Certification Provider: Fortinet
Exam: NSE 4
Exam Code: NSE4 v7.0
Total Question : 131
Question per Quiz: 60
Updated On: 21 March 2023
Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.
1.
An administrator must disable RPF check to investigate an issue. Which method is best suited to disable RPF without affecting features like antivirus and intrusion prevention system?
2.
Which three methods are used by the collector agent for AD polling? (Choose three.)
3.
Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)
4.
Which two statements are true about the RPF check? (Choose two.)
5.
What are the two results of this configuration? (Choose two.)
An administrator has configured the following settings: config system setting
set ses-denied-traffic enable end config system global set block -session-timer 30 end
6.
Refer to the exhibit. Why did FortiGate drop the packet?
7.
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
8.
Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)
9.
Examine the two static routes shown in the exhibit, then answer the following question. Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?
10.
Which statements are true regarding firewall policy NAT using the outgoing interface IP address with fixed port disabled? (Choose two.)
11.
Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)
12.
Refer to the exhibit, which contains a session diagnostic output. Which statement is true about the session diagnostic output?
13.
In an explicit proxy setup, where is the authentication method and database configured?
14.
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24. Which subnet must the administrator configure for the local quick mode selector for site B?
15.
If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source field of a firewall policy?
16.
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)
17.
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
18.
By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers. Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering? (Choose two.)
19.
What devices form the core of the security fabric?
20.
Refer to the FortiGuard connection debug output. Based on the output shown in the exhibit, which two statements are correct? (Choose two.)
21.
Which two types of traffic are managed only by the management VDOM? (Choose two.)
22.
Which three statements are true regarding session-based authentication? (Choose three.)
23.
Which three statements about a flow-based antivirus profile are correct? (Choose three.)
24.
In which two ways can RPF checking be disabled? (Choose two.)
25.
Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)
26.
Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command. Which statement is correct if option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?
27.
Which two statements are correct about SLA targets? (Choose two.)
28.
What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?
29.
How does FortiGate act when using SSL VPN in web mode?
30.
Refer to the exhibit. The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster. Which two statements are true? (Choose two.)
31.
Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two.)
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. ✑ All traffic must be routed through the primary tunnel when both tunnels are up. ✑ The secondary tunnel must be used only if the primary tunnel goes down. ✑ In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.
32.
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
33.
Refer to the exhibit. Given the interfaces shown in the exhibit, which two statements are true? (Choose two.)
34.
Refer to the exhibit. How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose two.)
The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address. An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.
35.
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating override for the home page? (Choose two.)
36.
Which CLI command allows administrators to troubleshoot Layer 2 issues, such as an IP address conflict?
37.
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up?
38.
Which two statements are correct about a software switch on FortiGate? (Choose two.)
39.
Which of statement is true about SSL VPN web mode?
40.
Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal?
41.
IPS Engine is used by which three security features? (Choose three.)
42.
Refer to the exhibit to view the firewall policy. Which statement is correct if well-known viruses are not being blocked?
43.
Refer to the exhibit. The global settings on a FortiGate device must be changed to align with company security policies. What does the Administrator account need to access the FortiGate global settings?
44.
An administrator needs to configure VPN user access for multiple sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must an administrator do to achieve this objective?
45.
An administrator has configured a strict RPF check on FortiGate. Which statement is true about the strict RPF check?
46.
A team manager has decided that, while some members of the team need access to a particular website, the majority of the team does not. Which configuration option is the most effective way to support this request?
47.
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
48.
Refer to the exhibit, which contains a session list output. Based on the information shown in the exhibit, which statement is true?
49.
Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)
50.
Refer to the exhibit. Which IP address will be used to source NAT the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?
The exhibit contains a network diagram, central SNAT policy, and IP pool configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24. A firewall policy is configured to allow to destinations from LAN (port3) to WAN (port1). Central NAT is enabled, so NAT settings from matching Central SNAT policies will be applied.
51.
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
52.
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL Inspection? (Choose two.)
53.
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
54.
Which two statements are true about collector agent advanced mode? (Choose two.)
55.
When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices?
56.
Refer to the exhibit. What should the administrator do next to troubleshoot the problem?
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
57.
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
58.
Which feature in the Security Fabric takes one or more actions based on event triggers?
59.
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. What type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
60.
An administrator has configured outgoing interface any in a firewall policy. Which statement is true about the policy list view?
2 Comments
after submit ,need to show the correct answers
I took NSE4 few days before and Passed. Many question from this Quiz are in Exam. Recommend to take this practice test along with Guide. Quite helpful.
Thank You Practonet 🙂