Top 15 questions NSE4 for IT engineers (1 to 15)

Exam Code: NSE4 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4 Exam.

2021 Apr NSE4 Study Guide Questions:

Q1. - (Topic 4) 

Which statements are true regarding local user authentication? (Choose two.) 

A. Two-factor authentication can be enabled on a per user basis. 

B. Local users are for administration accounts only and cannot be used to authenticate network users. 

C. Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate. 

D. Both the usernames and passwords can be stored locally on the FortiGate 

Answer: A,D 

Q2. - (Topic 16) 

Examine the following log message for IPS: 

2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="" dst="" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="" msg="anomaly: icmp_flood, 51 > threshold 50" 

Which statement is correct about the above log? (Choose two.) 

A. The target is 

B. The target is 

C. The attack was NOT blocked. 

D. The attack was blocked. 

Answer: B,C 

Q3. - (Topic 12) 

Which statements are correct regarding virtual domains (VDOMs)? (Choose two.) 

A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs. 

B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. 

C. VDOMs share firmware versions, as well as antivirus and IPS databases. 

D. Different time zones can be configured in each VDOM. 

Answer: B,C 

Q4. - (Topic 13) 

Which statements are correct for port pairing and forwarding domains? (Choose two.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domain only applies to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

Answer: A,D 

Q5. - (Topic 11) 

Examine the two static routes to the same destination subnet as shown below; then answer the question following it. config router static edit 1 set dst set distance 20 set priority 10 set device port1 next edit 2 set dst set distance 20 set priority 20 set device port2 



Which of the following statements correctly describes the static routing configuration provided above? 

A. The FortiGate evenly shares the traffic to through both routes. 

B. The FortiGate shares the traffic to through both routes, but the port2 route will carry approximately twice as much of the traffic. 

C. The FortiGate sends all the traffic to through port1. 

D. Only the route that is using port1 will show up in the routing table. 

Answer: C 

NSE4  practice question

Down to date NSE4 exam topics:

Q6. - (Topic 15) 

Which statement is an advantage of using a hub and spoke IPsec VPN configuration 

instead of a fully-meshed set of IPsec tunnels? 

A. Using a hub and spoke topology provides full redundancy. 

B. Using a hub and spoke topology requires fewer tunnels. 

C. Using a hub and spoke topology uses stronger encryption protocols. 

D. Using a hub and spoke topology requires more routes. 

Answer: B 

Q7. - (Topic 6) 

Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?. 

A. Policy-based only. 

B. Route-based only. 

C. Either policy-based or route-based VPN. 

D. GRE-based only. 

Answer: B 

Q8. - (Topic 4) 

What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.) 

A. Browser pop-up window. 

B. FortiToken. 

C. Email. 

D. Code books. 

E. SMS phone message. 

Answer: B,C,E 

Q9. - (Topic 3) 

Which header field can be used in a firewall policy for traffic matching? 

A. ICMP type and code. 


C. TCP window size. 

D. TCP sequence number. 

Answer: A 

Q10. - (Topic 11) 

A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway next end Which of the following conditions are required for this static default route to be displayed in 

the FortiGate unit’s routing table? (Choose two.) 

A. The administrative status of the wan1 interface is displayed as down. 

B. The link status of the wan1 interface is displayed as up. 

C. All other default routes should have a lower distance. 

D. The wan1 interface address and gateway address are on the same subnet. 

Answer: B,D

Breathing NSE4 cram:

Q11. - (Topic 17) 

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory. 

Which of the following statements are correct regarding FSSO in a Windows domain environment when agent mode is used? (Choose two.) 

A. An FSSO collector agent must be installed on every domain controller. 

B. An FSSO domain controller agent must be installed on every domain controller. 

C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit. 

D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit. 

Answer: B,D 

Q12. - (Topic 15) 

Review the IKE debug output for IPsec shown in the exhibit below. 

Which statements is correct regarding this output? 

A. The output is a phase 1 negotiation. 

B. The output is a phase 2 negotiation. 

C. The output captures the dead peer detection messages. 

D. The output captures the dead gateway detection packets. 

Answer: C 

Q13. - (Topic 12) 

A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. 

Which of the following settings will this administrator be able to configure? (Choose two.) 

A. Firewall addresses. 

B. DHCP servers. 

C. FortiGuard Distribution Network configuration. 

D. System hostname. 

Answer: A,B 

Q14. - (Topic 14) 

What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.) 

A. Enable session pick-up. 

B. Enable override. 

C. Connections must be UDP or ICMP. 

D. Connections must not be handled by a proxy. 

Answer: A,D 

Q15. - (Topic 10) 

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent? 

A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. 

B. Enable the shape option in a firewall policy with service set to BitTorrent. 

C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled. 

D. Apply a traffic shaper to a protocol options profile. 

Answer: A 

see more NSE4 dumps