Fortinet Fortinet Certifications NSE4 Questions & Answers

• Question 51:

  In a FSSO agentless polling mode solution, where must the collector agent be?

  A. In any Windows server

  B. In any of the AD domain controllers

  C. In the master AD domain controller

  D. The FortiGate device polls the AD domain controllers

  Correct Answer: D

• Question 52:

  Which is not a FortiGate feature?

  A. Database auditing

  B. Intrusion prevention

  C. Web filtering

  D. Application control

  Correct Answer: A

• Question 53:

  Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)

  A. Split tunneling is supported.

  B. It requires the installation of a VPN client.

  C. It requires the use of an Internet browser.

  D. It does not support traffic from third-party network applications.

  E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.

  Correct Answer: ABE

• Question 54:

  Review the IPsec phase 1 configuration in the exhibit; then answer the question below.

  

  Which statements are correct regarding this configuration? (Choose two.)

  A. The remote gateway address is 10.200.3.1

  B. The local IPsec interface address is 10.200.3.1

  C. The local gateway IP is the address assigned to port1

  D. The local gateway IP is 10.200.3.1

  Correct Answer: AC

• Question 55:

  Which of the following statements is true regarding the differences between route-based and policy-based IPsec VPNs? (Choose two.)

  A. The firewall policies for policy-based are bidirectional. The firewall policies for route- based are unidirectional.

  B. In policy-based VPNs the traffic crossing the tunnel must be routed to the virtual IPsec interface. In route-based, it does not.

  C. The action for firewall policies for route-based VPNs may be Accept or Deny, for policy- based VPNs it is Encrypt.

  D. Policy-based VPN uses an IPsec interface, route-based does not.

  Correct Answer: AC

• Question 56:

  Which of the following authentication methods are supported in an IPsec phase 1? (Choose two.)

  A. Asymmetric Keys

  B. CA root digital certificates

  C. RSA signature

  D. Pre-shared keys

  Correct Answer: CD

• Question 57:

  A FortiGate devices has two VDOMs in NAT/route mode. Which of the following solutions can be implemented by a network administrator to route traffic between the two VDOMs.(Choose two)

  A. Use the inter-VDOMs links automatically created between all VDOMS.

  B. Manually create and configured an inter-VDOM link between yours.

  C. Interconnect and configure an external physical interface in one VDOM to another physical interface in the second VDOM.

  D. Configure both VDOMs to share the same table.

  Correct Answer: BC

• Question 58:

  Which statement correctly describes the output of the command diagnose ips anomaly list?

  A. Lists the configured DoS policy.

  B. List the real-time counters for the configured DoS policy.

  C. Lists the errors captured when compiling the DoS policy.

  D. Lists the IPS signature matches.

  Correct Answer: B

• Question 59:

  Which of the following statements are correct about NTLM authentication? (Choose three)

  A. NTLM negotiation starts between the FortiGate device and the user's browser.

  B. It must be supported by the user's browser.

  C. It must be supported by the domain controllers.

  D. It does not require a collector agent.

  E. It does not require DC agents.

  Correct Answer: ABC

• Question 60:

  Which IPSec mode includes the peer id information in the first packet?

  A. Main mode.

  B. Quick mode.

  C. Aggressive mode.

  D. IKEv2 mode.

  Correct Answer: C