Browse Exams Pricing

ExamsNSE4Questions

NSE4 Exam Questions

552 real NSE4 exam questions with expert-verified answers and explanations. Page 10 of 12.

Question #461Security Profiles and Content Inspection
Which answer best describes what an "Unknown Application" is?
Application ControlUnknown ApplicationTraffic IdentificationSecurity Profiles
Question #462Security Profiles and Content Inspection
Which of the following statements are true about Man-in-the-middle SSL Content Inspection? (Choose three.)
SSL Content InspectionMan-in-the-middleCertificate AuthorityFortiGate
Question #463Firewall and Authentication
What are the advantages of FSSO DC mode over polling mode?
FSSOAuthenticationActive DirectoryDC Agent Mode
Question #464Logging and Monitoring
In the debug command output shown in the exhibit, which of the following best described the MAC address 00:09:0f:69:03:7e ?
MAC addressDebug outputLayer 2 networkingNetwork troubleshooting
Question #465Firewall Policies and Authentication
Which correctly define "Section View" and "Global View" for firewall policies? (Choose two.)
Firewall PoliciesFortiGate GUIPolicy ViewsPolicy Management
Question #466VPN and Routing
Which of the following statements is true regarding the differences between route-based and policy-based IPsec VPNs? (Choose two.)
IPsec VPNRoute-based VPNPolicy-based VPNFirewall Policies
Question #467VPN and Routing
Which of the following options best defines what Diffie-Hellman is?
Diffie-HellmanKey exchangeCryptographyVPN
Question #468Logging and Monitoring
To which remote device can the FortiGate send logs? (Choose three.)
LoggingLog destinationsRemote loggingFortiGate logging
Question #469FortiGate Deployment and System Configuration
What are required to be the same for two FortiGate units to form an HA cluster? (Choose two)
FortiGate HAHigh AvailabilityClusteringSystem Configuration
Question #470VPN and Routing
The exhibit shows two static routes to the same destinations subnet 172.20.168.0/24. Which of the following statements correctly describes this static routing configuration? (choos...
Static RoutingRouting TableRoute SelectionAdministrative Distance
Question #471Logging and Monitoring
What are the ways FortiGate can monitor logs? (Choose three.)
LoggingMonitoringAlertsSNMP
Question #472Firewall and Authentication
Which of the following statements are true about PKI users created in a FortiGate device? (Choose two.)
PKIUser AuthenticationTwo-Factor AuthenticationFortiGate Users
Question #473Security Profiles and Content Inspection
What is longest length of time allowed on a FortiGate device for the virus scan to complete?
FortiGateAntivirusVirus Scan TimeoutContent Inspection
Question #474Security Profiles and Content Inspection
Your Linux email server runs on a non-standard port number, port 2525. Which statement is true?
IPSSMTP inspectionNon-standard portsProtocol options
Question #475FortiGate Deployment and System Configuration
A new version of FortiOS firmware has just been released. When you upload new firmware, which is true?
Firmware upgradeBootloader recoveryTFTPConfiguration management
Question #476Firewall Policies and Authentication
Which of the following FSSO agents are required for a DC agent mode solution? (Choose two.)
FSSODC Agent ModeCollector AgentUser Authentication
Question #477FortiGate Deployment and System Configuration
Which statement best describes what the FortiGate hardware acceleration processors main task is?
Hardware AccelerationFortiGate ArchitectureTraffic ProcessingNPU/SPU
Question #478FortiGate Deployment and System Configuration
Review to the network topology in the exhibit. The workstation, 172.16.1.1/24, connects to port2 of the FortiGate device, and the ISP router, 172.16.1.2, connects to port1. Without...
Firewall PoliciesTransparent ModeFortiGate Operation ModesNetwork Topology Analysis
Question #479Firewall and Authentication
Which best describes the authentication timeout?
User AuthenticationSession TimeoutsIdle TimeoutAuthentication Settings
Question #480Firewall Policies and Authentication
Which is NOT true about source matching with firewall policies?
Firewall PolicySource MatchingFortiGate ConfigurationPolicy Components
Question #481Security Profiles and Content Inspection
Files reported as "suspicious" were subject to which Antivirus check"?
AntivirusHeuristic scanningMalware detection
Question #482Security Profiles and Content Inspection
Which profile could IPS engine use on an interface that is in sniffer mode? (Choose three)
Security ProfilesContent InspectionSniffer ModeFortiGate
Question #483VPN and ZTNA
A FortiGate is configured with the 1.1.1.1/24 address on the wan2 interface and HTTPS Administrative Access, using the default tcp port, is enabled for that interface. Given the SS...
SSL VPN ConfigurationFortiGate Admin AccessNetwork PortsURL Access
Question #484VPN and Routing
Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three)
Policy-Based RoutingIP HeadersTCP/UDP HeadersTraffic Classification
Question #485VPN and Routing
Which of the following protocols are defined in the IPsec Standard? (Choose two)
