#nse4

Welcome to download the newest Dumpsoon NSE4 exam

Dumpsoon provides guarantee of Fortinet NSE4 exam because Dumpsoon is an authenticated IT certifications site and the high class of the products are developed due to extensive hiring of the experts staff. Fortinet NSE4 study guide is updated with regular basis and the answers are rechecked of every exam.What's more,you can download the free demos in PDF file,it would be a great help for your exam.All the dumps are updated and cover every aspect of the examination.

QUESTION 1 Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.) A. SNMP B. WINS C. HTTP D. Telnet E. SSH

Correct Answer: CDE QUESTION 2 How is the FortiGate password recovery process? A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. B. Log in through the console port using the "maintainer" account within several seconds of physically power cycling the FortiGate. C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. D. Interrupt the boot sequence and restore a configuration file for which the password has been modified.

Correct Answer: B QUESTION 3 What methods can be used to access the FortiGate CLI? (Choose two.) A. Using SNMP. B. A direct connection to the serial console port. C. Using the CLI console widget in the GUI. D. Using RCP.

Correct Answer: BC QUESTION 4 What capabilities can a FortiGate provide? (Choose three.) A. Mail relay. B. Email filtering. C. Firewall. D. VPN gateway. E. Mail server.

Correct Answer: BCD QUESTION 5 What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.) A. Conditional-forward. B. Forward-only. C. Non-recursive. D. Iterative. E. Recursive. Correct Answer: BCE QUESTION 6 Which statements are true regarding the factory default configuration? (Choose three.) A. The default web filtering profile is applied to the first firewall policy. B. The `Port1' or `Internal' interface has the IP address 192.168.1.99. C. The implicit firewall policy action is ACCEPT. D. The `Port1' or `Internal' interface has a DHCP server set up and enabled (on device models that support DHCP servers). E. Default login uses the username: admin (all lowercase) and no password.

Correct Answer: BDE QUESTION 7 When creating FortiGate administrative users, which configuration objects specify the account rights? A. Remote access profiles. B. User groups. C. Administrator profiles. D. Local-in policies.

Correct Answer: C QUESTION 8 Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit? A. MIB-based report uploads. B. SNMP access limited by access lists. C. Packet encryption. D. Running SNMP service on a non-standard port is possible.

Correct Answer: C QUESTION 9 What logging options are supported on a FortiGate unit? (Choose two.) A. LDAP B. Syslog C. FortiAnalyzer D. SNMP Correct Answer: BC QUESTION 10 Regarding the header and body sections in raw log messages, which statement is correct? A. The header and body section layouts change depending on the log type. B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. C. Some log types include multiple body sections. D. Some log types do not include a body section.

Correct Answer: B QUESTION 11 What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to? B. 2 C. 3 D. 4

Correct Answer: C QUESTION 12 The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function? A. set order B. edit policy C. reorder D. move

Correct Answer: D QUESTION 13 For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate? A. The traffic is allowed and no log is generated. B. The traffic is allowed and logged. C. The traffic is blocked and no log is generated. D. The traffic is blocked and logged.

Correct Answer: C QUESTION 14 Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line? A. Sessions can be idle for no more than 1800 seconds. B. The maximum length of time a session can be open is 1800 seconds. C. After 1800 seconds, the end user must re-authenticate. D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

Correct Answer: A QUESTION 15 In which order are firewall policies processed on a FortiGate unit? A. From top to down, according with their sequence number. B. From top to down, according with their policy ID number. C. Based on best match. D. Based on the priority value.

Correct Answer: A QUESTION 16 Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) A. IP address pool. B. Virtual IP address. C. IP address. D. IP address group. E. MAC address.

Correct Answer: BCD QUESTION 17 Which header field can be used in a firewall policy for traffic matching? A. ICMP type and code. B. DSCP. C. TCP window size. D. TCP sequence number.

Correct Answer: A QUESTION 18 The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.

