1. Home
  2. Fortinet
  3. NSE4

Fortinet Network Security Expert 4 Written Exam (400)

Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet Fortinet Certifications NSE4 Questions & Answers

  • Question 191:

    A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1 next end Which of the following conditions are required for this static default route to be displayed in the FortiGate

    unit's routing table? (Choose two.)

    A. The administrative status of the wan1 interface is displayed as down.

    B. The link status of the wan1 interface is displayed as up.

    C. All other default routers should have a lower distance.

    D. The wan1 interface address and gateway address are on the same subnet.

  • Question 192:

    Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway 172.11.12.1 set distance 10 set weight 5 next edit 2 set dst 172.20.1.0 255.255.255.0 set blackhole enable set distance 5 set weight 10 next end Which of the following statements correctly describes the static routing configuration provided? (Choose

    two.)

    A. All traffic to 172.20.1.0/24 is dropped by the FortiGate.

    B. As long as port1 is up, all traffic to 172.20.1.0/24 is routed by the static route number 1. if the interface port1 is down, the traffic is routed using the blackhole route.

    C. The FortiGate unit does NOT create a session entry in the session table when the traffic is being routed by the blackhole route.

    D. The FortiGate unit creates a session entry in the session table when the traffic is being routed by the blackhole route.

  • Question 193:

    Which type of conserve mode writes a log message immediately, rather than when the device exits conserve mode?

    A. Kernel

    B. Proxy

    C. System

    D. Device

  • Question 194:

    Examine the following spanning tree configuration on a FortiGate in transparent mode:

    config system interface

    edit

    set stp-forward enable

    end

    Which statement is correct for the above configuration?

    A. The FortiGate participates in spanning tree.

    B. The FortiGate device forwards received spanning tree messages.

    C. Ethernet layer-2 loops are likely to occur.

    D. The FortiGate generates spanning tree BPDU frames.

  • Question 195:

    Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.

    Which statements is correct regarding this output?

    A. One tunnel is rekeying.

    B. Two tunnels are rekeying.

    C. Two tunnels are up.

    D. One tunnel is up.

  • Question 196:

    Examine the exhibit below; then answer the question following it.

    In this scenario. The FortiGate unit in Ottawa has the following routing table: s*0.0.0.0/0 [10/0] via 172.20.170.254, port2 c172.20.167.0/24 is directly connected, port1 c172.20.170.0/24 is directly connected, port2 Sniffer tests show that packets sent from the source IP address 170.20.168.2 to the destination IP address

    172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets?

    A. The forward policy check.

    B. The reserve path forwarding check.

    C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate's routing table.

    D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.

  • Question 197:

    In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

    A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.

    B. Request: internal host; slave FortiGate; Internet; web server.

    C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.

    D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.

  • Question 198:

    A new version of FortiOS firmware has just been released. When you upload new firmware, which is true?

    A. If you upload the firmware image via the boot loader's menu from a TFTP server, it will not preserve the configuration. But if you upload new firmware via the GUI or CLI, as long as you are following a supported upgrade path, FortiOS will attempt to convert the existing configuration to be valid with any new or changed syntax.

    B. No settings are preserved. You must completely reconfigure.

    C. No settings are preserved. After the upgrade, you must upload a configuration backup file. FortiOS will ignore any commands that are not valid in the new OS. In those cases, you must reconfigure settings that are not compatible with the new firmware.

    D. You must use FortiConverter to convert a backup configuration file into the syntax required by the new FortiOS, then upload it to FortiGate.

  • Question 199:

    FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory.

    Which of the following statements are correct regarding FSSO in a Windows domain environment when DC-agent mode is used? (Choose two.)

    A. An FSSO collector agent must be installed on every domain controller.

    B. An FSSO domain controller agent must be installed on every domain controller.

    C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit.

    D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit.

  • Question 200:

    Which of the following statements best describes what a Public Certificate Authority (CA) is?

    A. A service that provides a digital certificate each time a user is authenticating

    B. An entity that certifies that the information contained in a digital certificate is valid and true.

    C. The FortiGate process in charge of generating digital certificates on the fly for SSL inspection purposes

    D. A service that validates digital certificates for certificate-based authentication purposes

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.