Browse Exams Pricing

ExamsNSE4Questions

NSE4 Exam Questions

552 real NSE4 exam questions with expert-verified answers and explanations. Page 11 of 12.

Question #511VPN and Routing
Which statement is not correct regarding SSL VPN Tunnel mode?
SSL VPNTunnel ModeFortiClient
Question #512Firewall and Authentication
When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?
LDAPAuthenticationFortiGate ConfigurationRemote Authentication
Question #513Firewall and Authentication
Which of the following statements best describes what a Public Certificate Authority (CA) is?
Public Key Infrastructure (PKI)Digital CertificatesCertificate Authority (CA)Authentication
Question #514FortiGate Deployment and System Configuration
Which of the following statement correct describes the use of the "diagnose sys ha reset- uptime" command?
FortiGate HAHA FailoverHA OverrideDiagnostic Commands
Question #515Security Profiles and Content Inspection
Which of the following web filtering modes can inspect the full URL? (Choose two.)
Web FilteringInspection ModesProxy InspectionFlow Inspection
Question #516Firewall Policies and Authentication
What determines whether a log message is generated or not?
Firewall policiesLoggingLog generationTraffic logging
Question #517Security Profiles and Content Inspection
Which of the following actions can be used with the FortiGuard quota feature? (Choose three.)
FortiGuardQuota managementWeb filteringSecurity profiles
Question #518Logging and Monitoring
In a Crash log, what does a status of 0 indicate?
Crash logsLog interpretationProcess statusFortiOS logging
Question #519FortiGate Deployment and System Configuration
A FortiGate unit has multiple VDOMs in NAT/route mode with multiple VLAN interfaces in each VDOM. Which of the following statements is correct regarding the IP addresses assigned t...
VDOMsVLAN InterfacesIP AddressingInterface Configuration
Question #520Firewall Policies and Authentication
In "diag debug flow" output, you see the message "Allowed by Policy-1: SNAT". Which is true?
Debug flowFirewall policiesPolicy IDSNAT
Question #521Security Profiles and Content Inspection
Which is not a FortiGate feature?
FortiGate featuresNGFW capabilitiesSecurity profilesThreat protection
Question #522Logging and Monitoring
What attributes are always included in a log header? (Choose three.)
FortiGate logsLog attributesLog headerLogging structure
Question #523FortiGate Deployment and System Configuration
Which of the following statements best describes what a Certificate Signing Request (CSR) is?
Certificate Signing Request (CSR)Digital CertificatesCertificate Authority (CA)PKI
Question #524Security Profiles and Content Inspection
Which of the following are possible actions for FortiGuard web category filtering? (Choose three.)
FortiGuardWeb FilteringSecurity ProfilesFiltering Actions
Question #525Security Profiles and Content Inspection
Which best describes the mechanism of a TCP SYN flood?
TCP/IPDoS AttacksSYN FloodNetwork Security
Question #526Security Profiles and Content Inspection
Which changes to IPS will reduce resource usage and improve performance? (Choose three)
IPS performanceResource optimizationSignature managementFortiGate IPS
Question #527FortiGate Deployment and System Configuration
Which of the following actions can be used to back up the keys and digital certificates in a FortiGate device? (Choose two.)
Certificate ManagementBackup and RestorePKCS#12FortiGate Configuration
Question #528FortiGate Deployment and System Configuration
Which TCP states does the global setting `tcp-half-open-timer' applies to? (Choose two.)
TCP Session ManagementFortiGate Global SettingsTCP StatesFirewall Configuration
Question #529FortiGate Deployment and System Configuration
In transparent mode, forward-domain is a CLI setting associated with _________ .
Transparent ModeInterface ConfigurationCLIForwarding Domain
Question #530VPN and Routing
What action does an IPsec Gateway take with the user traffic routed to an IPsec VPN when it does not match any phase 2 quick mode selector?
IPsec VPNPhase 2 SelectorTraffic HandlingFortiGate VPN
Question #531Security Profiles and Content Inspection
On your FortiGate 60D, you've configured firewall policies. They port forward traffic to your Linux Apache web server. Select the best way to protect your web server by using the I...
IPSSecurity ProfilesWeb Server ProtectionFortiGate Configuration
Question #532FortiGate Deployment and System Configuration
A backup file begins with this line: #config-version=FGVM64-5.02-FW-build589-140613:opmode=0:vdom=0:user=admin #conf_file_ver=3881503152630288414 #buildno=0589 #global_vdom=1 Can y...
Configuration BackupDevice CompatibilityFortiGate VMHardware Models
Question #533Security Profiles and Content Inspection
Which is the following statement are true regarding application control? (choose two)
Application ControlDeep Packet InspectionTraffic ShapingSecurity Profiles
Question #534VPN and Routing
View the Exhibit. The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending I...
RoutingICMPFortiGate CLINetwork Troubleshooting