Based on the firewall configuration illustrated in the exhibit, which statement is correct? A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge. B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services. D. DNS Internet access is always allowed, even for users that has not authenticated.

Correct Answer: D QUESTION 19 Which two statements are true regarding firewall policy disclaimers? (Choose two.) A. They cannot be used in combination with user authentication. B. They can only be applied to wireless interfaces. C. Users must accept the disclaimer to continue. D. The disclaimer page is customizable.

Correct Answer: CD QUESTION 20 Which statements are true regarding local user authentication? (Choose two.) A. Two-factor authentication can be enabled on a per user basis. B. Local users are for administration accounts only and cannot be used to authenticate network users. C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate. D. Both the usernames and passwords can be stored locally on the FortiGate

Correct Answer: AD QUESTION 21 What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.) A. Browser pop-up window. B. FortiToken. C. Email. D. Code books. E. SMS phone message.

Correct Answer: BCE QUESTION 22 When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.) A. SMTP B. POP3 C. HTTP D. FTP

Correct Answer: CD QUESTION 23 Which statement regarding the firewall policy authentication timeout is true? A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP. B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired. C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC. D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired. Correct Answer: A QUESTION 24 Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) A. SSL VPN creates a HTTPS connection. IPsec does not. B. Both SSL VPNs and IPsec VPNs are standard protocols. C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.

Correct Answer: AD QUESTION 25 When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? A. The remote user's virtual IP address. B. The FortiGate unit's internal IP address. C. The remote user's public IP address. D. The FortiGate unit's external IP address.

Correct Answer: B QUESTION 26 A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration:

Which static route is automatically added to the client's routing table when the tunnel mode is activated? A. A route to a destination subnet matching the Internal_Servers address object. B. A route to the destination subnet configured in the tunnel mode widget. C. A default route. D. A route to the destination subnet configured in the SSL VPN global settings.

Correct Answer: A QUESTION 27 Regarding the use of web-only mode SSL VPN, which statement is correct? A. It supports SSL version 3 only. B. It requires a Fortinet-supplied plug-in on the web client. C. It requires the user to have a web browser that supports 64-bit cipher length. D. The JAVA run-time environment must be installed on the client.

Correct Answer: C QUESTION 28 Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.) A. Split tunneling is supported. B. It requires the installation of a VPN client. C. It requires the use of an Internet browser. D. It does not support traffic from third-party network applications. E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.

Correct Answer: ABE QUESTION 29 You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. Which two configuration steps are required to achieve these objectives? (Choose two.) A. Create one firewall policy. B. Create two firewall policies. C. Add a route to the remote subnet. D. Add two IPsec phases 2.

Correct Answer: BC QUESTION 30 Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?. A. Policy-based only. B. Route-based only. C. Either policy-based or route-based VPN. D. GRE-based only.

Correct Answer: B QUESTION 31 An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration? A. The IPsec firewall policies must be placed at the top of the list. B. This VPN cannot be used as part of a hub and spoke topology. C. Routes are automatically created based on the quick mode selectors. D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

Correct Answer: D QUESTION 32 An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

A. Create firewall policies to allow and control traffic between the source and destination IP addresses. B. Configure the appropriate user groups to allow users access to the tunnel. C. Set the operating mode to IPsec VPN mode. D. Define the phase 2 parameters. E. Define the Phase 1 parameters.

Correct Answer: ADE QUESTION 33 What is IPsec Perfect Forwarding Secrecy (PFS)?. A. A phase-1 setting that allows the use of symmetric encryption. B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key

Are you struggling for the Fortinet NSE4 exam? Good news, Dumpsoon IT technical experts have collected and certified some questions and answers which are updated to cover the knowledge points and enhance candidates’abilities.With Fortinet NSE4 preparation tests you can pass the exam easily and go further on Microsoft career path.

