Fortinet Fortinet Certifications NSE4 Questions & Answers

• Question 121:

  To which remote device can the FortiGate send logs? (Choose three.)

  A. Syslog

  B. FortiAnalyzer

  C. Hard drive

  D. Memory

  E. FortiCloud

  Correct Answer: ABE

• Question 122:

  Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)

  A. SMTP

  B. WINS

  C. HTTP

  D. Telnet

  E. SSH

  Correct Answer: CDE

• Question 123:

  Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic.

  What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)

  A. They are offloaded to the NP6 in the master unit.

  B. They are not offloaded to the NP6 in the master unit.

  C. They are offloaded to the NP6 in the slave unit.

  D. They are not offloaded to the NP6 in the slave unit.

  Correct Answer: BC

• Question 124:

  Which of the following statements are true regarding traffic accelerated by an NP processor? (Choose two.)

  A. TCP SYN packets are always handled by the NP Processor

  B. The initial packets go to the NP Processor, where a decision is taken on if the session can be offloaded or not.

  C. Packets for a session termination are always handled by the CPU.

  D. The initial packets go to the CPU, where a decision is taken on if the session can be offloaded or not.

  Correct Answer: AD

• Question 125:

  For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?

  A. The traffic is allowed and no log is generated.

  B. The traffic is allowed and logged.

  C. The traffic is blocked and no log is generated.

  D. The traffic is blocked and logged.

  Correct Answer: C

• Question 126:

  Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic.

  What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)

  A. They are accelerated by hardware in the master unit.

  B. They are not accelerated by hardware in the master unit.

  C. They are accelerated by hardware in the slave unit.

  D. They are not accelerated by hardware in the slave unit.

  Correct Answer: AD

• Question 127:

  Review the static route configuration for IPsec shown in the exhibit; then answer the question below.

  

  Which statements are correct regarding this configuration? (Choose two.)

  A. Interface remote is an IPsec interface.

  B. A gateway address is not required because the interface is a point-to-point connection.

  C. A gateway address is not required because the default route is used.

  D. Interface remote is a zone.

  Correct Answer: AB

• Question 128:

  Which does FortiToken use as input when generating a token code? (Choose two.)

  A. User password

  B. Time

  C. User name

  D. Seed

  Correct Answer: AD

• Question 129:

  When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website?

  A. Organizational Unit.

  B. Common name.

  C. Serial Number.

  D. Validity.

  Correct Answer: B

• Question 130:

  Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three)

  A. Source IP address.

  B. TCP flags

  C. Source TCP/UDP ports

  D. Type of service.

  E. Checksum

  Correct Answer: ACD