Fortinet Fortinet Certifications NSE4 Questions & Answers

• Question 181:

  Which statement is in advantage of using a hub and spoke IPsec VPN configuration instead of a fully-meshed set of IPsec tunnels?

  A. Using a hub and spoke topology provides full redundancy.

  B. Using a hub and spoke topology requires fewer tunnels.

  C. Using a hub and spoke topology uses stronger encryption protocols.

  D. Using a hub and spoke topology requires more routes.

  Correct Answer: B

• Question 182:

  A FortiGate device is configure to perform an AV and IPS scheduled update every hour.

  

  Given the information in the exhibit, when will the next update happen?

  A. 01:00

  B. 02:05

  C. 11:00

  D. 11:08

  Correct Answer: D

• Question 183:

  On your FortiGate 60D, you've configured firewall policies. They port forward traffic to your Linux Apache web server. Select the best way to protect your web server by using the IPS engine.

  A. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications. Configured DLP to block HTTP GET request with credit card numbers.

  B. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications. Configure DLP to block HTTP GET with credit card numbers. Also configure a DoS policy to prevent TCP SYn floods and port scans.

  C. None. FortiGate 60D is a desktop model, which does not support IPS.

  D. Enable IPS signatures for Linux and windows servers with FTP, HTTP, TCP, and SSL protocols and Apache and PHP applications.

  Correct Answer: D

• Question 184:

  Which of the following statements are true regarding DLP File Type Filtering? (Choose two.)

  A. Filters based on file extension

  B. Filters based on fingerprints

  C. Filters based on file content

  D. File types are hard coded in the FortiOS

  Correct Answer: BC

• Question 185:

  What is longest length of time allowed on a FortiGate device for the virus scan to complete?

  A. 20 seconds

  B. 30 seconds

  C. 45 seconds

  D. 10 seconds

  Correct Answer: B

• Question 186:

  What are required to be the same for two FortiGate units to form an HA cluster? (Choose two)

  A. Firmware.

  B. Model.

  C. Hostname.

  D. System time zone.

  Correct Answer: AB

• Question 187:

  What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.)

  A. Enable session pick-up.

  B. Enable override.

  C. Connections must be UDP or ICMP.

  D. Connections must not be handled by a proxy.

  Correct Answer: AD

• Question 188:

  Which are the three different types of Conserve Mode that can occur on a FortiGate device? (Choose three.)

  A. Proxy

  B. Operating system

  C. Kernel

  D. System

  E. Device

  Correct Answer: ACD

• Question 189:

  Which statement is correct regarding virus scanning on a FortiGate unit?

  A. Virus scanning is enabled by default.

  B. Fortinet customer support enables virus scanning remotely for you.

  C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.

  D. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.

  Correct Answer: C

• Question 190:

  Which of the following actions that can be taken by the Data Leak Prevention scanning? (Choose three.)

  A. Block

  B. Reject

  C. Tag

  D. Log only

  E. Quarantine IP address

  Correct Answer: ADE