NSE4 | Practical NSE4 Braindumps 2021

Act now and download your today! Do not waste time for the worthless tutorials. Download with real questions and answers and begin to learn with a classic professional.

Free NSE4 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
Which statement is correct regarding virus scanning on a FortiGate unit?

  • A. Virus scanning is enabled by default.
  • B. Fortinet customer support enables virus scanning remotely for you.
  • C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
  • D. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.

Answer: C

NEW QUESTION 2
Which of the following statements are true regarding the web filtering modes? (Choose two.)

  • A. Proxy based mode allows for customizable block pages to display when sites are prevented.
  • B. Proxy based mode requires more resources than flow-based.
  • C. Flow based mode offers more settings under the advanced configuration section of the GUI.
  • D. Proxy based mode offers higher throughput than flow-based mode.

Answer: AB

NEW QUESTION 3
Caching improves performance by reducing FortiGate unit requests to the FortiGuard server. Which of the following statements are correct regarding the caching of FortiGuard responses?

  • A. Caching is available for web filtering, antispam, and IPS requests.
  • B. The cache uses a small portion of the FortiGate system memory.
  • C. When the cache is full, the least recently used IP address or URL is deleted from the cache.
  • D. An administrator can configure the number of seconds to store information in the cache before the FortiGate unit contacts the FortiGuard server again.
  • E. The size of the cache will increase to accommodate any number of cached queries.

Answer: BCD

NEW QUESTION 4
Which of the following statements are correct regarding a master HA unit? (Choose two)

  • A. There should be only one master unit is each HA virtual cluster.
  • B. The Master synchronizes cluster configuration with slaves.
  • C. Only the master has a reserved management HA interface.
  • D. Heartbeat interfaces are not required on a master unit.

Answer: AB

NEW QUESTION 5
Which of the following statements best describes what a Certificate Signing Request (CSR) is?

  • A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.
  • B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate
  • C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate
  • D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)

Answer: B

NEW QUESTION 6
Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)

  • A. Both proxy-based and flow-based inspection are supported.
  • B. A replacement message cannot be presented to users when a virus has been detected.
  • C. It saves CPU resources.
  • D. The ingress and egress interfaces can be in different SPs.

Answer: BC

NEW QUESTION 7
Which is NOT true about the settings for an IP pool type port block allocation?

  • A. A Block Size defines the number of connections.
  • B. Blocks Per User defines the number of connection blocks for each user.
  • C. An Internal IP Range defines the IP addresses permitted to use the pool.
  • D. An External IP Range defines the IP addresses in the pool.

Answer: B

NEW QUESTION 8
A FortiGate devices is configured with four VDOMs: 'root' and 'vdom1' are in NAT/route mode; 'vdom2' and 'vdom2' are in transparent mode. The management VDOM is 'root'. Which of the following statements are true? (Choose two.)

  • A. An inter-VDOM link between 'root' and 'vdom1' can be created.
  • B. An inter-VDOM link between 'vdom1' and vdom2' can created.
  • C. An inter-VDOM link between 'vdom2' and vdom3' can created.
  • D. Inter-VDOM link links must be manually configured for FortiGuard traffic.

Answer: AB

NEW QUESTION 9
Which of the following statements are correct concerning the FortiGate session life support protocol? (Choose two)

  • A. By default, UDP sessions are not synchronized.
  • B. Up to four FortiGate devices in standalone mode are supported.
  • C. only the master unit handles the traffic.
  • D. Allows per-VDOM session synchronization.

Answer: AD

NEW QUESTION 10
Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection?
(Choose two.)

  • A. The web client SSL handshake.
  • B. The web server SSL handshake.
  • C. File buffering.
  • D. Communication with the URL filter process.

Answer: AB

NEW QUESTION 11
Which of the following statements are true regarding application control? (Choose two.)

  • A. Application control is based on TCP destination port numbers.
  • B. Application control is proxy based.
  • C. Encrypted traffic can be identified by application control.
  • D. Traffic shaping can be applied to the detected application traffic.

Answer: CD

NEW QUESTION 12
Which statement best describes the objective of the SYN proxy feature available in SP processors?

  • A. Accelerate the TCP 3-way handshake
  • B. Collect statistics regarding traffic sessions
  • C. Analyze the SYN packet to decide if the new session can be offloaded to the SP processor
  • D. Protect against SYN flood attacks.

Answer: D

NEW QUESTION 13
Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type.
Which of the following are some of the available event types in Web Config?

  • A. Intrusion detected.
  • B. Successful firewall authentication.
  • C. Oversized file detected.
  • D. DHCP address assigned.
  • E. FortiGuard Web Filtering rating error detected.

Answer: A

NEW QUESTION 14
Which header field can be used in a firewall policy for traffic matching?

  • A. ICMP type and code.
  • B. DSCP.
  • C. TCP window size.
  • D. TCP sequence number.

Answer: A

NEW QUESTION 15
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?

  • A. The workstation fails to reply to the polls frequently done by the collector agent.
  • B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
  • C. The work station notifies the DC agent that the user has logged off.
  • D. The collector agent gets the logoff events when polling the respective domain controller.

Answer: D

NEW QUESTION 16
What actions are possible with Application Control? (Choose three.)

  • A. Warn
  • B. Allow
  • C. Block
  • D. Traffic Shaping
  • E. Quarantine

Answer: BCD

P.S. Easily pass NSE4 Exam with 301 Q&As Surepassexam Dumps & pdf Version, Welcome to Download the Newest Surepassexam NSE4 Dumps: https://www.surepassexam.com/NSE4-exam-dumps.html (301 New Questions)