Which of the following IPsec configuration modes can be used for implementing L2TP- over-IPSec VPNs?
A. Policy-based IPsec only.
B. Route-based IPsec only.
C. Both policy-based and route-based VPN.
D. L2TP-over-IPSec is not supported by FortiGate devices.
Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)
A. Both proxy-based and flow-based inspection are supported.
B. A replacement message cannot be presented to users when a virus has been detected.
C. It saves CPU resources.
D. The ingress and egress interfaces can be in different SPs.
Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.)
A. The device this command is executed on is likely to switch from master to slave status if override is disabled.
B. The device this command executed on is likely to switch from master to slave status if override is enabled.
C. The command has no impact on the HA algorithm.
D. This commands resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.
Which methods can FortiGate use to send a One Time Password (OTP) to Two-Factor Authentication users? (Choose three.)
A. Hardware FortiToken
B. Web Portal
C. Email
D. USB Token
E. Software FortiToken (FortiToken mobile)
Which of the following statements are correct concerning layer 2 broadcast domains in transparent mode VDOMs?(Choose two)
A. The whole VDOM is a single broadcast domain even when multiple VLAN are used.
B. Each VLAN is a separate broadcast domain.
C. Interfaces configured with the same VLAN ID can belong to different broadcast domains.
D. All the interfaces in the same broadcast domain must use the same VLAN ID.
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?
A. The workstation fails to reply to the polls frequently done by the collector agent.
B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
C. The work station notifies the DC agent that the user has logged off.
D. The collector agent gets the logoff events when polling the respective domain controller.
Which of the following statement correct describes the use of the "diagnose sys ha reset- uptime" command?
A. To force an HA failover when the HA override setting is disabled.
B. To force an HA failover when the HA override setting is enabled.
C. To clear the HA counters.
D. To restart a FortiGate unit that is part of an HA cluster.
Files that are larger than the oversized limit are subjected to which Antivirus check?
A. Grayware
B. Virus
C. Sandbox
D. Heuristic
Which commands are appropriate for investigating high CPU? (Choose two.)
A. diag sys top
B. diag hardware sysinfo mem
C. diag debug flow
D. get system performance status
Which of the following items is NOT a packet characteristic matched by a firewall service object?
A. ICMP type and code
B. TCP/UDP source and destination ports
C. IP protocol number
D. TCP sequence number
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.