1. Home
  2. Fortinet
  3. NSE4

Fortinet NSE4 Online Practice Questions and Exam Preparation

NSE4 Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet NSE4 Online Questions & Answers

  • Question 161:

    Regarding the use of web-only mode SSL VPN, which statement is correct?

    A. It support SSL version 3 only.
    B. It requires a Fortinet-supplied plug-in on the web client.
    C. It requires the user to have a web browser that suppports 64-bit cipher length.
    D. The JAVA run-time environment must be installed on the client.

  • Question 162:

    Which of the following statements is true regarding the differences between route-based and policy-based IPsec VPNs? (Choose two.)

    A. The firewall policies for policy-based are bidirectional. The firewall policies for route- based are unidirectional.
    B. In policy-based VPNs the traffic crossing the tunnel must be routed to the virtual IPsec interface. In route-based, it does not.
    C. The action for firewall policies for route-based VPNs may be Accept or Deny, for policy- based VPNs it is Encrypt.
    D. Policy-based VPN uses an IPsec interface, route-based does not.

  • Question 163:

    Which statement is in advantage of using a hub and spoke IPsec VPN configuration instead of a fully-meshed set of IPsec tunnels?

    A. Using a hub and spoke topology provides full redundancy.
    B. Using a hub and spoke topology requires fewer tunnels.
    C. Using a hub and spoke topology uses stronger encryption protocols.
    D. Using a hub and spoke topology requires more routes.

  • Question 164:

    Which user group types does FortiGate support for firewall authentication? (Choose three.)

    A. RSSO
    B. Firewall
    C. LDAP
    D. NTLM
    E. FSSO

  • Question 165:

    Which commands are appropriate for investigating high CPU? (Choose two.)

    A. diag sys top
    B. diag hardware sysinfo mem
    C. diag debug flow
    D. get system performance status

  • Question 166:

    The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.

    Based on the firewall configuration illustrated in the exhibit, which statement is correct?

    A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.
    B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
    C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.
    D. DNS Internet access is always allowed, even for users that have not authenticated.

  • Question 167:

    Which of the following protocols are defined in the IPsec Standard? (Choose two)

    A. AH
    B. GRE
    C. SSL/TLS
    D. ESP

  • Question 168:

    Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic. What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)

    A. They are offloaded to the NP6 in the master unit.
    B. They are not offloaded to the NP6 in the master unit.
    C. They are offloaded to the NP6 in the slave unit.
    D. They are not offloaded to the NP6 in the slave unit.

  • Question 169:

    A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.

    Which of the following settings will this administrator be able to configure? (Choose two.)

    A. Firewall addresses
    B. DHCP servers
    C. FortiGuard Distribution Network configuration.
    D. System hostname.

  • Question 170:

    Which of the following options best defines what Diffie-Hellman is?

    A. A symmetric encryption algorithm.
    B. A "key-agreement" protocol.
    C. A "Security-association-agreement" protocol.
    D. An authentication algorithm.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.