1. Home
  2. Fortinet
  3. NSE4

Fortinet Network Security Expert 4 Written Exam (400)

Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet Fortinet Certifications NSE4 Questions & Answers

  • Question 291:

    Which statements are true regarding IPv6 anycast addresses? (Choose two.)

    A. Multiple interfaces can share the same anycast address.

    B. They are allocated from the multicast address space.

    C. Different nodes cannot share the same anycast address.

    D. An anycast packet is routed to the nearest interface.

  • Question 292:

    Examine the exhibit shown below; then answer the question following it.

    Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

    A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network.

    B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network.

    C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.

    D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network.

  • Question 293:

    Which of the following are possible actions for FortiGuard web category filtering? (Choose three.)

    A. Allow

    B. Block

    C. Exempt

    D. Warning

    E. Shape

  • Question 294:

    The exhibit shows a part output of the diagnostic command 'diagnose debug application ike 255', taken during establishment of a VPN. Which of the following statement are correct concerning this output? (choose two)

    A. The quick mode selectors negotiated between both IPsec VPN peers is 0.0.0.0/32 for both source and destination addresses.

    B. The output corresponds to a phase 2 negotiation

    C. NAT-T enabled and there is third device in the path performing NAT of the traffic between both IPsec VPN peers.

    D. The IP address of the remote IPsec VPN peer is 172.20.187.114

  • Question 295:

    What configuration objects are automatically added when using the FortiGate's FortiClient VPN Configurations Wizard?(Choose two)

    A. Static route

    B. Phase 1

    C. Users group

    D. Phase 2

  • Question 296:

    Which of the following statements is correct concerning multiple vdoms configured in a FortiGate device?

    A. FortiGate devices,from the FGT/FWF 60D and above, all support VDOMS.

    B. All FortiGate devices scale to 250 VDOMS.

    C. Each VDOM requires its own FortiGuard license.

    D. FortiGate devices support more NAT/route VDOMs than Transparent Mode VDOMs.

  • Question 297:

    Which of the following statements are correct regarding SSL VPN Web-only mode? (Choose two.)

    A. It can only be used to connect to web services.

    B. IP traffic is encapsulated over HTTPS.

    C. Access to internal network resources is possible from the SSL VPN portal.

    D. The standalone FortiClient SSL VPN client CANNOT be used to establish a Web-only SSL VPN.

    E. It is not possible to connect to SSH servers through the VPN.

  • Question 298:

    Which best describe the mechanism of a TCP SYN flood?

    A. The attacker keeps open many connections with slow data transmission so that other clients cannot start new connections.

    B. The attacker sends a packet designed to "sync" with the FortiGate.

    C. The attacker sends a specially crafted malformed packet, intended to crash the target by exploiting its parser.

    D. The attacker starts many connections, but never acknowledges to fully form them.

  • Question 299:

    Which of the following statements must be true for a digital certificate to be valid? (Choose two.)

    A. It must be signed by a "trusted" CA

    B. It must be listed as valid in a Certificate Revocation List (CRL)

    C. The CA field must be "TRUE"

    D. It must be still within its validity period

  • Question 300:

    What log type would indicate whether a VPN is going up or down?

    A. Event log

    B. Security log

    C. Forward log

    D. Syslog

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.