Fortinet NSE4 Online Practice Questions and Exam Preparation

Fortinet NSE4 Online Questions & Answers

• Question 131:

  A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM.

  What would be a possible cause for this problem?

  A. The administrator does not have the proper permissions the dmz interface.
  B. The dmz interface is referenced in the configuration of another VDOM.
  C. Non-management VDOMs cannot reference physical interfaces
  D. The dmz interface is in PPPoE or DHCP mode.
  B. The dmz interface is referenced in the configuration of another VDOM.

• Question 132:

  Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)

  A. Manual update by downloading the signatures from the support site.
  B. Pull updates from the FortiGate device
  C. Push updates from the FortiGuard Distribution Network.
  D. execute fortiguard-AV-AS command from the CLI.
  A. Manual update by downloading the signatures from the support site.
  B. Pull updates from the FortiGate device
  C. Push updates from the FortiGuard Distribution Network.

• Question 133:

  Which of the following actions can be used with the FortiGuard quota feature? (Choose three.)

  A. Allow
  B. Block
  C. Monitor
  D. Warning
  E. Authenticate
  C. Monitor
  D. Warning
  E. Authenticate

• Question 134:

  Which is NOT true about the settings for an IP pool type port block allocation?

  A. A Block Size defines the number of connections.
  B. Blocks Per User defines the number of connection blocks for each user.
  C. An Internal IP Range defines the IP addresses permitted to use the pool.
  D. An External IP Range defines the IP addresses in the pool.
  B. Blocks Per User defines the number of connection blocks for each user.

• Question 135:

  Which statement describes what the CLI command diagnose debug authd fsso list is used for?

  A. Monitors communications between the FSSO collector agent and FortiGate unit.
  B. Displays which users are currently logged on using FSSO.
  C. Displays are listing of all connected FSSO collector agents.
  D. Lists all DC Agents installed on all domain controllers.
  B. Displays which users are currently logged on using FSSO.

• Question 136:

  Which statements correctly describe transparent mode operation? (Choose three.)

  A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
  B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
  C. The transparent FortiGate is clearly visible to network hosts in an IP trace route.
  D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
  E. All interfaces of the transparent mode FortiGate device most be on different IP subnets.
  A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
  B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
  D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network.

• Question 137:

  Review the IKE debug output for IPsec shown in the exhibit below.

  

  Which statements is correct regarding this output?

  A. The output is a phase 1 negotiation.
  B. The output is a phase 2 negotiation.
  C. The output captures the dead peer detection messages.
  D. The output captures the dead gateway detection packets.
  C. The output captures the dead peer detection messages.

• Question 138:

  Which statement describes how traffic flows in sessions handled by a slave unit in an active-active HA cluster?

  A. Packet are sent directly to the slave unit using the slave physical MAC address.
  B. Packets are sent directly to the slave unit using the HA virtual MAC address.
  C. Packets arrived at both units simultaneously, but only the salve unit forwards the session.
  D. Packets are first sent to the master unit, which then forwards the packets to the slave unit.
  D. Packets are first sent to the master unit, which then forwards the packets to the slave unit.

• Question 139:

  What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.)

  A. Browser pop-up window.
  B. FortiToken.
  C. Email.
  D. Code books.
  E. SMS phone message.
  B. FortiToken.
  C. Email.
  E. SMS phone message.

• Question 140:

  Which of the following statements are true regarding the web filtering modes? (Choose two.)

  A. Proxy based mode allows for customizable block pages to display when sites are prevented.
  B. Proxy based mode requires more resources than flow-based.
  C. Flow based mode offers more settings under the advanced configuration section of the GUI.
  D. Proxy based mode offers higher throughput than flow-based mode.
  A. Proxy based mode allows for customizable block pages to display when sites are prevented.
  B. Proxy based mode requires more resources than flow-based.