Fortinet Fortinet Certifications NSE4 Questions & Answers

• Question 11:

  What must be configured in order to keep two static routes to the same destination in the routing table?

  A. The same priority.

  B. The same distance and same priority.

  C. The same distance.

  D. The same metric.

  Correct Answer: B

• Question 12:

  What types of troubleshooting can you do when uploading firmware? (Choose two.)

  A. Investigate corrupted firmware

  B. Investigate current runtime state

  C. Investigate damaged hardware

  D. Investigate configuration history

  Correct Answer: AD

• Question 13:

  Examine the following log message attributes and select two correct statements from the list below. (Choose two.)

  hostname=www.youtube.com profiletype="Webfilter_Profile" profile="default" status="passthrough" msg="URL belongs to a category with warnings enabled"

  A. The traffic was blocked.

  B. The user failed authentication.

  C. The category action was set to warning.

  D. The website was allowed

  Correct Answer: CD

• Question 14:

  Which traffic can match a firewall policy's "Services" setting? (Choose three.)

  A. HTTP

  B. SSL

  C. DNS

  D. RSS

  E. HTTPS

  Correct Answer: ACE

• Question 15:

  Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device.

  Exhibit A:

  

  Exhibit B:

  

  Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)

  A. STUDENT is likely to be the master device.

  B. Session-pickup is likely to be enabled.

  C. The cluster mode is active-passive.

  D. There is not enough information to determine the cluster mode.

  Correct Answer: AD

• Question 16:

  Which protocols can you use for secure administrative access to a FortiGate? (Choose two)

  A. SSH

  B. Telnet

  C. NTLM

  D. HTTPS

  Correct Answer: AD

• Question 17:

  Which user group types does FortiGate support for firewall authentication? (Choose three.)

  A. RSSO

  B. Firewall

  C. LDAP

  D. NTLM

  E. FSSO

  Correct Answer: ABE

• Question 18:

  Which of the following statements are true about Man-in-the-middle SSL Content Inspection? (Choose three.)

  A. The FortiGate device "re-signs" all the certificates coming from the HTTPS servers

  B. The FortiGate device acts as a sub-CA

  C. The local service certificate of the web server must be installed in the FortiGate device

  D. The FortiGate device does man-in-the-middle inspection.

  E. The required SSL Proxy certificate must first be requested to a public certificate authority (CA).

  Correct Answer: BCE

• Question 19:

  Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)

  A. IP address pool.

  B. Virtual IP address.

  C. IP address.

  D. IP address group.

  E. MAC address.

  Correct Answer: BCD

• Question 20:

  A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, they are not being received.

  Which of the following statements are possible reasons for this? (Select all that apply.)

  A. The external facing interface of the FortiGate unit is configured to use DHCP.

  B. The FortiGate unit has not been registered.

  C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured.

  D. The FortiGate unit is in Transparent mode which does not support push updates.

  Correct Answer: ABC