[Validated] NSE4 Fortinet test preparation 31-45 (Apr 2016)

NSE4 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!


Highest Quality of NSE4 test question materials and rapidshare for Fortinet certification for consumer, Real Success Guaranteed with Updated NSE4 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 4 Written Exam (400) exam Today!

2016 Apr NSE4 Study Guide Questions:

Q31. - (Topic 22) 

Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor? 

A. No protection profile can be applied over the IPsec traffic. 

B. Phase-2 anti-replay must be disabled. 

C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6. 

D. IPsec traffic must not be inspected by any FortiGate session helper. 

Answer: C

Q32. - (Topic 1) 

How is the FortiGate password recovery process? 

A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry. 

B. Log in through the console port using the “maintainer” account within several seconds of physically power cycling the FortiGate. 

C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password. 

D. Interrupt the boot sequence and restore a configuration file for which the password has 

been modified. 

Answer: B 

Q33. - (Topic 14) 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. 

Exhibit A: 

Exhibit B 

Which one of the following is the most likely reason that the cluster fails to form? 

A. Password 

B. HA mode 

C. Hearbeat 

D. Override 

Answer: B 

Q34. - (Topic 17) 

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory. 

Which of the following statements are correct regarding FSSO in a Windows domain environment when agent mode is used? (Choose two.) 

A. An FSSO collector agent must be installed on every domain controller. 

B. An FSSO domain controller agent must be installed on every domain controller. 

C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit. 

D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit. 

Answer: B,D 

Q35. - (Topic 17) 

Which are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment? [Choose two.] 

A. DNS server must properly resolve all workstation names. 

B. The remote registry service must be running in all workstations. 

C. The collector agent must be installed in one of the Windows domain controllers. 

D. A same user cannot be logged in into two different workstations at the same time. 

Answer: A,B 

NSE4 free download

Refresh NSE4 question:

Q36. - (Topic 15) 

Review the IKE debug output for IPsec shown in the exhibit below. 

Which statements is correct regarding this output? 

A. The output is a phase 1 negotiation. 

B. The output is a phase 2 negotiation. 

C. The output captures the dead peer detection messages. 

D. The output captures the dead gateway detection packets. 

Answer: C 

Q37. - (Topic 10) 

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent? 

A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. 

B. Enable the shape option in a firewall policy with service set to BitTorrent. 

C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled. 

D. Apply a traffic shaper to a protocol options profile. 

Answer: A 

Q38. - (Topic 10) 

Which statements are correct regarding application control? (Choose two.) 

A. It is based on the IPS engine. 

B. It is based on the AV engine. 

C. It can be applied to SSL encrypted traffic. 

D. Application control cannot be applied to SSL encrypted traffic. 

Answer: A,C 

Q39. - (Topic 11) 

Examine the two static routes to the same destination subnet as shown below; then answer the question following it. config router static edit 1 set dst set distance 20 set priority 10 set device port1 next edit 2 set dst set distance 20 set priority 20 set device port2 



Which of the following statements correctly describes the static routing configuration provided above? 

A. The FortiGate evenly shares the traffic to through both routes. 

B. The FortiGate shares the traffic to through both routes, but the port2 route will carry approximately twice as much of the traffic. 

C. The FortiGate sends all the traffic to through port1. 

D. Only the route that is using port1 will show up in the routing table. 

Answer: C 

Q40. - (Topic 3) 

Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line? 

A. Sessions can be idle for no more than 1800 seconds. 

B. The maximum length of time a session can be open is 1800 seconds. 

C. After 1800 seconds, the end user must re-authenticate. 

D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server. 

Answer: A 

NSE4 practice question

Actual NSE4 practice:

Q41. - (Topic 5) 

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) 

A. SSL VPN creates a HTTPS connection. IPsec does not. 

B. Both SSL VPNs and IPsec VPNs are standard protocols. 

C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. 

D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. 

Answer: A,D 

Q42. - (Topic 13) 

Which statements are correct for port pairing and forwarding domains? (Choose two.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domain only applies to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

Answer: A,D 

Q43. - (Topic 15) 

Which statements are correct properties of a partial mesh VPN deployment. (Choose two.) 

A. VPN tunnels interconnect between every single location. 

B. VPN tunnels are not configured between every single location. 

C. Some locations are reached via a hub location. 

D. There are no hub locations in a partial mesh. 

Answer: B,C 

Q44. - (Topic 11) 

Examine the exhibit below; then answer the question following it. 

In this scenario, the FortiGate unit in Ottawa has the following routing table: 

S* [10/0] via, port2 

C is directly connected, port1 

C is directly connected, port2 

Sniffer tests show that packets sent from the source IP address to the destination IP address are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets? 

A. The forward policy check. 

B. The reverse path forwarding check. 

C. The subnet is NOT in the Ottawa FortiGate’s routing table. 

D. The destination workstation does NOT have the subnet in its routing table. 

Answer: B 

Q45. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. 

Which statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying. 

B. Two tunnels are rekeying. 

C. Two tunnels are up. 

D. One tunnel is up. 

Answer: C 

see more Fortinet Network Security Expert 4 Written Exam (400)