NSE4 secret(31 to 45) for IT learners: Apr 2016 Edition

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/NSE4-dumps.html


High quality of NSE4 study guide materials and testing engine for Fortinet certification for customers, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!

2016 Apr NSE4 Study Guide Questions:

Q31. - (Topic 10) 

Which statements are correct regarding application control? (Choose two.) 

A. It is based on the IPS engine. 

B. It is based on the AV engine. 

C. It can be applied to SSL encrypted traffic. 

D. Application control cannot be applied to SSL encrypted traffic. 

Answer: A,C 


Q32. - (Topic 11) 

Examine the exhibit below; then answer the question following it. 


In this scenario, the FortiGate unit in Ottawa has the following routing table: 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2 

C 172.20.167.0/24 is directly connected, port1 

C 172.20.170.0/24 is directly connected, port2 

Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets? 

A. The forward policy check. 

B. The reverse path forwarding check. 

C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate’s routing table. 

D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table. 

Answer: B 


Q33. - (Topic 12) 

A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface. 

Which one of the following statements is correct regarding the VLAN IDs in this scenario? 

A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets. 

B. The two VLAN sub-interfaces must have different VLAN IDs. 

C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs. 

D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches. 

Answer: B 


Q34. - (Topic 10) 

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent? 

A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. 

B. Enable the shape option in a firewall policy with service set to BitTorrent. 

C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled. 

D. Apply a traffic shaper to a protocol options profile. 

Answer: A 


Q35. - (Topic 14) 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. 

Exhibit A: 


Exhibit B 


Which one of the following is the most likely reason that the cluster fails to form? 

A. Password 

B. HA mode 

C. Hearbeat 

D. Override 

Answer: B 


NSE4 free practice questions

Avant-garde NSE4 braindumps:

Q36. - (Topic 16) 

Review the IPS sensor filter configuration shown in the exhibit 


Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.) 

A. It does not log attacks targeting Linux servers. 

B. It matches all traffic to Linux servers. 

C. Its action will block traffic matching these signatures. 

D. It only takes effect when the sensor is applied to a policy. 

Answer: C,D 


Q37. - (Topic 3) 

For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate? 

A. The traffic is allowed and no log is generated. 

B. The traffic is allowed and logged. 

C. The traffic is blocked and no log is generated. 

D. The traffic is blocked and logged. 

Answer: C 


Q38. - (Topic 14) 

The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members. 


What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.) 

A. Port3 is configured with an IP address for management access. 

B. The firewall rules are purged on the disconnected unit. 

C. The HA mode changes to standalone. 

D. The system hostname is set to the unit serial number. 

Answer: A,C 


Q39. - (Topic 8) 

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.) 

A. DHCP 

B. BOOTP 

C. DNS 

D. IPv6 autoconfiguration 

Answer: A,C 


Q40. - (Topic 3) 

Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) 

A. IP address pool. 

B. Virtual IP address. 

C. IP address. 

D. IP address group. 

E. MAC address. 

Answer: B,C,D 


NSE4 exam fees

High value NSE4 software:

Q41. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below. 


Which statements are correct regarding this output? (Choose two.) 

A. The connecting client has been allocated address 172.20.1.1. 

B. In the Phase 1 settings, dead peer detection is enabled. 

C. The tunnel is idle. 

D. The connecting client has been allocated address 10.200.3.1. 

Answer: A,B 


Q42. - (Topic 3) 

Which header field can be used in a firewall policy for traffic matching? 

A. ICMP type and code. 

B. DSCP. 

C. TCP window size. 

D. TCP sequence number. 

Answer: A 


Q43. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. 


Which statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying. 

B. Two tunnels are rekeying. 

C. Two tunnels are up. 

D. One tunnel is up. 

Answer: C 


Q44. - (Topic 12) 

Which statements are correct regarding virtual domains (VDOMs)? (Choose two.) 

A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs. 

B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. 

C. VDOMs share firmware versions, as well as antivirus and IPS databases. 

D. Different time zones can be configured in each VDOM. 

Answer: B,C 


Q45. - (Topic 12) 

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. 

What would be a possible cause for this problem? 

A. The administrator does not have the proper permissions to reassign the dmz interface. 

B. The dmz interface is referenced in the configuration of another VDOM. 

C. Non-management VDOMs cannot reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

Answer: B 



see more Fortinet Network Security Expert 4 Written Exam (400)