NSE4 | Fortinet NSE4 Study Guides 2021

NEW QUESTION 1
What capabilities can a FortiGate provide? (Choose three)

• A. Mail relay
• B. Email filtering
• C. Firewall
• D. VPN gateway
• E. Mail server

Answer: BCD

NEW QUESTION 2
An Internet browser is using the WPAD DNS method to discover the PAC file’s URL. The DNS server replies to the browser’s request with the IP address 10.100.1.10. Which URL will the browser use to download the PAC file?

• A. http://10.100.1.10/proxy.pac
• B. https://10.100.1.10/
• C. http://10.100.1.10/wpad.dat
• D. https://10.100.1.10/proxy.pac

Answer: C

NEW QUESTION 3
In FortiOS session table output, what is the correct ‘proto_state’ number for an established, non-proxied TCP connection?

• A. 00
• B. 11
• C. 01
• D. 05

Answer: C

NEW QUESTION 4
The exhibit shoes three static routes.

Which routes will be used to route the packets to the destination IP address 172.20.168.1?

• A. The route with the ID number 2 and 3.
• B. Only the route with the ID number 3.
• C. Only the route with the ID number 2.
• D. Only the route with the ID number 1.

Answer: D

NEW QUESTION 5
What are examples of correct syntax for the session table diagnostics command? (Choose two.)

• A. diagnose sys session filter clear
• B. diagnose sys session src 10.0.1.254
• C. diagnose sys session filter
• D. diagnose sys session filter list dst.

Answer: AC

NEW QUESTION 6
Which type of conserve mode writes a log message immediately, rather than when the device exits conserve mode?

• A. Kernel
• B. Proxy
• C. System
• D. Device

Answer: B

NEW QUESTION 7
How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?

• A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy.
• B. Enable the shape option in a firewall policy with service set to BitTorrent.
• C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled.
• D. Apply a traffic shaper to a protocol options profile.

Answer: A

NEW QUESTION 8
If you enable the option "Generate Logs when Session Starts", what effect does this have on the number of traffic log messages generated for each session?

• A. No traffic log message is generated.
• B. One traffic log message is generated.
• C. Two traffic log messages are generated.
• D. A log message is only generated if there is a security event.

Answer: C

NEW QUESTION 9
A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, they are not being received.
Which is one reason for this problem?

• A. The FortiGate is connected to multiple ISPs.
• B. FortiGuard scheduled updates are enabled in the FortiGate configuration.
• C. The FortiGate is in Transparent mode.
• D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.

Answer: D

NEW QUESTION 10
Examine the following CLI configuration:
config system session -ttl set default 1800
end
What statement is true about the effect of the above configuration line?

• A. Sessions can be idle for no more than 1800 seconds.
• B. The maximum length of time a session can be open is 1800 seconds.
• C. After 1800 seconds, the end user must re-authenticate.
• D. after a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

Answer: A

NEW QUESTION 11
Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device.
Exhibit A:

Exhibit B:

Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)

• A. STUDENT is likely to be the master device.
• B. Session-pickup is likely to be enabled.
• C. The cluster mode is active-passive.
• D. There is not enough information to determine the cluster mode.

Answer: AD

NEW QUESTION 12
Which statements regarding banned words are correct? (Choose two.)

• A. Content is automatically blocked if a single instance of a banned word appears.
• B. The FortiGate updates banned words on a periodic basis.
• C. The FortiGate can scan web pages and email messages for instances of banned words.
• D. Banned words can be expressed as simple text, wildcards and regular expressions.

Answer: CD

NEW QUESTION 13
What logging options are supported on a FortiGate unit? (Choose two.)

• A. LDAP
• B. Syslog
• C. FortiAnalyzer
• D. SNMP

Answer: BC

NEW QUESTION 14
Which of the following statements are correct concerning IPsec dialup VPN configurations for FortiGate devices? (Choose two)

• A. Main mode mist be used when there is no more than one IPsec dialup VPN configured on the same FortiGate device.
• B. A FortiGate device with an IPsec VPN configured as dialup can initiate the tunnel connection to any remote IP address.
• C. Peer ID must be used when there is more than one aggressive-mode IPsec dialup VPN on the same FortiGate device.
• D. The FortiGate will automatically add a static route to the source quick mode selector address received from each remote peer.

Answer: CD

NEW QUESTION 15
What configuration objects are automatically added when using the FortiGate's FortiClient VPN Configurations Wizard?(Choose two)

• A. Static route
• B. Phase 1
• C. Users group
• D. Phase 2

Answer: BD

NEW QUESTION 16
A FortiGate device is configure to perform an AV & IPS scheduled update every hour.

Given the information in the exhibit, when will the next update happen?

• A. 01:00
• B. 02:05
• C. 11:00
• D. 11:08

Answer: D