Browse Exams Pricing

ExamsNSE4Questions

NSE4 Exam Questions

552 real NSE4 exam questions with expert-verified answers and explanations. Page 1 of 12.

Question #1VPN and ZTNA
Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)
VPN TechnologiesIPsec VPNSSL VPNVPN Use Cases
Question #2Logging and Monitoring
Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type. Which of the following are some of the available...
AlertsEmail notificationsEvent typesSecurity monitoring
Question #3VPN and Routing
A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration: Which static ro...
SSL VPNSplit TunnelingRouting TableFirewall Policies
Question #4VPN and ZTNA
Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)
SSL VPNTunnel ModeVPN ClientSplit Tunneling
Question #5Security Profiles and Content Inspection
DLP archiving gives the ability to store session transaction data on a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)
DLP archivingContent inspectionFortiAnalyzerApplication protocols
Question #6Security Profiles and Content Inspection
Which statements regarding banned words are correct? (Choose two.)
Banned WordsContent InspectionDLPPattern Matching
Question #8FortiGate Deployment and System Configuration
Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)
PAC fileWeb Proxy Auto-DiscoveryBrowser Proxy ConfigurationExplicit Proxy
Question #9Security Profiles and Content Inspection
Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)
WPADPAC fileDHCPDNS
Question #10Firewall Policies and Authentication
What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?
Session-based authenticationIP-based authenticationWeb proxyMulti-user environments
Question #11Security Profiles and Content Inspection
Which two web filtering inspection modes inspect the full URL? (Choose two.)
Web FilteringInspection ModesFull URL InspectionSecurity Profiles
Question #12Security Profiles and Content Inspection
Which web filtering inspection mode inspects DNS traffic?
Web FilteringDNS InspectionSecurity ProfilesInspection Modes
Question #13Security Profiles and Content Inspection
Which statements are correct regarding URL filtering on a FortiGate unit? (Choose two.)
URL FilteringSecurity ProfilesContent FilteringFortiGate
Question #14Security Profiles and Content Inspection
Which of the following regular expression patterns make the terms "confidential data" case insensitive?
Regular ExpressionsRegex SyntaxCase InsensitivityPattern Matching
Question #15Security Profiles and Content Inspection
Which statements are correct regarding application control? (Choose two.)
Application ControlIPS EngineSSL InspectionSecurity Profiles
Question #16Security Profiles and Content Inspection
How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent?
Traffic ShapingApplication ControlFirewall PoliciesP2P Filtering
Question #17Security Profiles and Content Inspection
Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with a firewall policy? (Choose two.)
Traffic ShapingApplication ControlSecurity ProfilesBandwidth Management
Question #18Routing and SD-WAN
A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1...
Static RoutingRouting TableAdministrative DistanceInterface Configuration
Question #19VPN and Routing
When does a FortiGate load-share traffic between two static routes to the same destination subnet?
Static RoutesLoad SharingECMPFortiGate Routing
Question #20Routing and SD-WAN
Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway...
Static RoutingAdministrative DistanceBlackhole RouteFortiGate Packet Flow
Question #21VPN and Routing
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable...
Routing Table LookupTCP SessionFortiGate OperationNAT/Route Mode
Question #22Routing and SD-WAN
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0...
Static RoutingRouting PriorityAdministrative DistanceFortiGate Routing Logic
Question #23VPN and Routing
Examine the exhibit below; then answer the question following it. In this scenario, the FortiGate unit in Ottawa has the following routing table: S* 0.0.0.0/0 [10/0] via 172.20.170...
RoutingReverse Path Forwarding (RPF)FortiGate Packet ProcessingNetwork Troubleshooting
Question #24Routing and SD-WAN
Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it. Which two statements are correct regardin...
FortiGate RoutingRouting Table (FIB)Default RoutesECMP
Question #25Routing and SD-WAN
Examine the exhibit; then answer the question below. The Vancouver FortiGate initially had the following information in its routing table: S 172.20.0.0/16 [10/0] via 172.21.1.2, po...
Static RoutingFortiGate RoutingNext-hop ResolutionRouting Table
Question #26FortiGate Deployment and System Configuration
A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs?
VDOMsVirtual DomainsFortiGate ModesSystem Configuration
Question #27FortiGate Deployment and System Configuration
Which statements are correct regarding virtual domains (VDOMs)? (Choose two.)
VDOMsFortiGate architectureResource sharingManagement VDOM
Question #28FortiGate Deployment and System Configuration
