We provide best Fortinet https://www.pass4itsure.com/nse4.html dumps on the internet that always like to help the Fortinet Network Security Expert 4 Written Exam (400) exam students with the preparation for their Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam.
Exam Code: NSE4
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Updated: Jul 13, 2017
Q&As: 274
They can use any format they want from their best NSE4 dumps, but they need to know that we have been offering much more of the help with the Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam preparation with success guarantee. This is how a lot of IT students have been passing their Fortinet NSE4 dumps with the help of these samples that are available us all the time.
Pass4itsure Latest and Most Accurate Fortinet NSE4 Dumps Q&As:
QUESTION 22
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network.
Examine the firewall configuration shown in the exhibit; then answer the question below
Based on the firewall configuration illustrated in the exhibit, which statement is correct?
A. A user that has not authenticated can access the Internet using any protocol that does not trigger an
authentication challenge.
B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS,
Telnet, and FTP.
C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can
access all Internet services.
D. DNS Internet access is always allowed, even for users that has not authenticated.
NSE4 exam Correct Answer: D
QUESTION 23
Which statement regarding the firewall policy authentication timeout is true?
A. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming
from the user’s source IP.
B. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source IP address after
this timer has expired.
C. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming
from the user’s source MAC.
D. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source MAC address after
this timer has expired.
Correct Answer: A
QUESTION 24
Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)
A. SSL VPN creates a HTTPS connection. IPsec does not.
B. Both SSL VPNs and IPsec VPNs are standard protocols.
C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.
D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a
FortiGate device.
NSE4 dumps Correct Answer: AD
QUESTION 25
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is
used as the source of the HTTP request?
A. The remote user’s virtual IP address.
B. The FortiGate unit’s internal IP address.
C. The remote user’s public IP address.
D. The FortiGate unit’s external IP address.
Correct Answer: B
QUESTION 26
A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split
tunneling. The exhibit shows the firewall policy configuration:
Which static route is automatically added to the client’s routing table when the tunnel mode is activated?
A. A route to a destination subnet matching the Internal_Servers address object.
B. A route to the destination subnet configured in the tunnel mode widget.
C. A default route.
D. A route to the destination subnet configured in the SSL VPN global settings.
NSE4 pdf Correct Answer: A
QUESTION 27
Regarding the use of web-only mode SSL VPN, which statement is correct?
A. It supports SSL version 3 only.
B. It requires a Fortinet-supplied plug-in on the web client.
C. It requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client.
Correct Answer: C
QUESTION 28
Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)
A. Split tunneling is supported.
B. It requires the installation of a VPN client.
C. It requires the use of an Internet browser.
D. It does not support traffic from third-party network applications.
E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.
NSE4 vce Correct Answer: ABE
QUESTION 29
You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based
mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end
and the FortiGate already has a default route.
Which two configuration steps are required to achieve these objectives? (Choose two.)
A. Create one firewall policy.
B. Create two firewall policies.
C. Add a route to the remote subnet.
D. Add two IPsec phases 2.
Correct Answer: BC
QUESTION 30
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
A. Policy-based only.
B. Route-based only.
C. Either policy-based or route-based VPN.
D. GRE-based only.
NSE4 dumps Correct Answer: B
QUESTION 31
An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct
regarding this IPsec VPN configuration?
A. The IPsec firewall policies must be placed at the top of the list.
B. This VPN cannot be used as part of a hub and spoke topology.
C. Routes are automatically created based on the quick mode selectors.
D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.
Correct Answer: D
QUESTION 32
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario? (Choose three.)
A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
NSE4 pdf Correct Answer: ADE
QUESTION 33
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed
set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
C. Using a hub and spoke topology provides stronger encryption.
D. The routing at a spoke is simpler, compared to a meshed node.
Correct Answer: BD
QUESTION 34
Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime?
(Select all that apply.)
A. The device this command is executed on is likely to switch from master to slave status if master
override is disabled.
B. The device this command is executed on is likely to switch from master to slave status if master
override is enabled.
C. This command has no impact on the HA algorithm.
D. This command resets the uptime variable used in the HA algorithm so it may cause a new master to
become elected.
Correct Answer: AD
QUESTION 35
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit.
Which of the following statements is correct regarding this output? (Select one answer).
A. One tunnel is rekeying
B. Two tunnels are rekeying
C. Two tunnels are up
D. One tunnel is up
NSE4 vce Correct Answer: C
QUESTION 36
Review the output of the command get router info routing-table database shown in the Exhibit below; then
answer the question following it.
Which of the following statements are correct regarding this output? (Select all that apply).
A. There will be six routes in the routing table.
B. There will be seven routes in the routing table.
C. There will be two default routes in the routing table.
D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.
Correct Answer: AC
QUESTION 37
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the
FortiGate unit?
A. Packetencryption
B. MIB-based report uploads
C. SNMP access limits through access lists
D. Running SNMP service on a non-standard port is possible
NSE4 dumps Correct Answer: A
Pass4isture is a website to improve the pass rate of Fortinet certification NSE4 dumps. Senior IT experts in the Pass4isture constantly developed a variety of successful programs of passing Fortinet certification NSE4 dumps Training Materials, so the results of their research can 100% guarantee you Fortinet certification NSE4 dumps for one time.
Pass4isture’s training tools are very effective and many people who have passed a number of IT certification exams used the practice questions and answers provided by Pass4isture. Some of them who have passed the Pass4itusre https://www.pass4itsure.com/nse4.html NSE4 dumps also use Pass4isture’s products. Selecting Pass4isture means choosing a success in Pass4itusre google drive: https://drive.google.com/open?id=0BwxjZr-ZDwwWUTc2YVNTYlB5bFU