1. Home
  2. Fortinet
  3. NSE4

Fortinet Network Security Expert 4 Written Exam (400)

Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet Fortinet Certifications NSE4 Questions & Answers

  • Question 151:

    Which authentication scheme is not supported by the RADIUS implementation on FortiGate?

    A. CHAP

    B. MSCHAP2

    C. PAP

    D. FSSO

  • Question 152:

    How do application control signatures update on a FortiGate device?

    A. Through FortiGuard updates.

    B. Upgrade the FortiOS firmware to a newer release.

    C. By running the Application Control auto-learning feature.

    D. Signatures are hard coded to the device and cannot be updated.

  • Question 153:

    Which of the following statements describe some of the differences between symmetric and asymmetric cryptography? (Choose two.)

    A. In symmetric cryptography, the keys are publicly available. In asymmetric cryptography, the keys must be kept secret.

    B. Asymmetric cryptography can encrypt data faster than symmetric cryptography

    C. Symmetric cryptography uses one pre-shared key. Asymmetric cryptography uses a pair or keys

    D. Asymmetric keys can be sent to the remote peer via digital certificates. Symmetric keys cannot

  • Question 154:

    Which is true about incoming and outgoing interfaces in firewall policies?

    A. A physical interface may not be used.

    B. A zone may not be used.

    C. Multiple interfaces may not be used for both incoming and outgoing.

    D. Source and destination interfaces are mandatory.

  • Question 155:

    If there are no changes in the routing table and in the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate in NAT /Route mode, when searching for a suitable gateway?

    A. A lookup is done only when the first packet coming from the client (SYN) arrives.

    B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.

    C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).

    D. A lookup is always done each time a packet arrives, from either the server or the client side.

  • Question 156:

    In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below.

    Which statements are correct regarding this setting? (Choose two.)

    A. Interface settings on port7 will not be synchronized with other cluster members.

    B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.

    C. When connecting to port7 you always connect to the master device.

    D. A gateway address may be configured for port7.

  • Question 157:

    Which statements are correct regarding application control? (Choose two.)

    A. It is based on the IPS engine.

    B. It is based on the AV engine.

    C. It can be applied to SSL encrypted traffic.

    D. It cannot be applied to SSL encrypted traffic.

  • Question 158:

    Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type.

    Which of the following are some of the available event types in Web Config?

    A. Intrusion detected.

    B. Successful firewall authentication.

    C. Oversized file detected.

    D. DHCP address assigned.

    E. FortiGuard Web Filtering rating error detected.

  • Question 159:

    Which statement is one disadvantage of using FSSO NetAPI polling mode over FSSO Security Event Log (WinSecLog) polling mode?

    A. It requires a DC agent installed in some of the Windows DC.

    B. It runs slower.

    C. It might miss some logon events.

    D. It requires access to a DNS server for workstation name resolution.

  • Question 160:

    Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below.

    Which statements are correct regarding this output (Choose two.)

    A. The connecting client has been allocated address 172.20.1.1.

    B. In the Phase 1 settings, dead peer detection is enabled.

    C. The tunnel is idle.

    D. The connecting client has been allocated address 10.200.3.1.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.