Tips to Pass NSE4 Exam (1 to 10)

Act now and download your Fortinet NSE4 test today! Do not waste time for the worthless Fortinet NSE4 tutorials. Download Latest Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet NSE4 with a classic professional.

2016 Sep NSE4 practice test

Q1. - (Topic 22) 

Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.) 

A. Fragmented packet. 

B. Multicast packet. 

C. SCTP packet. 

D. GRE packet. 

Answer: B,C 


Q2. - (Topic 4) 

The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below. 


Based on the firewall configuration illustrated in the exhibit, which statement is correct? 

A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge. 

B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. 

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services. 

D. DNS Internet access is always allowed, even for users that has not authenticated. 

Answer: D 


Q3. - (Topic 11) 

When does a FortiGate load-share traffic between two static routes to the same destination subnet? 

A. When they have the same cost and distance. 

B. When they have the same distance and the same weight. 

C. When they have the same distance and different priority. 

D. When they have the same distance and same priority. 

Answer: D 


Q4. - (Topic 14) 

Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.) 

A. The device this command is executed on is likely to switch from master to slave status if override is disabled. 

B. The device this command is executed on is likely to switch from master to slave status if override is enabled. 

C. This command has no impact on the HA algorithm. 

D. This command resets the uptime variable used in the HA algorithm so it may cause a 

new master to become elected. 

Answer: A,D 


Q5. - (Topic 15) 

Which statement is an advantage of using a hub and spoke IPsec VPN configuration 

instead of a fully-meshed set of IPsec tunnels? 

A. Using a hub and spoke topology provides full redundancy. 

B. Using a hub and spoke topology requires fewer tunnels. 

C. Using a hub and spoke topology uses stronger encryption protocols. 

D. Using a hub and spoke topology requires more routes. 

Answer: B 


NSE4 free draindumps

Up to the minute NSE4 practice:

Q6. - (Topic 1) 

What capabilities can a FortiGate provide? (Choose three.) 

A. Mail relay. 

B. Email filtering. 

C. Firewall. 

D. VPN gateway. 

E. Mail server. 

Answer: B,C,D 


Q7. - (Topic 7) 

Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols? 

A. Proxy-based. 

B. DNS-based. 

C. Flow-based. 

D. Man-in-the-middle. 

Answer: C 


Q8. - (Topic 11) 

Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it. 


Which two statements are correct regarding this output? (Choose two.) 

A. There will be six routes in the routing table. 

B. There will be seven routes in the routing table. 

C. There will be two default routes in the routing table. 

D. There will be two routes for the 10.0.2.0/24 subnet in the routing table. 

Answer: A,C 


Q9. - (Topic 9) 

Which web filtering inspection mode inspects DNS traffic? 

A. DNS-based. 

B. FQDN-based. 

C. Flow-based. 

D. URL-based. 

Answer: A 


Q10. - (Topic 8) 

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.) 

A. DHCP 

B. BOOTP 

C. DNS 

D. IPv6 autoconfiguration 

Answer: A,C 



see more NSE4 dumps