Welcome to Dumpsbase.com

NSE4 Dumps

Only $37.7, Automatic 35% OFF

$ 68
(100 Customer Reviews)
Exam Name

Fortinet Network Security Expert 4 Written Exam (400)

Updated
2018-06-17
Q&A
110

Dumpsbase collected all the related NSE4 dumps questions, which are the best and latest in the whole market. Read and study all Dumpsbase Fortinet Network Security Expert Program NSE4 exam dumps, you can pass the test in the first attempt.

1. How many Q&As in Dumpsbase NSE4 dumps?

There are 110 Q&As in Dumpsbase Network Security Expert Program NSE4 dumps, which cover all the exam topics of NSE4 Fortinet Network Security Expert 4 Written Exam (400).

2. Can I try free NSE4 demo before I decide to purchase?

Yes, Dumpsbase provides free NSE4 demo for you to check the quality of Fortinet Network Security Expert 4 Written Exam (400) NSE4 dumps.

3. What format will I get after purchasing NSE4 dumps?

Dumpsbase provides both PDF and Software for Network Security Expert Program NSE4 dumps. 
PDF version is file which you can print out to read and study all the NSE4 dumps questions anywhere, and you can also use mobile phone to study them. It is very convenient.
Software is a simulation version, you can test NSE4 questions in real exam environment. 

4. How long will I get Network Security Expert Program NSE4 dumps after completing the payment?

After you purchase Dumpsbase Fortinet NSE4 dumps, you will get Fortinet Network Security Expert 4 Written Exam (400) NSE4 exam dumps in 10 minutes in our working time, and in 12 hours in non-working time. 

5. If I fail NSE4 exam with Dumpsbase dumps, will I get full payment fee refund?

Yes, if you fail Network Security Expert Program NSE4 by using Dumpsbase dumps questions, you only need scan and send the score report to us via [email protected] After we check and confirm it, we will refund full payment fee to you in one working day. 

6. Can I get update after I purchase NSE4 dumps?

Yes, Dumpsbase provide free update for NSE4 exam dumps in one year from the date of purchase. If your product is out of one year, you need to re-purchase NSE4 dumps questions. Contact us by online live support or email, we will send you 50% coupon code. 
 

Question No : 1

Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)
A. They support GRE-over-IPsec.
B. They can be configured in both NAT/Route and transparent operation modes.
C. They require two firewall policies: one for each direction of traffic flow.
D. They support L2TP-over-IPsec.
Answer: B,C

Question No : 2

Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic.
B. They must be applied in firewall policies with SSL inspection enabled.
C. They can block DNS request to known botnet command and control servers.
D. They can redirect blocked requests to a specific portal.
Answer: C,D

Question No : 3

An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?
A. Non-recursive
B. Recursive
C. Forward to primary and secondary DNS
D. Forward to system DNS
Answer: B

Question No : 4

How do you configure inline SSL inspection on a firewall policy? (Choose two.)
A. Enable one or more flow-based security profiles on the firewall policy.
B. Enable the SSL/SSH Inspection profile on the firewall policy.
C. Execute the inline ssl inspection CLI command.
D. Enable one or more proxy-based security profiles on the firewall policy.
Answer: A,B

Question No : 5




What does the configuration do? (Choose two.)
A. Reduces the amount of logs generated by denied traffic.
B. Enforces device detection on all interfaces for 30 minutes.
C. Blocks denied users for 30 minutes.
D. Creates a session for traffic being denied.
Answer: A,D

Question No : 6

View the exhibit.



When Role is set to Undefined, which statement is true?
A. The GUI provides all the configuration options available for the port1 interface.
B. You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.
C. Firewall policies can be created from only the port1 interface to any interface.
D. The port1 interface is reserved for management only.
Answer: A

Question No : 7

For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?
A. The traffic is allowed and no log is generated.
B. The traffic is allowed and logged.
C. The traffic is blocked and no log is generated.
D. The traffic is blocked and logged.
Answer: C

Question No : 8




Which statements are correct based on this output? (Choose two.)
A. The global configuration is synchronized between the primary and secondary FortiGate.
B. The all VDOM is not synchronized between the primary and secondary FortiGate.
C. The root VDOM is not synchronized between the primary and secondary FortiGate.
D. The FortiGates have three VDOMs.
Answer: A,B

Question No : 9

An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?
A. The administrator is running the sniffer on the internal interface only.
B. The filter used in the sniffer matches the traffic only in one direction.
C. The FortiGate is doing content inspection.
D. TCP traffic is being offloaded to an NP6.
Answer: D

Question No : 10

View the exhibit.



What is the effect of the Disconnect Cluster Member operation as shown in the exhibit? (Choose two.)
A. The HA mode changes to standalone.
B. The firewall policies are deleted on the disconnected member.
C. The system hostname is set to the FortiGate serial number.
D. The port3 is configured with an IP address for management access.
Answer: A,D

Question No : 11

Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.) A. SP3 B. CP8 C. NP4 D. NP6
Answer: C,D

Question No : 12

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?
A. Disabling split tunneling
B. Configuring web bookmarks
C. Assigning public IP addresses to SSL VPN clients
D. Using web-only mode
Answer: A

Question No : 13

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The interface has been configured for one-arm sniffer.
B. The interface is a member of a virtual wire pair.
C. The operation mode is transparent.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
Answer: B,C,D

Question No : 14

An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy.
What else is required for the CASI profile to work properly?
A. You must enable logging for security events on the firewall policy.
B. You must activate a FortiCloud account.
C. You must apply an application control profile to the firewall policy.
D. You must enable SSL inspection on the firewall policy.
Answer: C

Question No : 15

The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?
A. set order
B. edit policy
C. reorder
D. move
Answer: D

Question No : 16

Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)
A. IPv6
B. RIP
C. GRE
D. NAT64
Answer: A,D

Question No : 17

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
B. ADVPN is only supported with IKEv2.
C. Tunnels are negotiated dynamically between spokes.
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
Answer: A,C

Question No : 18

What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?
A. 1
B. 2
C. 3
D. 4
Answer: C

Question No : 19

View the exhibit.



When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?
A. The user is required to authenticate before accessing sites with untrusted SSL certificates.
B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.
C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.
D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).
Answer: B

Question No : 20

Examine the following CLI configuration:
config system session-ttl
set default 1800
end
What statement is true about the effect of the above configuration line?
A. Sessions can be idle for no more than 1800 seconds.
B. The maximum length of time a session can be open is 1800 seconds.
C. After 1800 seconds, the end user must re-authenticate.
D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.
Answer: A

Customer review

  • Virgilio Willingham

    19 Jun, 2018 1:46pm

    But now i am so excited as The site exam questions are exactly the same as the actual exam subjects.

  • Jere Squier

    18 Jun, 2018 2:19pm

    It is always better to get help from a renowned and genuine source.

  • Pierre Crummie

    18 Jun, 2018 10:23am

    You provided guaranteed success option in this matter.

  • Foster Possick

    17 Jun, 2018 6:48am

    When I sat for NSE4-5.4 exam, I was shocked to see how easy the questions were.

  • Moshe Elwell

    15 Jun, 2018 7:38am

    Yes, this time it is correct.

  • Sonny Galluzzi

    15 Jun, 2018 4:40am

    Appreciate your great service.

Some similar or invalid comments have been hidden.

Leave your Review

Your Rating