Certification Provider: Fortinet
Exam: NSE 4
Exam Code: NSE4 v7.0
Total Question : 131
Question per Quiz: 60
Updated On: 21 March 2023
Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.
1.
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?
2.
Which two protocols are used to enable administrator access of a FortiGate device? (Choose two.)
3.
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not. Which configuration option is the most effective way to support this request?
4.
Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route?
5.
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
6.
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
7.
An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)
8.
Refer to the exhibit to view the authentication rule configuration. In this scenario, which statement is true?
9.
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. What order must FortiGate use when the web filter profile has features enabled, such as safe search?
10.
Refer to the exhibit. Given the security fabric topology shown in the exhibit, which two statements are true? (Choose two.)
11.
Which two types of traffic are managed only by the management VDOM? (Choose two.)
12.
Based on the raw logs shown in the exhibit, which statement is correct?
13.
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)
14.
Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)
15.
Which two statements are correct about SLA targets? (Choose two.)
16.
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
17.
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
18.
Refer to the exhibit. The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode. The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the Internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem. Which two statements are true? (Choose two.)
19.
Refer to the exhibit to view the application control profile. Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is true?
20.
Which two statements are true about the Security Fabric rating?
21.
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
22.
What is the primary FortiGate election process when the HA override setting is disabled?
23.
An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?
24.
Which two statements about antivirus scanning mode are true? (Choose two.)
25.
Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.)
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. ✑ All traffic must be routed through the primary tunnel when both tunnels are up. ✑ The secondary tunnel must be used only if the primary tunnel goes down. ✑ In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.
26.
Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?
27.
Refer to the exhibit. Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)
The exhibit contains a network diagram, firewall policies, and a firewall address object configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.
28.
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
29.
Which statement regarding the firewall policy authentication timeout is true?
30.
Refer to the exhibit. Given the interfaces shown in the exhibit, which two statements are true? (Choose two.)
31.
Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
32.
In an explicit proxy setup, where is the authentication method and database configured?
33.
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded. What is the reason for the failed virus detection by FortiGate?
34.
Which of the following are purposes of NAT traversal in IPsec? (Choose two.)
35.
Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
36.
Which two statements are true about collector agent advanced mode? (Choose two.)
37.
Refer to the exhibit. Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10?
The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24. The first firewall policy has NAT enabled using IP Pool. The second firewall policy is configured with a VIP as the destination address.
38.
Which three methods are used by the collector agent for AD polling? (Choose three.)
39.
Which two statements are true about the FGCP protocol? (Choose two.)
40.
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
41.
If the Services field is configured in a Virtual IP (VIP), which statement is true when central NAT is used?
42.
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
43.
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
44.
Refer to the exhibit. An administrator is running a sniffer command as shown in the exhibit. Which three pieces of information are included in the sniffer output? (Choose three.)
45.
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.)
46.
Which two statements are true about collector agent standard access mode? (Choose two.)
47.
Which two statements are correct about a software switch on FortiGate? (Choose two.)
48.
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?
49.
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
50.
Refer to the exhibit. Based on the raw log, which two statements are correct? (Choose two.)
51.
Which two statements are true about the RPF check? (Choose two.)
52.
Refer to the exhibit. The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
53.
Which of the following are valid actions for FortiGuard category based filter in a web filter profile UI proxy-based inspection mode? (Choose two.)
54.
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
55.
Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?
56.
Which feature in the Security Fabric takes one or more actions based on event triggers?
57.
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
58.
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)
59.
An organization's employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?
60.
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
2 Comments
after submit ,need to show the correct answers
I took NSE4 few days before and Passed. Many question from this Quiz are in Exam. Recommend to take this practice test along with Guide. Quite helpful.
Thank You Practonet