This page was exported from 100% Valid Exam Dumps on Lead2pass [ http://www.testbraindumps.com ] Export date:Sat Sep 21 13:52:43 2019 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Lead2pass Dumps For Exam NSE4 With New Updated Exam Questions (1-25) --------------------------------------------------- 2017 October Fortinet Official New Released NSE4 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Fortinet NSE4 exam is very popular in Fortinet field, many Fortinet candidates choose this exam to add their credentials. There are many resource online to offering Fortinet NSE4 exam questions, through many good feedbacks, we conclude that Lead2pass can help you pass your test easily with Fortinet NSE4 exam questions. Choose Lead2pass to get your Fortinet NSE4 certification. Following questions and answers are all new published by Fortinet Official Exam Center: https://www.lead2pass.com/nse4.html QUESTION 1Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) A.    SSL VPN creates a HTTPS connection. IPsec does not.B.    Both SSL VPNs and IPsec VPNs are standard protocols.C.    Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.D.    Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.Answer: AD QUESTION 2Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type.Which of the following are some of the available event types in Web Config? (Select all that apply.) A.    Intrusion detected.B.    Successful firewall authentication.C.    Oversized file detected.D.    DHCP address assigned.E.    FortiGuard Web Filtering rating error detected. Answer: A QUESTION 3A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration:   Which static route is automatically added to the client's routing table when the tunnel mode is activated? A.    A route to a destination subnet matching the Internal_Servers address object.B.    A route to the destination subnet configured in the tunnel mode widget.C.    A default route.D.    A route to the destination subnet configured in the SSL VPN global settings. Answer: A QUESTION 4Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.) A.    Split tunneling is supported.B.    It requires the installation of a VPN client.C.    It requires the use of an Internet browser.D.    It does not support traffic from third-party network applications.E.    An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit. Answer: ABE QUESTION 5DLP archiving gives the ability to store session transaction data on a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.) A.    SNMPB.    IPSecC.    SMTPD.    POP3E.    HTTP Answer: CDE QUESTION 6Which statements regarding banned words are correct? (Choose two.) A.    Content is automatically blocked if a single instance of a banned word appears.B.    The FortiGate updates banned words on a periodic basis.C.    The FortiGate can scan web pages and email messages for instances of banned words.D.    Banned words can be expressed as simple text, wildcards and regular expressions. Answer: CD QUESTION 7Examine the following FortiGate web proxy configuration; then answer the question below: config web-proxy explicitset pac-file-server-status enableset pac-file-server-port 8080set pac-file-name wpad.datend Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet browser use to download the PAC file? A.    https://10.10.1.1:8080B.    https://10.10.1.1:8080/wpad.datC.    http://10.10.1.1:8080/D.    http://10.10.1.1:8080/wpad.dat Answer: D QUESTION 8Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.) A.    Only one proxy is supported.B.    Can be manually imported to the browser.C.    The browser can automatically download it from a web server.D.    Can include a list of destination IP subnets where the browser can connect directly to without using a proxy. Answer: CD QUESTION 9Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.) A.    DHCPB.    BOOTPC.    DNSD.    IPv6 autoconfiguration Answer: AC QUESTION 10What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution? A.    Users are required to manually enter their credentials each time they connect to a different web site.B.    Proxy users are authenticated via FSSO.C.    There are multiple users sharing the same IP address.D.    Proxy users are authenticated via RADIUS. Answer: C QUESTION 11Which two web filtering inspection modes inspect the full URL? (Choose two.) A.    DNS-based.B.    Proxy-based.C.    Flow-based.D.    URL-based. Answer: BC QUESTION 12Which web filtering inspection mode inspects DNS traffic? A.    DNS-based.B.    FQDN-based.C.    Flow-based.D.    URL-based. Answer: A QUESTION 13Which statements are correct regarding URL filtering on a FortiGate unit? (Choose two.) A.    The allowed actions for URL filtering include allow, block, monitor and exempt.B.    The allowed actions for URL filtering are Allow and Block only.C.    URL filters may be based on patterns using simple text, wildcards and regular expressions.D.    URL filters are based on simple text only and require an exact match. Answer: AC QUESTION 14Which of the following regular expression patterns make the terms "confidential data" case insensitive? A.    [confidential data]B.    /confidential data/iC.    i/confidential data/D.    "confidential data" Answer: B QUESTION 15Which statements are correct regarding application control? (Choose two.) A.    It is based on the IPS engine.B.    It is based on the AV engine.C.    It can be applied to SSL encrypted traffic.D.    Application control cannot be applied to SSL encrypted traffic. Answer: AC QUESTION 16How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent? A.    Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy.B.    Enable the shape option in a firewall policy with service set to BitTorrent.C.    Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled.D.    