Top 17 testing software NSE4 for IT professionals (69 to 85)

Exam Code: NSE4 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4 Exam.

2016 Mar NSE4 Study Guide Questions:

Q69. - (Topic 22) 

Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor? 

A. No protection profile can be applied over the IPsec traffic. 

B. Phase-2 anti-replay must be disabled. 

C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6. 

D. IPsec traffic must not be inspected by any FortiGate session helper. 

Answer: C

Q70. - (Topic 7) 

Which statement is correct regarding virus scanning on a FortiGate unit? 

A. Virus scanning is enabled by default. 

B. Fortinet customer support enables virus scanning remotely for you. 

C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy. 

D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate. 

Answer: C 

Q71. - (Topic 13) 

In transparent mode, forward-domain is an CLI setting associate with ______________. 

A. a static route. 

B. a firewall policy. 

C. an interface. 

D. a virtual domain. 

Answer: C 

Q72. - (Topic 21) 

Which statements are true regarding IPv6 anycast addresses? (Choose two.) 

A. Multiple interfaces can share the same anycast address. 

B. They are allocated from the multicast address space. 

C. Different nodes cannot share the same anycast address. 

D. An anycast packet is routed to the nearest interface. 

Answer: A,D 

Q73. - (Topic 14) 

Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled? 

A. 1. port monitor, 2. unit priority, 3. up time, 4. serial number. 

B. 1. port monitor, 2. up time, 3. unit priority, 4. serial number. 

C. 1. unit priority, 2. up time, 3. port monitor, 4. serial number. 

D. 1. up time, 2. unit priority, 3. port monitor, 4. serial number. 

Answer: B 

NSE4 free exam

Most recent NSE4 practice test:

Q74. - (Topic 8) 

Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.) 

A. Only one proxy is supported. 

B. Can be manually imported to the browser. 

C. The browser can automatically download it from a web server. 

D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy. 

Answer: C,D 

Q75. - (Topic 3) 

The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function? 

A. set order 

B. edit policy 

C. reorder 

D. move 

Answer: D 

Q76. - (Topic 13) 

Which statements are correct for port pairing and forwarding domains? (Choose two.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domain only applies to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

Answer: A,D 

Q77. - (Topic 18) 

Bob wants to send Alice a file that is encrypted using public key cryptography. 

Which of the following statements is correct regarding the use of public key cryptography in this scenario? 

A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file. 

B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file. 

C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file. 

D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file. 

Answer: C 

Q78. - (Topic 6) 

What is IPsec Perfect Forwarding Secrecy (PFS)?. 

A. A phase-1 setting that allows the use of symmetric encryption. 

B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires. 

C. A ‘key-agreement’ protocol. 

D. A ‘security-association-agreement’ protocol. 

Answer: B 

NSE4 practice exam

Downloadable NSE4 simulations:

Q79. - (Topic 4) 

What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.) 

A. Browser pop-up window. 

B. FortiToken. 

C. Email. 

D. Code books. 

E. SMS phone message. 

Answer: B,C,E 

Q80. - (Topic 3) 

Which header field can be used in a firewall policy for traffic matching? 

A. ICMP type and code. 


C. TCP window size. 

D. TCP sequence number. 

Answer: A 

Q81. - (Topic 7) 

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.) 

A. Manual update by downloading the signatures from the support site. 

B. Pull updates from the FortiGate. 

C. Push updates from a FortiAnalyzer. 

D. execute fortiguard-AV-AS command from the CLI. 

Answer: A,B 

Q82. - (Topic 2) 

Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit? 

A. MIB-based report uploads. 

B. SNMP access limited by access lists. 

C. Packet encryption. 

D. Running SNMP service on a non-standard port is possible. 

Answer: C 

Q83. - (Topic 2) 

What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to? 

A. 1 

B. 2 

C. 3 

D. 4 

Answer: C 

Q84. - (Topic 5) 

Regarding the use of web-only mode SSL VPN, which statement is correct? 

A. It supports SSL version 3 only. 

B. It requires a Fortinet-supplied plug-in on the web client. 

C. It requires the user to have a web browser that supports 64-bit cipher length. 

D. The JAVA run-time environment must be installed on the client. 

Answer: C 

Q85. - (Topic 17) 

Which are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment? [Choose two.] 

A. DNS server must properly resolve all workstation names. 

B. The remote registry service must be running in all workstations. 

C. The collector agent must be installed in one of the Windows domain controllers. 

D. A same user cannot be logged in into two different workstations at the same time. 

Answer: A,B 

Fortinet NSE4 Certification Sample Questions and Answers:

P.S. New NSE4 dumps PDF: