1. Home
  2. Fortinet
  3. NSE4

Fortinet Network Security Expert 4 Written Exam (400)

Exam Details

  • Exam Code
    :NSE4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam (400)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :301 Q&As
  • Last Updated
    :Apr 21, 2024

Fortinet Fortinet Certifications NSE4 Questions & Answers

  • Question 81:

    In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

    A. Client - > slave FortiGate - > master FortiGate - > web server.

    B. Client - > slave FortiGate - > web server.

    C. Client - > master FortiGate - > slave FortiGate - > master FortiGate - >web server.

    D. Client - > master FortiGate - >slave FortiGate - > web server.

  • Question 82:

    Which statements are correct regarding virtual domains (VDOMs)? (Choose two)

    A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs.

    B. A management VDOM handles SNMP, logging, alert email and FDN-based updates.

    C. VDOMs share firmware versions, as well as antivirus and IPS databases.

    D. Different time zones can be configured in each VDOM.

  • Question 83:

    Review to the network topology in the exhibit.

    The workstation, 172.16.1.1/24, connects to port2 of the FortiGate device, and the ISP router, 172.16.1.2, connects to port1. Without changing IP addressing, which configuration changes are required to properly forward users traffic to the Internet? (Choose two)

    A. At least one firewall policy from port2 to port1 to allow outgoing traffic.

    B. A default route configured in the FortiGuard devices pointing to the ISP's router.

    C. Static or dynamic IP addresses in both ForitGate interfaces port1 and port2.

    D. The FortiGate devices configured in transparent mode.

  • Question 84:

    When does a FortiGate load-share traffic between two static routes to the same destination subnet?

    A. When they have the same cost and distance.

    B. When they have the same distance and the same weight.

    C. When they have the same distance and different priority.

    D. When they have the same distance and same priority.

  • Question 85:

    Which of the following statements best describes what a Certificate Signing Request (CSR) is?

    A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.

    B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate

    C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate

    D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)

  • Question 86:

    Which of the following combinations of two FortiGate device configurations (side A and side B), can be used to successfully establish an IPsec VPN between them? (choose two)

    A. Side A:main mode, remote gateway as static IP address, policy based VPN. Side B: aggressive mode, remote Gateway as static IP address policy-based VPN.

    B. Side A:main mode, remote gateway as static IP address, policy based VPN. Side B: main mode, remote gateway as static IP address, route-based VPN

    C. Side A:main mode, remote gateway as static IP address, policy based VPN. Side B: main mode, remote gateway as dialup, route-based VPN.

    D. Side A: main mode, remote gateway as dialup policy based VPN, Side B: main mode, remote gateway as dialup, policy based VPN.

  • Question 87:

    When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)

    A. SMTP

    B. SSH

    C. HTTP

    D. FTP

    E. SCP

  • Question 88:

    Which statement best describes what a Fortinet System on a Chip (SoC) is?

    A. Low-power chip that provides general purpose processing power

    B. Chip that combines general purpose processing power with Fortinet's custom ASIC technology

    C. Light-version chip (with fewer features) of an SP processor

    D. Light-version chip (with fewer features) of a CP processor

  • Question 89:

    Which correctly define "Section View" and "Global View" for firewall policies? (Choose two.)

    A. Section View lists firewall policies primarily by their interface pairs.

    B. Section View lists firewall policies primarily by their sequence number.

    C. Global View lists firewall policies primarily by their interface pairs.

    D. Global View lists firewall policies primarily by their policy sequence number.

    E. The 'any' interface may be used with Section View.

  • Question 90:

    Examine the output below from the diagnose sys top command:

    Which statements are true regarding the output above (Choose two.)

    A. The sshd process is the one consuming most CPU.

    B. The sshd process is using 123 pages of memory.

    C. The command diagnose sys kill miglogd will restart the miglogd process.

    D. All the processes listed are in sleeping state.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.