Apply a traffic shaper to a protocol options profile. Answer: A QUESTION 17Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with a firewall policy? (Choose two.) A.    Shared traffic shaping cannot be used.B.    Only traffic matching the application control signature is shaped.C.    Can limit the bandwidth usage of heavy traffic applications.D.    Per-IP traffic shaping cannot be used. Answer: BC QUESTION 18A static route is configured for a FortiGate unit from the CLI using the following commands: config router staticedit 1set device "wan1"set distance 20set gateway 192.168.100.1nextend Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit's routing table? A.    The Administrative Status of the wan1 interface is displayed as Up.B.    The Link Status of the wan1 interface is displayed as Up.C.    All other default routes should have an equal or higher distance.D.    You must disable DHCP client on that interface. Answer: D QUESTION 19When does a FortiGate load-share traffic between two static routes to the same destination subnet? A.    When they have the same cost and distance.B.    When they have the same distance and the same weight.C.    When they have the same distance and different priority.D.    When they have the same distance and same priority. Answer: D QUESTION 20Examine the static route configuration shown below; then answer the question following it. config router staticedit 1set dst 172.20.1.0 255.255.255.0set device port1set gateway 172.11.12.1set distance 10set weight 5nextedit 2set dst 172.20.1.0 255.255.255.0set blackhole enableset distance 5set weight 10nextend Which of the following statements correctly describes the static routing configuration provided? (Choose two.) A.    All traffic to 172.20.1.0/24 is dropped by the FortiGate.B.    As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. If the interface port1 is down, the traffic is routed using the blackhole route.C.    The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route.D.    The FortiGate unit creates a session entry in the session table when the traffic is being routed by the blackhole route. Answer: AC QUESTION 21In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway? A.    A lookup is done only when the first packet coming from the client (SYN) arrives.B.    A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.C.    Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).D.    A lookup is always done each time a packet arrives, from either the server or the client side. Answer: B QUESTION 22Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router staticedit 1set dst 172.20.168.0 255.255.255.0set distance 20set priority 10set device port1nextedit 2set dst 172.20.168.0 255.255.255.0set distance 20set priority 20set device port2nextend Which of the following statements correctly describes the static routing configuration provided above? A.    The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.B.    The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.C.    The FortiGate sends all the traffic to 172.20.168.0/24 through port1.D.    Only the route that is using port1 will show up in the routing table. Answer: C QUESTION 23Examine the exhibit below; then answer the question following it.   In this scenario, the FortiGate unit in Ottawa has the following routing table: S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2C 172.20.167.0/24 is directly connected, port1C 172.20.170.0/24 is directly connected, port2 Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets? A.    The forward policy check.B.    The reverse path forwarding check.C.    The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate's routing table.D.    The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table. Answer: B QUESTION 24Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.   Which two statements are correct regarding this output? (Choose two.) A.    There will be six routes in the routing table.B.    There will be seven routes in the routing table.C.    There will be two default routes in the routing table.D.    There will be two routes for the 10.0.2.0/24 subnet in the routing table. Answer: AC QUESTION 25Examine the exhibit; then answer the question below.   The Vancouver FortiGate initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, port2C 172.21.0.0/16 is directly connected, port2C 172.11.11.0/24 is directly connected, port1 Afterwards, the following static route was added: config router staticedit 6set dst 172.20.1.0 255.255.255.0set pririoty 0set device port1set gateway 172.11.12.1nextend Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem? A.    The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.B.    The 'gateway' IP address is NOT in the same subnet as the IP address of port1.C.    The priority is 0, which means that the route will remain inactive.D.    The static route configuration is missing the distance setting. Answer: B Fortinet NSE4 exam questions are available in PDF and VCE format. This makes it very convenient for you to follow the course and study the exam whenever and wherever you want. The Fortinet NSE4 exam questions follow the exact paper pattern and question type of the actual NSE4 certification exam, it lets you recreate the exact exam scenario, so you are armed with the correct information for the NSE4 certification exam. NSE4 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDeFZLNEJDeDRQdlE 2017 Fortinet NSE4 exam dumps (All 533 Q&As) from Lead2pass: https://www.lead2pass.com/nse4.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-10-10 08:05:26 Post date GMT: 2017-10-10 08:05:26 Post modified date: 2017-10-10 08:05:26 Post modified date GMT: 2017-10-10 08:05:26 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com