Fortinet Fortinet Certifications NSE4 Questions & Answers

• Question 261:

  When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?

  A. The name of the attribute that identifies each user (Common Name Identifier).

  B. The user account or group element names (user DN).

  C. The server secret to allow for remote queries (Primary server secret).

  D. The credentials for an LDAP administrator (password).

  Correct Answer: C

• Question 262:

  Which of the following statements are true regarding the web filtering modes? (Choose two.)

  A. Proxy based mode allows for customizable block pages to display when sites are prevented.

  B. Proxy based mode requires more resources than flow-based.

  C. Flow based mode offers more settings under the advanced configuration section of the GUI.

  D. Proxy based mode offers higher throughput than flow-based mode.

  Correct Answer: AB

• Question 263:

  Which statement is correct concerning an IPsec VPN with the remote gateway setting configured as 'Dynamic DNS'?

  A. The FortiGate will accept IPsec VPN connection from any IP address.

  B. The FQDN resolution of the local FortiGate IP address where the VPN is terminated must be provided by a dynamic DNS provider.

  C. The FortiGate will Accept IPsec VPN connections only from IP addresses included on a dynamic DNS access list.

  D. The remote gateway IP address can change dynamically.

  Correct Answer: D

• Question 264:

  Which of the following FSSO modes must be used for Novell eDirectory networks?

  A. Agentless polling

  B. LDAP agent

  C. eDirectory agent

  D. DC agent

  Correct Answer: C

• Question 265:

  Which of the following actions can be used with the FortiGuard quota feature? (Choose three.)

  A. Allow

  B. Block

  C. Monitor

  D. Warning

  E. Authenticate

  Correct Answer: CDE

• Question 266:

  A FortiGate is configured with the 1.1.1.1/24 address on the wan2 interface and HTTPS Administrative Access, using the default tcp port, is enabled for that interface. Given the SSL VPN settings in the exhibit.

  

  Which of the following SSL VPN login portal URLs are valid? (Choose two.)

  A. http://1.1.1.1:443/Training

  B. https://1.1.1.1:443/STUDENTS

  C. https://1.1.1.1/login

  D. https://1.1.1.1/

  Correct Answer: BD

• Question 267:

  Which Fortinet products and features could be considered part of a comprehensive solution to monitor and prevent the leakage of sensitive data?

  A. Archive non-compliant outgoing e-mails using FortiMail.

  B. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate.

  C. Monitor database activity using FortiAnalyzer.

  D. Apply a DLP sensor to a firewall policy.

  E. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk.

  Correct Answer: ABD

• Question 268:

  Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit?

  A. MIB-based report uploads.

  B. SNMP access limited by access lists.

  C. Packet encryption.

  D. Running SNMP service on a non-standard port is possible.

  Correct Answer: C

• Question 269:

  Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)

  A. Fragmented packets.

  B. Multicast packet.

  C. SCTP packet.

  D. GRE packet.

  Correct Answer: BC

• Question 270:

  Which statements are correct properties of a partial mesh VPN deployment. (Choose two.)

  A. VPN tunnels interconnect between every single location.

  B. VPN tunnels are not configured between every single location.

  C. Some location may be reachable via a hub location.

  D. There are no hub locations in a partial mesh.

  Correct Answer: BC