1. Home
  2. Fortinet
  3. NSE4

Fortinet NSE4 Online Practice Questions and Exam Preparation

NSE4 Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet NSE4 Online Questions & Answers

  • Question 221:

    Which changes to IPS will reduce resource usage and improve performance? (Choose three)

    A. In custom signature, remove unnecessary keywords to reduce how far into the signature tree that FortiGate must compare in order to determine whether the packet matches.
    B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, applications and traffic directions that are not relevant.
    C. In IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential signatures.
    D. In firewall policies where IPS is not needed, disable IPS.
    E. In firewall policies where IPS is used, enable session start logs.

  • Question 222:

    A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

    Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.)

    A. The administrator can configure inter-VDOM links to avoid using external interfaces and routers.
    B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links.
    C. This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing.
    D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.
    E. As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.

  • Question 223:

    Review the IPS sensor filter configuration shown in the exhibit.

    Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.)

    A. It does not log attacks targeting Linux servers.
    B. It matches all traffic to Linux servers.
    C. Its action will block traffic matching these signatures.
    D. It only takes affect when the sensor is applied to a policy.

  • Question 224:

    Which of the following email spam filtering features is NOT supported on a FortiGate unit?

    A. Multipurpose Internet Mail Extensions (MIME) Header Check
    B. HELO DNS Lookup
    C. Greylisting
    D. Banned Word

  • Question 225:

    Which protocol can an Internet browser use to download the PAC file with the web proxy configuration?

    A. HTTPS
    B. FTP
    C. TFTP
    D. HTTP

  • Question 226:

    Files reported as "suspicious" were subject to which Antivirus check"?

    A. Grayware
    B. Virus
    C. Sandbox
    D. Heuristic

  • Question 227:

    In an IPSec gateway-to-gateway configuration, two FortiGate units create a VPN tunnel between two separate private networks. Which of the following configuration steps must be performed on both FortiGate units to support this configuration?

    A. Create firewall policies to control traffic between the IP source and destination address.
    B. Configure the appropriate user groups on the FortiGate units to allow users access to the IPSec VPN connection.
    C. Set the operating mode of the FortiGate unit to IPSec VPN mode.
    D. Define the Phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with the remote peer.
    E. Define the Phase 1 parameters that the FortiGate unit needs to authenticate the remote peers.

  • Question 228:

    Which of the following statements best describes the role of a DC agents in an FSSO DC?

    A. Captures the login events and forward them to the collector agent.
    B. Captures the user IP address and workstation name and forward that information to the FortiGate devices.
    C. Captures the login and logoff events and forward them to the collector agent.
    D. Captures the login events and forward them to the FortiGate devices.

  • Question 229:

    Which of the following statements are true about IPsec VPNs? (Choose three.)

    A. IPsec increases overhead and bandwidth.
    B. IPsec operates at the layer 2 of the OSI model.
    C. End-user's network applications must be properly pre-configured to send traffic across the IPsec VPN.
    D. IPsec protects upper layer protocols.
    E. IPsec operates at the layer 3 of the OSI model.

  • Question 230:

    Which of the following statements best describe what a FortiGate does when packets match a black hole route?

    A. Packets are dropped.
    B. Packets are routed based on the information in the policy-based routing table.
    C. An ICMP error message is sent back to the originator.
    D. Packet are routed back to the originator.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.