★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE4 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/NSE4-dumps.html


With the aid of Testking NSE4 puts, you can get a excellent result simply which can make you pass Fortinet check. Moreover, in the event you failed within the NSE4 exam for the first time of employing our items, just about all money you have to pay is going to be return. You only need to send out your NSE4 report log as a pdf to all of us. After confirming your data, well return the amount of money and give it back to your account as soon as possible.

2021 Apr fortinet nse4 exam dumps:

Q11. - (Topic 9) 

Which web filtering inspection mode inspects DNS traffic? 

A. DNS-based. 

B. FQDN-based. 

C. Flow-based. 

D. URL-based. 

Answer:


Q12. - (Topic 3) 

Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) 

A. IP address pool. 

B. Virtual IP address. 

C. IP address. 

D. IP address group. 

E. MAC address. 

Answer: B,C,D 


Q13. - (Topic 5) 

Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.) 

A. Split tunneling is supported. 

B. It requires the installation of a VPN client. 

C. It requires the use of an Internet browser. 

D. It does not support traffic from third-party network applications. 

E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit. 

Answer: A,B,E 


Q14. - (Topic 11) 

Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it. 

Which two statements are correct regarding this output? (Choose two.) 

A. There will be six routes in the routing table. 

B. There will be seven routes in the routing table. 

C. There will be two default routes in the routing table. 

D. There will be two routes for the 10.0.2.0/24 subnet in the routing table. 

Answer: A,C 


Q15. - (Topic 7) 

Which statement is correct regarding virus scanning on a FortiGate unit? 

A. Virus scanning is enabled by default. 

B. Fortinet customer support enables virus scanning remotely for you. 

C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy. 

D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate. 

Answer:


Replace nse4 dumps:

Q16. - (Topic 14) 

Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device. 

Exhibit A: 

Exhibit B: 

Given the information provided in the exhibits, which of the following statements are correct? (Choose two.) 

A. STUDENT is likely to be the master device. 

B. Session-pickup is likely to be enabled. 

C. The cluster mode is active-passive. 

D. There is not enough information to determine the cluster mode. 

Answer: A,D 


Q17. - (Topic 11) 

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway? 

A. A lookup is done only when the first packet coming from the client (SYN) arrives. 

B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives. 

C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK). 

D. A lookup is always done each time a packet arrives, from either the server or the client side. 

Answer:


Q18. - (Topic 7) 

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. 

Which are two reasons for this problem? (Choose two.) 

A. The FortiGate is connected to multiple ISPs. 

B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network. 

C. The FortiGate is in Transparent mode. 

D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server. 

Answer: B,D 


Q19. - (Topic 16) 

Review the IPS sensor filter configuration shown in the exhibit 

Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.) 

A. It does not log attacks targeting Linux servers. 

B. It matches all traffic to Linux servers. 

C. Its action will block traffic matching these signatures. 

D. It only takes effect when the sensor is applied to a policy. 

Answer: C,D 


Q20. - (Topic 8) 

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.) 

A. DHCP 

B. BOOTP 

C. DNS 

D. IPv6 autoconfiguration 

Answer: A,C