Fortinet NSE4 Online Practice Questions and Exam Preparation

Fortinet NSE4 Online Questions & Answers

• Question 101:

  Which of the following statements best describes what the Document Fingerprinting feature is for?

  A. Protects sensitive documents from leakage
  B. Appends a fingerprint signature to all documents sent by users
  C. Appends a fingerprint signature to all the emails sent by users
  D. Validates the fingerprint signature in users' emails
  A. Protects sensitive documents from leakage

• Question 102:

  You are creating a custom signature. Which has incorrect syntax?

  A. F-SBID(--attack_id 1842,--name "Ping.Death";--protocol icmp; --data_size>32000;)
  B. F-SBID(--name "Block.SMTP.VRFY.CMD";--pattern "vrfy";-- service SMTP; --no_case;-- context header;)
  C. F-SBID(--name "Ping.Death";--protocol icmp;--data_size>32000;)
  D. F-SBID(--name "Block".HTTP.POST"; --protocol tcp;-- service HTTP;-- flow from_client; --pattern "POST"; -- context uri;--within 5,context;)
  A. F-SBID(--attack_id 1842,--name "Ping.Death";--protocol icmp; --data_size>32000;)

• Question 103:

  Which statements are correct for port pairing and forwarding domains? (Choose two.)

  A. They both create separate broadcast domains.
  B. Port Pairing works only for physical interfaces.
  C. Forwarding Domain only applies to virtual interfaces
  D. They may contain physical and/or virtual interfaces.
  A. They both create separate broadcast domains.
  D. They may contain physical and/or virtual interfaces.

• Question 104:

  Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.

  

  Which two statements are correct regarding this output? (Choose two.)

  A. There will be six routes in the routing table.
  B. There will be seven routes in the routing table.
  C. There will be two default routes in the routing table.
  D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.
  A. There will be six routes in the routing table.
  C. There will be two default routes in the routing table.

• Question 105:

  Which IPSec mode includes the peer id information in the first packet?

  A. Main mode.
  B. Quick mode.
  C. Aggressive mode.
  D. IKEv2 mode.
  C. Aggressive mode.

• Question 106:

  What are the advantages of FSSO DC mode over polling mode?

  A. Redundancy in the collector agent.
  B. Allows transparent authentication.
  C. DC agents are not required in the AD domain controllers.
  D. Scalability
  C. DC agents are not required in the AD domain controllers.

• Question 107:

  Which statement is not correct regarding SSL VPN Tunnel mode?

  A. IP traffic is encapsulated over HTTPS.
  B. The standalone FortiClient SSL VPN client can be used to establish a Tunnel mode SSL VPN.
  C. A limited amount of IP applications are supported.
  D. The FortiGate device will dynamically assign an IP address to the SSL VPN network adapter.
  C. A limited amount of IP applications are supported.

• Question 108:

  Which statement correctly describes the output of the command diagnose ips anomaly list?

  A. Lists the configured DoS policy.
  B. List the real-time counters for the configured DoS policy.
  C. Lists the errors captured when compiling the DoS policy.
  D. Lists the IPS signature matches.
  B. List the real-time counters for the configured DoS policy.

• Question 109:

  Which of the following Fortinet products can receive updates from the FortiGuard Distribution Network?

  A. FortiGate
  B. FortiClient
  C. FortiMail
  D. FortiAnalyzer
  A. FortiGate
  B. FortiClient
  C. FortiMail

• Question 110:

  What is not true of configuring disclaimers on the FortiGate?

  A. Disclaimers can be used in conjunction with captive portal.
  B. Disclaimers appear before users authenticate.
  C. Disclaimers can be bypassed through security exemption lists.
  D. Disclaimers must be accepted in order to continue to the authentication login or originally intended destination.
  C. Disclaimers can be bypassed through security exemption lists.