1. Home
  2. Fortinet
  3. NSE4

Fortinet Network Security Expert 4 Written Exam (400)

Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet Fortinet Certifications NSE4 Questions & Answers

  • Question 201:

    Examine the network topology diagram in the exhibit; the workstation with the IP address 212.10.11.110 sends a TCP SYN packet to the workstation with the IP address 212.10.11.20.

    Which of the following sentences best describes the result of the reverse path forwarding (RFP) check executed by the FortiGate on the SYN packets? (Choose two).

    A. Packets is allowed if RPF is configured as loose.

    B. Packets is allowed if RPF is configured as strict.

    C. Packets is blocked if RPF is configured as loose.

    D. Packets is blocked if RPF is configured as strict.

  • Question 202:

    Which of the following authentication methods can be used for SSL VPN authentication? (Choose three.)

    A. Remote Password Authentication (RADIUS, LDAP)

    B. Two-Factor Authentication

    C. Local Password Authentication

    D. FSSO

    E. RSSO

  • Question 203:

    Which statements are true regarding the factory default configuration? (Choose three.)

    A. The default web filtering profile is applied to the first firewall policy.

    B. The 'Port1' or 'Internal' interface has the IP address 192.168.1.99.

    C. The implicit firewall policy action is ACCEPT.

    D. The 'Port1' or 'Internal' interface has a DHCP server set up and enabled (on device models that support DHCP servers).

    E. Default login uses the username: admin (all lowercase) and no password.

  • Question 204:

    Which of the following actions can be used to back up the keys and digital certificates in a FortiGate device? (Choose two.)

    A. Taking a full backup of the FortiGate configuration

    B. Uploading a PKCS#10 file to a USB drive

    C. Manually uploading the certificate information to a Certificate authority (CA)

    D. Uploading a PKCS#12 file to a TFTP server

  • Question 205:

    Which statements regarding banned words are correct? (Choose two.)

    A. Content is automatically blocked if a single instance of a banned word appears.

    B. The FortiGate updates banned words on a periodic basis.

    C. The FortiGate can scan web pages and email messages for instances of banned words.

    D. Banned words can be expressed as simple text, wildcards and regular expressions.

  • Question 206:

    Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.

    Which of the following statements correctly describes the static routing configuration provided above?

    A. The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.

    B. The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.

    C. The FortiGate sends all the traffic to 172.20.168.0/24 through port1.

    D. Only the route that is using port1 will show up in the routing table.

  • Question 207:

    When creating FortiGate administrative users, which configuration objects specify the account rights?

    A. Remote access profiles.

    B. User groups.

    C. Administrator profiles.

    D. Local-in policies.

  • Question 208:

    A backup file begins with this line:

    #config-version=FGVM64-5.02-FW-build589-140613:opmode=0:vdom=0:user=admin #conf_file_ver=3881503152630288414 #buildno=0589 #global_vdom=1 Can you restore it to a FortiWiFi 60D?

    A. Yes

    B. Yes, but only if you replace the "#conf_file_ver" line so that it contains the serial number of that specific FortiWiFi 60D.

    C. Yes, but only if it is running the same version of FortiOS, or a newer compatible version.

    D. No

  • Question 209:

    A user logs into a SSL VPN portal and activates the tunnel mode. The exhibit shows the firewall policy and the user's SSL VPN portal configuration:

    Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table.

    A. A route to a destination subnet matching the Internal_Servers address object.

    B. A route to the destination subnet configured in the tunnel mode widget.

    C. A default route.

    D. A route to the destination subnet configured in the SSL VPN global settings.

  • Question 210:

    How can DLP file filters be configured to detect Office 2010 files?

    A. File TypE. Microsoft Office(msoffice)

    B. File TypE. Archive(zip)

    C. File TypE. Unknown Filetype(unknown)

    D. File NamE. "*.ppt", "*.doc", "*.xls"

    E. File NamE. "*.pptx", "*.docx", "*.xlsx"

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.