Fortinet NSE4 Online Practice Questions and Exam Preparation

Fortinet NSE4 Online Questions & Answers

• Question 191:

  With FSSO DC-agent mode, a domain user could authenticate either against the domain controller running the collector agent and domain controller agent, or a domain controller running only the domain controller agent. If you attempt to authenticate with a domain controller running only the domain controller agent, which statements are correct? (Choose two.)

  A. The login event is sent to a collector agent.
  B. The FortiGate receives the user information directly from the receiving domain controller agent of the secondary domain controller.
  C. The domain collector agent may perform a DNS lookup for the authenticated client's IP address.
  D. The user cannot be authenticated with the FortiGate in this manner because each domain controller agent requires a dedicated collector agent.
  A. The login event is sent to a collector agent.
  C. The domain collector agent may perform a DNS lookup for the authenticated client's IP address.

• Question 192:

  Files that are larger than the oversized limit are subjected to which Antivirus check?

  A. Grayware
  B. Virus
  C. Sandbox
  D. Heuristic
  C. Sandbox

• Question 193:

  Regarding the header and body sections in raw log messages, which statement is correct?

  A. The header and body section layouts change depending on the log type.
  B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type.
  C. Some log types include multiple body sections.
  D. Some log types do not include a body section.
  B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type.

• Question 194:

  Which of the following IPsec configuration modes can be used when the FortiGate is running in NAT mode?

  A. Policy-based VPN only
  B. Both policy-based and route-based VPN.
  C. Route-based VPN only.
  D. IPSec VPNs are not supported when the FortiGate is running in NAT mode.
  B. Both policy-based and route-based VPN.

• Question 195:

  Examine the following FortiGate web proxy configuration; then answer the question below: config web-proxy explicit set pac-file-server-status enable set pac-file-server-port 8080 set pac-file-name wpad.dat end Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet browser use to download the PAC file?

  A. https://10.10.1.1:8080
  B. https://10.10.1.1:8080/wpad.dat
  C. http://10.10.1.1:8080/
  D. http://10.10.1.1:8080/wpad.dat
  D. http://10.10.1.1:8080/wpad.dat

• Question 196:

  Which two statements are true regarding firewall policy disclaimers? (Choose two.)

  A. They cannot be used in combination with user authentication.
  B. They can only be applied to wireless interfaces.
  C. Users must accept the disclaimer to continue.
  D. The disclaimer page is customizable.
  C. Users must accept the disclaimer to continue.
  D. The disclaimer page is customizable.

• Question 197:

  Which web filtering inspection mode inspects DNS traffic?

  A. DNS-based.
  B. FQDN-based.
  C. Flow-based.
  D. URL-based.
  A. DNS-based.

• Question 198:

  What are examples of correct syntax for the session table diagnostics command? (Choose two.)

  A. diagnose sys session filter clear
  B. diagnose sys session src 10.0.1.254
  C. diagnose sys session filter
  D. diagnose sys session filter list dst.
  A. diagnose sys session filter clear
  C. diagnose sys session filter

• Question 199:

  Which of the following IKE modes is the one used during the IPsec phase 2 negotiation?

  A. Aggressive mode
  B. Quick mode
  C. Main mode
  D. Fast mode
  B. Quick mode

• Question 200:

  Which of the following are considered log types? (Choose three.)

  A. Forward log
  B. Traffic log
  C. Syslog
  D. Event log
  E. Security log
  B. Traffic log
  D. Event log
  E. Security log