IPsecAHESPSecurity Protocols
Question #486Routing and SD-WAN
Which action does the FortiGate take when link health monitor times out?
link health monitorroutingnext-hop gatewayFortiGate behavior
Question #487Firewall Policies and Authentication
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the...
Firewall policiesUser authenticationDNS accessNetwork services
Question #488Security Profiles and Content Inspection
Which of the following statements are true regarding application control? (Choose two.)
Application ControlTraffic ShapingEncrypted Traffic InspectionFortiGate Security Profiles
Question #489Security Profiles and Content Inspection
Which of the following statements is true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)
PAC fileWeb proxyFortiGate web filteringProxy exemption
Question #490FortiGate Deployment and System Configuration
Which of the following statements is true regarding a FortiGate device operating in transparent mode? (Choose three.)
FortiGate Transparent ModeLayer 2 BridgingContent InspectionNetwork Modes
Question #491Security Profiles and Content Inspection
What is the maximum number of different virus databases a FortiGate can have?
FortiGate AntivirusVirus DatabasesSecurity ProfilesContent Inspection
Question #492Firewall Policies and Authentication
Which is true about incoming and outgoing interfaces in firewall policies?
Firewall policiesInterfacesPolicy componentsFortiGate
Question #493Firewall and Authentication
Which are valid replies from a RADIUS server to an ACCESS-REQUEST packet from a FortiGate? (Choose two.)
RADIUS protocolAuthenticationFortiGate authenticationProtocol messages
Question #494VPN and Routing
Review the IPsec phase 1 configuration in the exhibit; then answer the question below. Which statements are correct regarding this configuration? (Choose two.)
IPsec VPNPhase 1 ConfigurationFortiGate CLIGateway Address
Question #495FortiGate Deployment and System Configuration
Which of the following statements are correct regarding a master HA unit? (Choose two)
FortiGate HAHA Master RoleConfiguration SynchronizationCluster Architecture
Question #496Firewall Policies and Authentication
Which of the following authentication methods can be used for SSL VPN authentication? (Choose three.)
SSL VPNAuthenticationRemote AuthenticationTwo-Factor Authentication
Question #497Logging and Monitoring
What log type would indicate whether a VPN is going up or down?
VPN loggingEvent logsSystem monitoringFortiGate logs
Question #498Logging and Monitoring
Where are most of the security events logged?
FortiGate loggingSecurity eventsEvent logsLog types
Question #499Logging and Monitoring
Which commands are appropriate for investigating high CPU? (Choose two.)
High CPU troubleshootingDiagnostic commandsPerformance monitoringFortiGate CLI
Question #500VPN and Routing
Which statement is correct concerning an IPsec VPN with the remote gateway setting configured as 'Dynamic DNS'?
IPsec VPNDynamic DNSRemote GatewayVPN Configuration
Question #501FortiGate Deployment and System Configuration
Which of the following statements describes the objectives of the gratuitous ARP packets sent by an HA cluster?
High Availability (HA)Gratuitous ARPFailoverNetwork Switches
Question #502Security Profiles and Content Inspection
How do application control signatures update on a FortiGate device?
Application ControlFortiGuardSignature Updates
Question #503Logging and Monitoring
In FortiOS session table output, what is the correct `proto_state' number for an established, non- proxied TCP connection?
FortiOS CLISession TableTCP StatesDiagnostic Commands
Question #504Security Profiles and Content Inspection
You are creating a custom signature. Which has incorrect syntax?
Custom SignatureIPSSyntaxSecurity Profile
Question #505Firewall Policies and Authentication
What is not true of configuring disclaimers on the FortiGate?
DisclaimersUser AuthenticationCaptive PortalAccess Control
Question #506FortiGate Deployment and System Configuration
What is the FortiGate password recovery process?
FortiGate administrationPassword recoveryConsole accessMaintainer account
Question #507Security Profiles and Content Inspection
Which of the following are benefits of using web caching? (Choose three.)
Web CachingNetwork OptimizationBandwidth ManagementLatency Reduction
Question #508FortiGate Deployment and System Configuration
Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor?
IPsecHardware AccelerationNP6 ProcessorPerformance Optimization
Question #509Firewall and Authentication
Which methods can FortiGate use to send a One Time Password (OTP) to Two-Factor Authentication users? (Choose three.)
Two-Factor AuthenticationOne-Time PasswordFortiTokenAuthentication Methods
Question #510FortiGate Deployment and System Configuration
When an administrator attempts to manage FortiGate from an IP address that is not a trusted host, what happens?
Administrative AccessTrusted HostsSecurity FeaturesFortiGate Management

PreviousPage 10 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.