Top 15 pack NSE4 for IT specialist (61 to 75)

Verified of NSE4 training materials and study guides for Fortinet certification for IT examinee, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!

2016 Apr NSE4 Study Guide Questions:

Q61. - (Topic 9) 

Which web filtering inspection mode inspects DNS traffic? 

A. DNS-based. 

B. FQDN-based. 

C. Flow-based. 

D. URL-based. 

Answer: A 


Q62. - (Topic 4) 

When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.) 

A. SMTP 

B. POP3 

C. HTTP 

D. FTP 

Answer: C,D 


Q63. - (Topic 14) 

In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below. 


Which statements are correct regarding this setting? (Choose two.) 

A. Interface settings on port7 will not be synchronized with other cluster members. 

B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface. 

C. When connecting to port7 you always connect to the master device. 

D. A gateway address may be configured for port7. 

Answer: A,D 


Q64. - (Topic 21) 

What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.) 

A. Negotiate the encryption parameters to use. 

B. Auto-adjust the MTU setting. 

C. Autoconfigure addresses and prefixes. 

D. Determine other nodes reachability. 

Answer: C,D 


Q65. - (Topic 3) 

For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate? 

A. The traffic is allowed and no log is generated. 

B. The traffic is allowed and logged. 

C. The traffic is blocked and no log is generated. 

D. The traffic is blocked and logged. 

Answer: C 


NSE4  training

Renovate NSE4 pdf exam:

Q66. - (Topic 11) 

Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration 

provided? (Choose two.) 

A. All traffic to 172.20.1.0/24 is dropped by the FortiGate. 

B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route. 

C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route. 

D. The FortiGate unit creates a session entry in the session table when the traffic is being 

routed by the blackhole route. 

Answer: A,C 


Q67. - (Topic 14) 

An administrator has formed a high availability cluster involving two FortiGate units. 

[ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] 

The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. 

Which of the following options describes the best step the administrator can take? 

The administrator should _____________________. 

A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode. 

B. Enable monitoring of all active interfaces. 

C. Set up a full-mesh design which uses redundant interfaces. 

D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted. 

Answer: C 


Q68. - (Topic 7) 

Which statement is correct regarding virus scanning on a FortiGate unit? 

A. Virus scanning is enabled by default. 

B. Fortinet customer support enables virus scanning remotely for you. 

C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy. 

D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate. 

Answer: C 


Q69. - (Topic 10) 

Which statements are correct regarding application control? (Choose two.) 

A. It is based on the IPS engine. 

B. It is based on the AV engine. 

C. It can be applied to SSL encrypted traffic. 

D. Application control cannot be applied to SSL encrypted traffic. 

Answer: A,C 


Q70. - (Topic 5) 

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) 

A. SSL VPN creates a HTTPS connection. IPsec does not. 

B. Both SSL VPNs and IPsec VPNs are standard protocols. 

C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. 

D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. 

Answer: A,D 


certleader.com

Simulation NSE4 training tools:

Q71. - (Topic 1) 

What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.) 

A. Conditional-forward. 

B. Forward-only. 

C. Non-recursive. 

D. Iterative. 

E. Recursive. 

Answer: B,C,E 


Q72. - (Topic 3) 

In which order are firewall policies processed on a FortiGate unit? 

A. From top to down, according with their sequence number. 

B. From top to down, according with their policy ID number. 

C. Based on best match. 

D. Based on the priority value. 

Answer: A 


Q73. - (Topic 7) 

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.) 

A. Manual update by downloading the signatures from the support site. 

B. Pull updates from the FortiGate. 

C. Push updates from a FortiAnalyzer. 

D. execute fortiguard-AV-AS command from the CLI. 

Answer: A,B 


Q74. - (Topic 12) 

A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs? 

A. The FortiGate must be a model 1000 or above to support multiple VDOMs. 

B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled. 

C. Changing the operational mode of a VDOM requires a reboot of the FortiGate. 

D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes. 

Answer: D 


Q75. - (Topic 9) 

Which two web filtering inspection modes inspect the full URL? (Choose two.) 

A. DNS-based. 

B. Proxy-based. 

C. Flow-based. 

D. URL-based. 

Answer: B,C 



see more NSE4 dumps