Welcome to download the newest Dumpsoon NSE4 exam

Welcome to download the newest Pass4itsure NSE4 dumps

When selecting Fortinet NSE4 practice test, you are buying Passcert high quality Fortinet NSE4 products obtainable through the web today. Pass4itSure Fortinet NSE4 practice test are recent and updated on regular basis, giving you with the highest BICSI RCDD exam standard. Start your way to Fortinet NSE4 success by purchasing Passcert high quality Fortinet NSE4 practice test.

QUESTION 1 Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.) A. SNMP B. WINS C. HTTP D. Telnet E. SSH

Correct Answer: CDE QUESTION 2 How is the FortiGate password recovery process? A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. B. Log in through the console port using the "maintainer" account within several seconds of physically power cycling the FortiGate. C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. D. Interrupt the boot sequence and restore a configuration file for which the password has been modified.

Correct Answer: B QUESTION 3 What methods can be used to access the FortiGate CLI? (Choose two.) A. Using SNMP. B. A direct connection to the serial console port. C. Using the CLI console widget in the GUI. D. Using RCP.

Correct Answer: BC QUESTION 4 What capabilities can a FortiGate provide? (Choose three.) A. Mail relay. B. Email filtering. C. Firewall. D. VPN gateway. E. Mail server.

Correct Answer: BCD QUESTION 5 What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.) A. Conditional-forward. B. Forward-only. C. Non-recursive. D. Iterative. E. Recursive. Correct Answer: BCE QUESTION 6 Which statements are true regarding the factory default configuration? (Choose three.) A. The default web filtering profile is applied to the first firewall policy. B. The `Port1' or `Internal' interface has the IP address 192.168.1.99. C. The implicit firewall policy action is ACCEPT. D. The `Port1' or `Internal' interface has a DHCP server set up and enabled (on device models that support DHCP servers). E. Default login uses the username: admin (all lowercase) and no password.

Correct Answer: BDE QUESTION 7 When creating FortiGate administrative users, which configuration objects specify the account rights? A. Remote access profiles. B. User groups. C. Administrator profiles. D. Local-in policies.

Correct Answer: C QUESTION 8 Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit? A. MIB-based report uploads. B. SNMP access limited by access lists. C. Packet encryption. D. Running SNMP service on a non-standard port is possible.

Correct Answer: C QUESTION 9 What logging options are supported on a FortiGate unit? (Choose two.) A. LDAP B. Syslog C. FortiAnalyzer D. SNMP Correct Answer: BC QUESTION 10 Regarding the header and body sections in raw log messages, which statement is correct? A. The header and body section layouts change depending on the log type. B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. C. Some log types include multiple body sections. D. Some log types do not include a body section.

Correct Answer: B QUESTION 11 What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to? B. 2 C. 3 D. 4

Correct Answer: C QUESTION 12 The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function? A. set order B. edit policy C. reorder D. move

Correct Answer: D QUESTION 13 For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate? A. The traffic is allowed and no log is generated. B. The traffic is allowed and logged. C. The traffic is blocked and no log is generated. D. The traffic is blocked and logged.

Correct Answer: C QUESTION 14 Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line? A. Sessions can be idle for no more than 1800 seconds. B. The maximum length of time a session can be open is 1800 seconds. C. After 1800 seconds, the end user must re-authenticate. D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

Correct Answer: A QUESTION 15 In which order are firewall policies processed on a FortiGate unit? A. From top to down, according with their sequence number. B. From top to down, according with their policy ID number. C. Based on best match. D. Based on the priority value.

Correct Answer: A QUESTION 16 Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) A. IP address pool. B. Virtual IP address. C. IP address. D. IP address group. E. MAC address.

Correct Answer: BCD QUESTION 17 Which header field can be used in a firewall policy for traffic matching? A. ICMP type and code. B. DSCP. C. TCP window size. D. TCP sequence number.

Correct Answer: A QUESTION 18 The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.

Based on the firewall configuration illustrated in the exhibit, which statement is correct? A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge. B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services. D. DNS Internet access is always allowed, even for users that has not authenticated.

