Which two web filtering inspection modes inspect the full URL? (Choose two.)
A. DNS-based
B. Proxy-based
C. Flow-based
D. URL-based
For FortiGate devices equipped with Network Processor (NP) chips, which are true? (Choose three.)
A. For each new IP session, the first packet always goes to the CPU.
B. The kernel does not need to program the NPU. When the NPU sees the traffic, it determines by itself whether it can process the traffic
C. Once offloaded, unless there are errors, the NP forwards all subsequent packets. The CPU does not process them.
D. When the last packet is sent or received, such as a TCP FIN or TCP RST signal, the NP returns this session to the CPU for tear down.
E. Sessions for policies that have a security profile enabled can be NP offloaded.
Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)
A. DHCP
B. BOOTP
C. DNS
D. IPv6 autoconfiguration.
In FortiOS session table output, what are the two possible `proto_state' values for a UDP session? (Choose two.)
A. 00
B. 11
C. 01
D. 05
What functions can the IPv6 Neighbor Discovery Protocol accomplish? (Choose two.)
A. Negotiate the encryption parameters to use.
B. Auto-adjust the MTU setting.
C. Autoconfigure addresses and prefixes.
D. Determine other nodes reachability.
Which changes to IPS will reduce resource usage and improve performance? (Choose three)
A. In custom signature, remove unnecessary keywords to reduce how far into the signature tree that FortiGate must compare in order to determine whether the packet matches.
B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, applications and traffic directions that are not relevant.
C. In IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential signatures.
D. In firewall policies where IPS is not needed, disable IPS.
E. In firewall policies where IPS is used, enable session start logs.
Which are valid replies from a RADIUS server to an ACCESS-REQUEST packet from a FortiGate?
(Choose two.)
A. ACCESS-CHALLENGE
B. ACCESS-RESTRICT
C. ACCESS-PENDING
D. ACCESS-REJECT
A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode. Which one of the following statements is correct regarding the use of web-only mode SSL VPN?
A. Web-only mode supports SSL version 3 only.
B. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN.
C. Web-only mode requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client to be able to connect to a web-only mode SSL VPN.
Which of the following statements are true about IPsec VPNs? (Choose three.)
A. IPsec increases overhead and bandwidth.
B. IPsec operates at the layer 2 of the OSI model.
C. End-user's network applications must be properly pre-configured to send traffic across the IPsec VPN.
D. IPsec protects upper layer protocols.
E. IPsec operates at the layer 3 of the OSI model.
Which header field can be used in a firewall policy for traffic matching?
A. ICMP type and code.
B. DSCP.
C. TCP window size.
D. TCP sequence number.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.