In this scenario, which statement about VLAN IDs is true?
32.
Based on the raw logs shown in the exhibit, which statement is correct?
33.
Which two statements are correct about NGFW Policy-based mode? (Choose two.)
34.
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?
35.
Which three statements are true regarding session-based authentication? (Choose three.)
36.
An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?
37.
Refer to the exhibit. Why did FortiGate drop the packet?
38.
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
39.
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
40.
Refer to the exhibit to view the authentication rule configuration. In this scenario, which statement is true?
41.
Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)
42.
Which of the following SD-WAN load -balancing method use interface weight value to distribute traffic? (Choose two.)
43.
Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)
44.
What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)
Consider the topology: Application on a Windows machine FGT--> Telnet to Linux server. An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout. The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.
45.
Which two statements are correct about SLA targets? (Choose two.)
46.
Which two statements are true about the Security Fabric rating?
47.
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)
48.
Refer to the exhibit. An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)
49.
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)
50.
Refer to the exhibit. How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose two.)
The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address. An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
51.
Refer to the exhibit. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to SSL VPN?
52.
What devices form the core of the security fabric?
53.
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
54.
An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?
55.
Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
56.
In which two ways can RPF checking be disabled? (Choose two.)
57.
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
58.
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?
59.
Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?
60.
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
2 Comments
after submit ,need to show the correct answers
I took NSE4 few days before and Passed. Many question from this Quiz are in Exam. Recommend to take this practice test along with Guide. Quite helpful.
Thank You Practonet 🙂