NSE4 | Practical NSE4 Braindumps 2021
Act now and download your today! Do not waste time for the worthless tutorials. Download with real questions and answers and begin to learn with a classic professional.
Free NSE4 Demo Online For Microsoft Certifitcation:
NEW QUESTION 1
Which statement is correct regarding virus scanning on a FortiGate unit?
- A. Virus scanning is enabled by default.
- B. Fortinet customer support enables virus scanning remotely for you.
- C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
- D. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.
Answer: C
NEW QUESTION 2
Which of the following statements are true regarding the web filtering modes? (Choose two.)
- A. Proxy based mode allows for customizable block pages to display when sites are prevented.
- B. Proxy based mode requires more resources than flow-based.
- C. Flow based mode offers more settings under the advanced configuration section of the GUI.
- D. Proxy based mode offers higher throughput than flow-based mode.
Answer: AB
NEW QUESTION 3
Caching improves performance by reducing FortiGate unit requests to the FortiGuard server. Which of the following statements are correct regarding the caching of FortiGuard responses?
- A. Caching is available for web filtering, antispam, and IPS requests.
- B. The cache uses a small portion of the FortiGate system memory.
- C. When the cache is full, the least recently used IP address or URL is deleted from the cache.
- D. An administrator can configure the number of seconds to store information in the cache before the FortiGate unit contacts the FortiGuard server again.
- E. The size of the cache will increase to accommodate any number of cached queries.
Answer: BCD
NEW QUESTION 4
Which of the following statements are correct regarding a master HA unit? (Choose two)
- A. There should be only one master unit is each HA virtual cluster.
- B. The Master synchronizes cluster configuration with slaves.
- C. Only the master has a reserved management HA interface.
- D. Heartbeat interfaces are not required on a master unit.
Answer: AB
NEW QUESTION 5
Which of the following statements best describes what a Certificate Signing Request (CSR) is?
- A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.
- B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate
- C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate
- D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)
Answer: B
NEW QUESTION 6
Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)
- A. Both proxy-based and flow-based inspection are supported.
- B. A replacement message cannot be presented to users when a virus has been detected.
- C. It saves CPU resources.
- D. The ingress and egress interfaces can be in different SPs.
Answer: BC
NEW QUESTION 7
Which is NOT true about the settings for an IP pool type port block allocation?
- A. A Block Size defines the number of connections.
- B. Blocks Per User defines the number of connection blocks for each user.
- C. An Internal IP Range defines the IP addresses permitted to use the pool.
- D. An External IP Range defines the IP addresses in the pool.
Answer: B
NEW QUESTION 8
A FortiGate devices is configured with four VDOMs: 'root' and 'vdom1' are in NAT/route mode; 'vdom2' and 'vdom2' are in transparent mode. The management VDOM is 'root'. Which of the following statements are true? (Choose two.)
- A. An inter-VDOM link between 'root' and 'vdom1' can be created.
- B. An inter-VDOM link between 'vdom1' and vdom2' can created.
- C. An inter-VDOM link between 'vdom2' and vdom3' can created.
- D. Inter-VDOM link links must be manually configured for FortiGuard traffic.
Answer: AB
NEW QUESTION 9
Which of the following statements are correct concerning the FortiGate session life support protocol? (Choose two)
- A. By default, UDP sessions are not synchronized.
- B. Up to four FortiGate devices in standalone mode are supported.
- C. only the master unit handles the traffic.
- D. Allows per-VDOM session synchronization.
Answer: AD
NEW QUESTION 10
Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection?
(Choose two.)
- A. The web client SSL handshake.
- B. The web server SSL handshake.
- C. File buffering.
- D. Communication with the URL filter process.
Answer: AB
NEW QUESTION 11
Which of the following statements are true regarding application control? (Choose two.)
- A. Application control is based on TCP destination port numbers.
- B. Application control is proxy based.
- C. Encrypted traffic can be identified by application control.
- D. Traffic shaping can be applied to the detected application traffic.
Answer: CD
NEW QUESTION 12
Which statement best describes the objective of the SYN proxy feature available in SP processors?
- A. Accelerate the TCP 3-way handshake
- B. Collect statistics regarding traffic sessions
- C. Analyze the SYN packet to decide if the new session can be offloaded to the SP processor
- D. Protect against SYN flood attacks.
Answer: D
NEW QUESTION 13
Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type.
Which of the following are some of the available event types in Web Config?
- A. Intrusion detected.
- B. Successful firewall authentication.
- C. Oversized file detected.
- D. DHCP address assigned.
- E. FortiGuard Web Filtering rating error detected.
Answer: A
NEW QUESTION 14
Which header field can be used in a firewall policy for traffic matching?
- A. ICMP type and code.
- B. DSCP.
- C. TCP window size.
- D. TCP sequence number.
Answer: A
NEW QUESTION 15
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?
- A. The workstation fails to reply to the polls frequently done by the collector agent.
- B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
- C. The work station notifies the DC agent that the user has logged off.
- D. The collector agent gets the logoff events when polling the respective domain controller.
Answer: D
NEW QUESTION 16
What actions are possible with Application Control? (Choose three.)
- A. Warn
- B. Allow
- C. Block
- D. Traffic Shaping
- E. Quarantine
Answer: BCD
P.S. Easily pass NSE4 Exam with 301 Q&As Surepassexam Dumps & pdf Version, Welcome to Download the Newest Surepassexam NSE4 Dumps: https://www.surepassexam.com/NSE4-exam-dumps.html (301 New Questions)