1. Home
  2. Fortinet
  3. NSE4

Fortinet Network Security Expert 4 Written Exam (400)

Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet Fortinet Certifications NSE4 Questions & Answers

  • Question 101:

    Which of the following statements are true about the SSL Proxy certificate that must be used for SSL Content Inspection? (Choose two.)

    A. It cannot be signed by a private CA

    B. It must have either the field "CA=True" or the filed "Key Usage=KeyCertSign"

    C. It must be installed in the FortiGate device

    D. The subject filed must contain either the FQDN, or the IP address of the FortiGate device

  • Question 102:

    Which statement describes what the CLI command diagnose debug authd fsso list is used for?

    A. Monitors communications between the FSSO collector agent and FortiGate unit.

    B. Displays which users are currently logged on using FSSO.

    C. Displays are listing of all connected FSSO collector agents.

    D. Lists all DC Agents installed on all domain controllers.

  • Question 103:

    What is IPsec Perfect Forwarding Secrecy (PFS)?

    A. A phase-1 setting that allows the use of symmetric encryption.

    B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.

    C. A `key-agreement' protocol.

    D. A `security-association- agreement' protocol.

  • Question 104:

    A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM.

    What would be a possible cause for this problem?

    A. The administrator does not have the proper permissions the dmz interface.

    B. The dmz interface is referenced in the configuration of another VDOM.

    C. Non-management VDOMs cannot reference physical interfaces

    D. The dmz interface is in PPPoE or DHCP mode.

  • Question 105:

    Which TCP states does the global setting `tcp-half-open-timer' applies to? (Choose two.)

    A. SYN SENT

    B. SYN and SYN/ACK

    C. FIN WAIT

    D. TIME WAIT

  • Question 106:

    Which action is taken by the FortiGate device when a file matches more than one rule in a Data Leak Prevention sensor?

    A. The actions specified by the rule that most specifically matched the file

    B. The actions specified in the first rule from top to bottom

    C. All actions specified by all the matched rules.

    D. The actions specified in the rule with the higher priority number

  • Question 107:

    Review the exhibit of an explicit proxy policy configuration.

    If there is a proxy connection attempt coming from the IP address 10.0.1.5, and from a user that has not authenticated yet, what action does the FortiGate proxy take?

    A. User is prompted to authenticate. Traffic from the user Student will be allowed by the policy #1. Traffic from any other user will be allowed by the policy #2.

    B. User is not prompted to authenticate. The connection is allowed by the proxy policy #2.

    C. User is not prompted to authenticate. The connection will be allowed by the proxy policy #1.

    D. User is prompted to authenticate. Only traffic from the user Student will be allowed. Traffic from any other user will be blocked.

  • Question 108:

    What is the maximum number of different virus databases a FortiGate can have?

    A. 5

    B. 2

    C. 3

    D. 4

  • Question 109:

    Which of the following statements are correct regarding FortiGate virtual domains (VDOMs)? (Choose two)

    A. VDOMs divide a single FortiGate unit into two or more independent firewall.

    B. A management VDOM handles SNMP. logging, alert email and FortiGuard updates.

    C. Each VDOM can run different firmware versions.

    D. Administrative users with a 'super_admin' profile can administrate only one VDOM.

  • Question 110:

    What are the advantages of FSSO DC mode over polling mode?

    A. Redundancy in the collector agent.

    B. Allows transparent authentication.

    C. DC agents are not required in the AD domain controllers.

    D. Scalability

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.