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following settings will this admin...
VDOMsAdministrative scopeFortiGate administrationSystem configuration
Question #29FortiGate Deployment and System Configuration
A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the d...
VDOMsInterface ManagementSystem ConfigurationTroubleshooting
Question #30VPN and Routing
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. Which of the following statements are true if the network administrator wants to ro...
VDOMsInter-VDOM routingRouting tablesFirewall policies
Question #31FortiGate Deployment and System Configuration
A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub- interfaces added to the same physical interface. Which one of the following statements is...
VLANsFortiGate InterfacesNetwork Configuration
Question #32FortiGate Deployment and System Configuration
Which statements are correct for port pairing and forwarding domains? (Choose two.)
port pairingforwarding domainsbroadcast domainsnetwork segmentation
Question #33FortiGate Deployment and System Configuration
In transparent mode, forward-domain is an CLI setting associate with ______________.
FortiGate transparent modeforward-domaininterface configurationCLI settings
Question #34FortiGate Deployment and System Configuration
Which statements correctly describe transparent mode operation? (Choose three.)
Transparent ModeNetwork BridgingLayer-2 OperationFortiGate Deployment
Question #35FortiGate Deployment and System Configuration
Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is...
FortiGate HAMaster selectionHA criteriaHigh Availability
Question #36FortiGate Deployment and System Configuration
Which of the following statements are correct about the HA command diagnose sys ha reset- uptime? (Choose two.)
FortiGate HAHA commandsMaster electionHA override
Question #37FortiGate Deployment and System Configuration
What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.)
HASession SynchronizationFailoverProxy Mode
Question #38VPN and Routing
Review the static route configuration for IPsec shown in the exhibit; then answer the question below. Which statements are correct regarding this configuration? (Choose two.)
Static RoutingIPsec VPN (Route-based)FortiGate InterfacesRouting Concepts
Question #39VPN and ZTNA
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. Which of the following statements is correct regarding this output? (Select one an...
IPsec VPNVPN DiagnosticsFortiGate CLITunnel Status
Question #40VPN and ZTNA
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below. Which statements are correct regarding this configuration? (Choose two.).
IPsec VPNPhase 2 ConfigurationPerfect Forward SecrecyKey Management
Question #41VPN and Routing
Which statement is an advantage of using a hub and spoke IPsec VPN configuration instead of a fully-meshed set of IPsec tunnels?
IPsec VPNVPN TopologiesHub and SpokeFull Mesh
Question #42VPN and Routing
Review the IKE debug output for IPsec shown in the exhibit below. Which statements is correct regarding this output?
IPsec VPNIKEDead Peer Detection (DPD)Troubleshooting
Question #43VPN and Routing
Review the configuration for FortiClient IPsec shown in the exhibit. Which statement is correct regarding this configuration?
IPsec VPNFortiClientSplit-tunnelingClient Routing
Question #44VPN and Routing
Review the IPsec phase 1 configuration in the exhibit; then answer the question below. Which statements are correct regarding this configuration? (Choose two.)
IPsec VPNPhase 1Gateway ConfigurationFortiGate
Question #45VPN and Routing
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below. Which statements are correct regarding this output? (Choose two.)
IPsec VPNFortiGate CLIDiagnosticsDPD
Question #46VPN and Routing
Which IPsec mode includes the peer id information in the first packet?
IPsecIKEv1Aggressive ModePeer Identification
Question #47VPN and Routing
Which statements are correct properties of a partial mesh VPN deployment. (Choose two.)
VPNVPN TopologyPartial MeshNetwork Design
Question #48Logging and Monitoring
Examine the following log message for IPS and identify the valid responses below. (Select all that apply.) 2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert...
Log analysisIPS logsFortiGate loggingAttack identification
Question #49Logging and Monitoring
Identify the statement which correctly describes the output of the following command: diagnose ips anomaly list
IPS Anomaly DetectionDoS Policy CountersDiagnostic CommandsReal-time Monitoring
Question #50Security Profiles and Content Inspection
Review the IPS sensor filter configuration shown in the exhibit Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.)
IPSSecurity ProfilesFirewall PoliciesFortiGate Configuration
Question #51Firewall and Authentication
With FSSO, a domain user could authenticate either against the domain controller running the collector agent and domain controller agent, or a domain controller running only the do...
FSSOAuthenticationCollector AgentDomain Controller Agent

Page 1 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.