10 Tips For NSE4 IT examinee

It is more faster and easier to pass the Fortinet NSE4 exam by using Precise Fortinet Fortinet Network Security Expert 4 Written Exam (400) questuins and answers. Immediate access to the Renewal NSE4 Exam and find the same core area NSE4 questions with professionally verified answers, then PASS your exam with a high score now.

2016 Sep NSE4 test

Q41. - (Topic 14) 

Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled? 

A. 1. port monitor, 2. unit priority, 3. up time, 4. serial number. 

B. 1. port monitor, 2. up time, 3. unit priority, 4. serial number. 

C. 1. unit priority, 2. up time, 3. port monitor, 4. serial number. 

D. 1. up time, 2. unit priority, 3. port monitor, 4. serial number. 

Answer: B 


Q42. - (Topic 14) 

Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device. 

Exhibit A: 


Exhibit B: 


Given the information provided in the exhibits, which of the following statements are correct? (Choose two.) 

A. STUDENT is likely to be the master device. 

B. Session-pickup is likely to be enabled. 

C. The cluster mode is active-passive. 

D. There is not enough information to determine the cluster mode. 

Answer: A,D 


Q43. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. 


Which statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying. 

B. Two tunnels are rekeying. 

C. Two tunnels are up. 

D. One tunnel is up. 

Answer: C 


Q44. - (Topic 14) 

In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit? 

A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

B. Request: internal host; slave FortiGate; Internet; web server. 

C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server. 

D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server. 

Answer: D 


Q45. - (Topic 5) 

A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration: 


Which static route is automatically added to the client’s routing table when the tunnel mode is activated? 

A. A route to a destination subnet matching the Internal_Servers address object. 

B. A route to the destination subnet configured in the tunnel mode widget. 

C. A default route. 

D. A route to the destination subnet configured in the SSL VPN global settings. 

Answer: A 


NSE4 dumps

Update NSE4 test preparation:

Q46. - (Topic 15) 

Review the configuration for FortiClient IPsec shown in the exhibit. 


Which statement is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the student_internal address object. 

B. The connecting VPN client will install a default route. 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. 

D. The connecting VPN client will connect in web portal mode and no route will be installed. 

Answer: A 


Q47. - (Topic 4) 

What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.) 

A. Browser pop-up window. 

B. FortiToken. 

C. Email. 

D. Code books. 

E. SMS phone message. 

Answer: B,C,E 


Q48. - (Topic 2) 

Regarding the header and body sections in raw log messages, which statement is correct? 

A. The header and body section layouts change depending on the log type. 

B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. 

C. Some log types include multiple body sections. 

D. Some log types do not include a body section. 

Answer: B 


Q49. - (Topic 14) 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. 

Exhibit A: 


Exhibit B 


Which one of the following is the most likely reason that the cluster fails to form? 

A. Password 

B. HA mode 

C. Hearbeat 

D. Override 

Answer: B 


Q50. - (Topic 4) 

Which statements are true regarding local user authentication? (Choose two.) 

A. Two-factor authentication can be enabled on a per user basis. 

B. Local users are for administration accounts only and cannot be used to authenticate network users. 

C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate. 

D. Both the usernames and passwords can be stored locally on the FortiGate 

Answer: A,D 



see more NSE4 dumps