Top Quality NSE4 Free Practice Questions 2021

We provide in two formats. Download PDF & Practice Tests. Pass Fortinet NSE4 Exam quickly & easily. The NSE4 PDF type is available for reading and printing. You can print more and practice many times. With the help of our product and material, you can easily pass the NSE4 exam.

Fortinet NSE4 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
Which of the following statements are correct concerning layer 2 broadcast domains in transparent mode VDOMs?(Choose two)

  • A. The whole VDOM is a single broadcast domain even when multiple VLAN are used.
  • B. Each VLAN is a separate broadcast domain.
  • C. Interfaces configured with the same VLAN ID can belong to different broadcast domains.
  • D. All the interfaces in the same broadcast domain must use the same VLAN ID.

Answer: BC

NEW QUESTION 2
Which of the following statements must be true for a digital certificate to be valid? (Choose two.)

  • A. It must be signed by a “trusted” CA
  • B. It must be listed as valid in a Certificate Revocation List (CRL)
  • C. The CA field must be “TRUE”
  • D. It must be still within its validity period

Answer: AD

NEW QUESTION 3
Which best describes the mechanism of a TCP SYN flood?

  • A. The attackers keeps open many connections with slow data transmission so that other clients cannot start new connections.
  • B. The attackers sends a packets designed to sync with the FortiGate
  • C. The attacker sends a specially crafted malformed packet, intended to crash the target by exploiting its parser.
  • D. The attacker starts many connections, but never acknowledges to fully form them.

Answer: D

NEW QUESTION 4
Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)

  • A. SSL VPN creates a HTTPS connectio
  • B. IPsec does not.
  • C. Both SSL VPNs and IPsec VPNs are standard protocols.
  • D. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.
  • E. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.

Answer: AD

NEW QUESTION 5
Which statements are correct regarding virtual domains (VDOMs)? (Choose two)

  • A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs.
  • B. A management VDOM handles SNMP, logging, alert email and FDN-based updates.
  • C. VDOMs share firmware versions, as well as antivirus and IPS databases.
  • D. Different time zones can be configured in each VDOM.

Answer: BC

NEW QUESTION 6
Which of the following actions that can be taken by the Data Leak Prevention scanning? (Choose three.)

  • A. Block
  • B. Reject
  • C. Tag
  • D. Log only
  • E. Quarantine IP address

Answer: ADE

NEW QUESTION 7
Review the IPS sensor filter configuration shown in the exhibit.
NSE4 dumps exhibit
Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.)

  • A. It does not log attacks targeting Linux servers.
  • B. It matches all traffic to Linux servers.
  • C. Its action will block traffic matching these signatures.
  • D. It only takes affect when the sensor is applied to a policy.

Answer: CD

NEW QUESTION 8
How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?

  • A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy.
  • B. Enable the shape option in a firewall policy with service set to BitTorrent.
  • C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled.
  • D. Apply a traffic shaper to a protocol options profile.

Answer: A

NEW QUESTION 9
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?

  • A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
  • B. Bob will use his public key to encrypt the file and Alice will use Bob’s private key to decrypt the file.
  • C. Bob will use Alice’s public key to encrypt the file and Alice will use her private key to decrypt the file.
  • D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.

Answer: C

NEW QUESTION 10
Regarding the use of web-only mode SSL VPN, which statement is correct?

  • A. It support SSL version 3 only.
  • B. It requires a Fortinet-supplied plug-in on the web client.
  • C. It requires the user to have a web browser that suppports 64-bit cipher length.
  • D. The JAVA run-time environment must be installed on the client.

Answer: C

NEW QUESTION 11
Review the exhibit of an explicit proxy policy configuration.
NSE4 dumps exhibit
If there is a proxy connection attempt coming from the IP address 10.0.1.5, and from a user that has not authenticated yet, what action does the FortiGate proxy take?

  • A. User is prompted to authenticat
  • B. Traffic from the user Student will be allowed by the policy #1. Traffic from any other user will be allowed by the policy #2.
  • C. User is not prompted to authenticat
  • D. The connection is allowed by the proxy policy #2.
  • E. User is not prompted to authenticat
  • F. The connection will be allowed by the proxy policy #1.
  • G. User is prompted to authenticat
  • H. Only traffic from the user Student will be allowe
  • I. Traffic from any other user will be blocked.

Answer: D

NEW QUESTION 12
Which of the following statements describe some of the differences between symmetric and asymmetric cryptography? (Choose two.)

  • A. In symmetric cryptography, the keys are publicly availabl
  • B. In asymmetric cryptography, the keys must be kept secret.
  • C. Asymmetric cryptography can encrypt data faster than symmetric cryptography
  • D. Symmetric cryptography uses one pre-shared ke
  • E. Asymmetric cryptography uses a pair or keys
  • F. Asymmetric keys can be sent to the remote peer via digital certificate
  • G. Symmetric keys cannot

Answer: CD

NEW QUESTION 13
Which web filtering inspection mode inspects DNS traffic?

  • A. DNS-based.
  • B. FQDN-based.
  • C. Flow-based.
  • D. URL-based.

Answer: A

NEW QUESTION 14
Files that are larger than the oversized limit are subjected to which Antivirus check?

  • A. Grayware
  • B. Virus
  • C. Sandbox
  • D. Heuristic

Answer: C

NEW QUESTION 15
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.
NSE4 dumps exhibit
Based on the firewall configuration illustrated in the exhibit, which statement is correct?

  • A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.
  • B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
  • C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.
  • D. DNS Internet access is always allowed, even for users that have not authenticated.

Answer: D

NEW QUESTION 16
Examine the output below from the diagnose sys top command:
NSE4 dumps exhibit
Which statements are true regarding the output above (Choose two.)

  • A. The sshd process is the one consuming most CPU.
  • B. The sshd process is using 123 pages of memory.
  • C. The command diagnose sys kill miglogd will restart the miglogd process.
  • D. All the processes listed are in sleeping state.

Answer: AD

P.S. Easily pass NSE4 Exam with 301 Q&As 2passeasy Dumps & pdf Version, Welcome to Download the Newest 2passeasy NSE4 Dumps: https://www.2passeasy.com/dumps/NSE4/ (301 New Questions)