Highest Quality of NSE4 torrent materials and bible for Fortinet certification for IT examinee, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!
2016 Apr NSE4 Study Guide Questions:
Q35. - (Topic 4)
Which statements are true regarding local user authentication? (Choose two.)
A. Two-factor authentication can be enabled on a per user basis.
B. Local users are for administration accounts only and cannot be used to authenticate network users.
C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate.
D. Both the usernames and passwords can be stored locally on the FortiGate
Q36. - (Topic 6)
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario? (Choose three.)
A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
Q37. - (Topic 1)
Which statements are true regarding the factory default configuration? (Choose three.)
A. The default web filtering profile is applied to the first firewall policy.
B. The ‘Port1’ or ‘Internal’ interface has the IP address 192.168.1.99.
C. The implicit firewall policy action is ACCEPT.
D. The ‘Port1’ or ‘Internal’ interface has a DHCP server set up and enabled (on device models that support DHCP servers).
E. Default login uses the username: admin (all lowercase) and no password.
Q38. - (Topic 3)
In which order are firewall policies processed on a FortiGate unit?
A. From top to down, according with their sequence number.
B. From top to down, according with their policy ID number.
C. Based on best match.
D. Based on the priority value.
Q39. - (Topic 4)
Which two statements are true regarding firewall policy disclaimers? (Choose two.)
A. They cannot be used in combination with user authentication.
B. They can only be applied to wireless interfaces.
C. Users must accept the disclaimer to continue.
D. The disclaimer page is customizable.
Renovate configuring windows 8 exam ref 70-687 pdf:
Q40. - (Topic 14)
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?
A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
B. Request: internal host; slave FortiGate; Internet; web server.
C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.
Q41. - (Topic 15)
Review the IKE debug output for IPsec shown in the exhibit below.
Which statements is correct regarding this output?
A. The output is a phase 1 negotiation.
B. The output is a phase 2 negotiation.
C. The output captures the dead peer detection messages.
D. The output captures the dead gateway detection packets.
Q42. - (Topic 4)
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.
Based on the firewall configuration illustrated in the exhibit, which statement is correct?
A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.
B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.
D. DNS Internet access is always allowed, even for users that has not authenticated.
Q43. - (Topic 15)
Which statement is an advantage of using a hub and spoke IPsec VPN configuration
instead of a fully-meshed set of IPsec tunnels?
A. Using a hub and spoke topology provides full redundancy.
B. Using a hub and spoke topology requires fewer tunnels.
C. Using a hub and spoke topology uses stronger encryption protocols.
D. Using a hub and spoke topology requires more routes.
Q44. - (Topic 11)
Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 18.104.22.168 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration
provided? (Choose two.)
A. All traffic to 172.20.1.0/24 is dropped by the FortiGate.
B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route.
C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
D. The FortiGate unit creates a session entry in the session table when the traffic is being
routed by the blackhole route.
Vivid configuring windows 8 70-687 pdf:
Q45. - (Topic 19)
For data leak prevention, which statement describes the difference between the block and
A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.
B. A block action prevents the transaction. A quarantine action archives the data.
C. A block action has a finite duration. A quarantine action must be removed by an administrator.
D. A block action is used for known users. A quarantine action is used for unknown users.
Q46. - (Topic 20)
In which process states is it impossible to interrupt/kill a process? (Choose two.)
A. S – Sleep
B. R – Running
C. D – Uninterruptable Sleep
D. Z – Zombie
Q47. - (Topic 11)
Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.
Which two statements are correct regarding this output? (Choose two.)
A. There will be six routes in the routing table.
B. There will be seven routes in the routing table.
C. There will be two default routes in the routing table.
D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.
Q48. - (Topic 10)
Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with a firewall policy? (Choose two.)
A. Shared traffic shaping cannot be used.
B. Only traffic matching the application control signature is shaped.
C. Can limit the bandwidth usage of heavy traffic applications.
D. Per-IP traffic shaping cannot be used.
Q49. - (Topic 1)
What capabilities can a FortiGate provide? (Choose three.)
A. Mail relay.
B. Email filtering.
D. VPN gateway.
E. Mail server.
Q50. - (Topic 19)
Data leak prevention archiving gives the ability to store files and message data onto a
FortiAnalyzer unit for which of the following types of network traffic? (Choose three.)
Q51. - (Topic 15)
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.
Which statements is correct regarding this output? (Select one answer).
A. One tunnel is rekeying.
B. Two tunnels are rekeying.
C. Two tunnels are up.
D. One tunnel is up.
see more NSE4 - Fortinet Network Security Expert 4 Written Exam (400)
Fortinet NSE4 Certification Sample Questions and Answers: http://www.braindumpsall.net/NSE4-dumps/
P.S. New NSE4 dumps PDF: http://www.4easydumps.com/NSE4-dumps-download.html