Exam Code: NSE4 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4 Exam.
2021 Apr NSE4 Study Guide Questions:
Q46. - (Topic 15)
Review the static route configuration for IPsec shown in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.)
A. Interface remote is an IPsec interface.
B. A gateway address is not required because the interface is a point-to-point connection.
C. A gateway address is not required because the default route is used.
D. Interface remote is a zone.
Q47. - (Topic 8)
Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)
D. IPv6 autoconfiguration
Q48. - (Topic 9)
Which of the following regular expression patterns make the terms "confidential data" case insensitive?
A. [confidential data]
B. /confidential data/i
C. i/confidential data/
D. "confidential data"
Q49. - (Topic 11)
Examine the exhibit below; then answer the question following it.
In this scenario, the FortiGate unit in Ottawa has the following routing table:
S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2
C 172.20.167.0/24 is directly connected, port1
C 172.20.170.0/24 is directly connected, port2
Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets?
A. The forward policy check.
B. The reverse path forwarding check.
C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate’s routing table.
D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.
Q50. - (Topic 17)
Which statement describes what the CLI command diagnose debug authd fsso list is used for?
A. Monitors communications between the FSSO collector agent and FortiGate unit.
B. Displays which users are currently logged on using FSSO.
C. Displays a listing of all connected FSSO collector agents.
D. Lists all DC Agents installed on all domain controllers.
Rebirth NSE4 exam prep:
Q51. - (Topic 14)
Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.)
A. The device this command is executed on is likely to switch from master to slave status if override is disabled.
B. The device this command is executed on is likely to switch from master to slave status if override is enabled.
C. This command has no impact on the HA algorithm.
D. This command resets the uptime variable used in the HA algorithm so it may cause a
new master to become elected.
Q52. - (Topic 16)
Review the IPS sensor filter configuration shown in the exhibit
Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.)
A. It does not log attacks targeting Linux servers.
B. It matches all traffic to Linux servers.
C. Its action will block traffic matching these signatures.
D. It only takes effect when the sensor is applied to a policy.
Q53. - (Topic 14)
The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members.
What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.)
A. Port3 is configured with an IP address for management access.
B. The firewall rules are purged on the disconnected unit.
C. The HA mode changes to standalone.
D. The system hostname is set to the unit serial number.
Q54. - (Topic 7)
Examine the exhibit; then answer the question below.
Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?
A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network.
B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network.
D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network.
Q55. - (Topic 2)
What logging options are supported on a FortiGate unit? (Choose two.)
Accurate NSE4 training tools:
Q56. - (Topic 11)
When does a FortiGate load-share traffic between two static routes to the same destination subnet?
A. When they have the same cost and distance.
B. When they have the same distance and the same weight.
C. When they have the same distance and different priority.
D. When they have the same distance and same priority.
Q57. - (Topic 20)
In which process states is it impossible to interrupt/kill a process? (Choose two.)
A. S – Sleep
B. R – Running
C. D – Uninterruptable Sleep
D. Z – Zombie
Q58. - (Topic 15)
Which IPsec mode includes the peer id information in the first packet?
A. Main mode.
B. Quick mode.
C. Aggressive mode.
D. IKEv2 mode.
Q59. - (Topic 16)
Which statement correctly describes the output of the command diagnose ips anomaly list?
A. Lists the configured DoS policy.
B. List the real-time counters for the configured DoS policy.
C. Lists the errors captured when compiling the DoS policy.
D. Lists the IPS signature matches.
Q60. - (Topic 12)
A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM.
What would be a possible cause for this problem?
A. The administrator does not have the proper permissions to reassign the dmz interface.
B. The dmz interface is referenced in the configuration of another VDOM.
C. Non-management VDOMs cannot reference physical interfaces.
D. The dmz interface is in PPPoE or DHCP mode.
see more NSE4 dumps