1. Home
  2. Fortinet
  3. NSE4

Fortinet NSE4 Online Practice Questions and Exam Preparation

NSE4 Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet NSE4 Online Questions & Answers

  • Question 151:

    Which of the following IPsec configuration modes can be used for implementing L2TP- over-IPSec VPNs?

    A. Policy-based IPsec only.
    B. Route-based IPsec only.
    C. Both policy-based and route-based VPN.
    D. L2TP-over-IPSec is not supported by FortiGate devices.

  • Question 152:

    Which of the following statements describe some of the differences between symmetric and asymmetric cryptography? (Choose two.)

    A. In symmetric cryptography, the keys are publicly available. In asymmetric cryptography, the keys must be kept secret.
    B. Asymmetric cryptography can encrypt data faster than symmetric cryptography
    C. Symmetric cryptography uses one pre-shared key. Asymmetric cryptography uses a pair or keys
    D. Asymmetric keys can be sent to the remote peer via digital certificates. Symmetric keys cannot

  • Question 153:

    Examine the following output from the diagnose sys session list command:

    Which statements are true regarding the session above? (Choose two.)

    A. Session Time-To-Live (TTL) was configured to 9 seconds.
    B. FortiGate is doing NAT of both the source and destination IP address on all packets coming from the 192.168.1.110 address.
    C. The IP address 192.168.1.110 is being translated to 172.17.87.16.
    D. The FortiGate is not translating the TCP port numbers of the packets in this session.

  • Question 154:

    Which statements regarding banned words are correct? (Choose two.)

    A. Content is automatically blocked if a single instance of a banned word appears.
    B. The FortiGate updates banned words on a periodic basis.
    C. The FortiGate can scan web pages and email messages for instances of banned words.
    D. Banned words can be expressed as simple text, wildcards and regular expressions.

  • Question 155:

    If there are no changes in the routing table and in the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate in NAT /Route mode, when searching for a suitable gateway?

    A. A lookup is done only when the first packet coming from the client (SYN) arrives.
    B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.
    C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).
    D. A lookup is always done each time a packet arrives, from either the server or the client side.

  • Question 156:

    In a FSSO agentless polling mode solution, where must the collector agent be?

    A. In any Windows server
    B. In any of the AD domain controllers
    C. In the master AD domain controller
    D. The FortiGate device polls the AD domain controllers

  • Question 157:

    Which of the following statements are correct regarding logging to memory on a FortiGate unit?

    A. When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory.
    B. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages.
    C. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost.
    D. None of the above.

  • Question 158:

    An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

    A. The IPsec firewall policies must be placed at the top of the list.
    B. This VPN cannot be used as a part of a hub and spoke topology.
    C. Routes are automatically created based on the quick mode selectors.
    D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

  • Question 159:

    Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)

    A. DHCP
    B. BOOTP
    C. DNS
    D. IPv6 autoconfiguration.

  • Question 160:

    Which authentication scheme is not supported by the RADIUS implementation on FortiGate?

    A. CHAP
    B. MSCHAP2
    C. PAP
    D. FSSO

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.