Question #535FortiGate Deployment and System Configuration
How can you format the FortiGate flash disk?
FortiGate System MaintenanceFlash Disk ManagementBIOS ConfigurationBoot Device
Question #536Security Profiles and Content Inspection
How do you configure inline SSL inspection on a firewall policy? (Choose two.)
SSL InspectionFirewall PoliciesSecurity ProfilesFlow-based Inspection
Question #537FortiGate Deployment and System Configuration
Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)
NP6 processorHardware offloadIPv6 sessionsNAT64 sessions
Question #538FortiGate Deployment and System Configuration
View the exhibit. Based on this output, which statements are correct? (Choose two.)
FortiGate Conserve ModeSystem ResourcesSession Control
Question #539Security Profiles and Content Inspection
An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy. What else...
CASIApplication ControlSecurity ProfilesFirewall Policy
Question #540Firewall Policies and Authentication
How does FortiGate look for a matching firewall policy to process traffic?
Firewall PolicyPolicy EvaluationTraffic ProcessingFortiGate
Question #541Firewall Policies and Authentication
How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?
Traffic ShapingFirewall PoliciesApplication ControlP2P Traffic
Question #542Security Profiles and Content Inspection
Which file names will match the *.tiff file name pattern configured in a data leak prevention filter? (Choose two.)
DLPFile Pattern MatchingWildcardsContent Filtering
Question #543VPN and Routing
An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?
IPsec VPNXAuthDialup VPNAuthentication
Question #544Firewall Policies and Authentication
Examine this output from a debug flow: Which statements about the output are correct? (Choose two.)
Debug flow interpretationSource NATPacket routingFirewall policies
Question #545Security Profiles and Content Inspection
Which component of FortiOS performs application control inspection?
FortiOS componentsApplication controlInspection enginesSecurity profiles
Question #546VPN and Routing
Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)
IPsec VPNPolicy-based VPNFirewall policiesFortiGate operation modes
Question #547VPN and Routing
What statement describes what DNS64 does?
DNS64IPv6NAT64Network Translation
Question #548Firewall and Authentication
What does the command diagnose debuf fsso-polling refresh-user do?
FSSOAgentless PollingCLIDiagnostics
Question #549VPN and Routing
Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?
IPsec VPNAggressive ModeFortiClientRemote Access VPN
Question #550Firewall Policies and Authentication
An administrator has configured the following settings: What does the configuration do? (Choose two.)
Firewall SessionsDenied Traffic HandlingLoggingPolicy Behavior
Question #551Security Profiles and Content Inspection
Which statements about FortiGate inspection modes are true? (Choose two.)
Inspection ModesProxy-basedFlow-basedVDOM Transparent Mode
Question #552FortiGate Deployment and System Configuration
Examine the following interface configuration on a FortiGate in transparent mode: Which statement about this configuration is correct?
Transparent ModeSpanning Tree ProtocolBPDULayer 2
Question #553Security Profiles and Content Inspection
Examine this PAC file configuration. Which of the following statements are true? (Choose two.)
PAC fileWeb proxyProxy Auto-ConfigurationFortiGate capabilities
Question #554FortiGate Deployment and System Configuration
In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloade...
FortiGate HAActive-Active HASession OffloadingTraffic Flow
Question #555FortiGate Deployment and System Configuration
A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub- interfaces added to the same physical interface. Which statement about the VLAN IDs in th...
VLANsSub-interfacesInterface ConfigurationNetwork Segmentation
Question #556Security Profiles and Content Inspection
Which of the following statements are true when using Web Proxy Auto-discovery Protocol (WPAD) with the DHCP discovery method? (Choose two.)
WPADDHCPProxy Auto-discoveryPAC file
Question #557Security Profiles and Content Inspection
What inspections are executed by the IPS engine? (Choose three.)
IPS engineFlow-based inspectionSecurity profilesContent inspection
Question #558FortiGate Deployment and System Configuration
Examine the exhibit. A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router. Port2 and port3 are both configured as a software swit...
Default GatewayFortiGate InterfacesSoftware SwitchNetwork Configuration
Question #559Firewall and Authentication
Which of the following statements about the FSSO collector agent timers is true?
FSSOCollector AgentTimersAuthentication
Question #560FortiGate Deployment and System Configuration
An administrator has enabled the DHCP Server on the port1 interface and configured the following based on the exhibit. Which statement is correct based on this configuration?
DHCP ServerIP ReservationNetwork Configuration

PreviousPage 11 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.