Correct Answer: D QUESTION 19 Which two statements are true regarding firewall policy disclaimers? (Choose two.) A. They cannot be used in combination with user authentication. B. They can only be applied to wireless interfaces. C. Users must accept the disclaimer to continue. D. The disclaimer page is customizable.

Correct Answer: CD QUESTION 20 Which statements are true regarding local user authentication? (Choose two.) A. Two-factor authentication can be enabled on a per user basis. B. Local users are for administration accounts only and cannot be used to authenticate network users. C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate. D. Both the usernames and passwords can be stored locally on the FortiGate

Correct Answer: AD QUESTION 21 What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.) A. Browser pop-up window. B. FortiToken. C. Email. D. Code books. E. SMS phone message.

Correct Answer: BCE QUESTION 22 When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.) A. SMTP B. POP3 C. HTTP D. FTP

Correct Answer: CD QUESTION 23 Which statement regarding the firewall policy authentication timeout is true? A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP. B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired. C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC. D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired. Correct Answer: A QUESTION 24 Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) A. SSL VPN creates a HTTPS connection. IPsec does not. B. Both SSL VPNs and IPsec VPNs are standard protocols. C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.

Correct Answer: AD QUESTION 25 When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? A. The remote user's virtual IP address. B. The FortiGate unit's internal IP address. C. The remote user's public IP address. D. The FortiGate unit's external IP address.

Correct Answer: B QUESTION 26 A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration:

Which static route is automatically added to the client's routing table when the tunnel mode is activated? A. A route to a destination subnet matching the Internal_Servers address object. B. A route to the destination subnet configured in the tunnel mode widget. C. A default route. D. A route to the destination subnet configured in the SSL VPN global settings.

Correct Answer: A QUESTION 27 Regarding the use of web-only mode SSL VPN, which statement is correct? A. It supports SSL version 3 only. B. It requires a Fortinet-supplied plug-in on the web client. C. It requires the user to have a web browser that supports 64-bit cipher length. D. The JAVA run-time environment must be installed on the client.

Correct Answer: C QUESTION 28 Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.) A. Split tunneling is supported. B. It requires the installation of a VPN client. C. It requires the use of an Internet browser. D. It does not support traffic from third-party network applications. E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.

Correct Answer: ABE QUESTION 29 You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. Which two configuration steps are required to achieve these objectives? (Choose two.) A. Create one firewall policy. B. Create two firewall policies. C. Add a route to the remote subnet. D. Add two IPsec phases 2.

Correct Answer: BC QUESTION 30 Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?. A. Policy-based only. B. Route-based only. C. Either policy-based or route-based VPN. D. GRE-based only.

Correct Answer: B QUESTION 31 An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration? A. The IPsec firewall policies must be placed at the top of the list. B. This VPN cannot be used as part of a hub and spoke topology. C. Routes are automatically created based on the quick mode selectors. D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

Correct Answer: D QUESTION 32 An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

A. Create firewall policies to allow and control traffic between the source and destination IP addresses. B. Configure the appropriate user groups to allow users access to the tunnel. C. Set the operating mode to IPsec VPN mode. D. Define the phase 2 parameters. E. Define the Phase 1 parameters.

Correct Answer: ADE QUESTION 33 What is IPsec Perfect Forwarding Secrecy (PFS)?. A. A phase-1 setting that allows the use of symmetric encryption. B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key

Pass4itsure has updated the latest version of Fortinet NSE4 exam, which is a hot exam of Microsoft certification. Pass4itsure provides you everything that you need to pass your Fortinet NSE4 certification exam. Pass4itsure also provides you the Fortinet NSE4 exam objectives with there detailed and verified answer relevant to your certification.With our Fortinet NSE4 practice test, you can be rest assured that you will pass your Fortinet NSE4 Exam on Your First Try.

Welcome to download the newest Pass4itsure NSE4 dumps