NSE4 Exam Questions
552 real NSE4 exam questions with expert-verified answers and explanations. Page 2 of 12.
- Question #52Firewall and Authentication
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory. Which of the following stateme...
FSSOAuthenticationSingle Sign-OnAgent Mode - Question #53Firewall and Authentication
Which statement is one disadvantage of using FSSO NetAPI polling mode over FSSO Security Event Log (WinSecLog) polling mode?
FSSOAuthenticationPolling modesNetAPI - Question #54Firewall and Authentication
Which are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment? [Choose two.]
FSSOAuthenticationActive DirectoryDC Agent Mode - Question #55Firewall Policies and Authentication
Which statement describes what the CLI command diagnose debug authd fsso list is used for?
FSSOCLI CommandsUser AuthenticationFortiGate Diagnostics - Question #56Security Profiles and Content Inspection
When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website?
SSL InspectionWeb FilteringCertificate FieldsTLS Handshake - Question #57Security Profiles and Content Inspection
Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.)
SSL ProxyHTTPS InspectionSSL HandshakeDeep Inspection - Question #58VPN and ZTNA
Bob wants to send Alice a file that is encrypted using public key cryptography. Which of the following statements is correct regarding the use of public key cryptography in this sc...
Public Key CryptographyEncryptionDecryptionAsymmetric Encryption - Question #59Security Profiles and Content Inspection
Which Fortinet products & features could be considered part of a comprehensive solution to monitor and prevent the leakage of senstive data? (Select all that apply.)
DLPFortiGateFortiMailApplication Control - Question #60Security Profiles and Content Inspection
For data leak prevention, which statement describes the difference between the block and quarantine actions?
DLP actionsData Leak PreventionSecurity ProfilesContent Inspection - Question #61FortiGate Deployment and System Configuration
In which process states is it impossible to interrupt/kill a process? (Choose two.)
Process statesOperating system fundamentalsLinux processesProcess management - Question #62Logging and Monitoring
Examine at the output below from the diagnose sys top command: # diagnose sys top 1 Run Time: 11 days, 3 hours and 29 minutes 0U, 0N, 1S, 99I; 971T, 528F, 160KF sshd 123 S 1.9 1.2...
Process monitoringSystem diagnosticsFortiOS CLICPU utilization - Question #63Firewall Policies and Authentication
Examine the following output from the diagnose sys session list command: session info: proto=6 proto_state=65 duration=3 expire=9 timeout=3600 flags=00000000 sockflag=00000000 sock...
Session monitoringNAT (Network Address Translation)FortiGate CLITroubleshooting - Question #64VPN and Routing
Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.)
IPsec VPNIPv6 TunnelingVPN ConfigurationQuick Mode Selectors - Question #65Routing and SD-WAN
Which statements are true regarding IPv6 anycast addresses? (Choose two.)
IPv6AnycastIP AddressingNetworking Fundamentals - Question #66Routing and SD-WAN
What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.)
IPv6Neighbor Discovery Protocol (NDP)SLAACNeighbor Reachability - Question #67VPN and Routing
Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor?
IPsec OffloadingNP6 ProcessorHardware AccelerationIPsec Configuration - Question #68Security Profiles and Content Inspection
Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)
Antivirus InspectionHardware OffloadingSecurity ProcessorPerformance Optimization - Question #69FortiGate Deployment and System Configuration
Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)
Hardware accelerationNP6 processorFortiGate performanceTraffic processing - Question #70Security Profiles and Content Inspection
Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic. What statements are true re...
High AvailabilityHardware AccelerationUTM InspectionSession Offloading - Question #71FortiGate Deployment and System Configuration
How is the FortiGate password recovery process?
Password RecoveryFortiGate AdministrationConsole AccessMaintainer Account - Question #72FortiGate Deployment and System Configuration
What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.)
DNSDNS Server ModesDNS ForwardingFortiGate System Services - Question #73Firewall and Authentication
When creating FortiGate administrative users, which configuration objects specify the account rights?
FortiGate administrationAdministrator profilesUser permissionsAdministrative access - Question #74FortiGate Deployment and System Configuration
Which statements are true regarding the factory default configuration? (Choose three.)
factory defaultsinitial setupinterface configurationadmin access - Question #75FortiGate Deployment and System Configuration
What methods can be used to access the FortiGate CLI? (Choose two.)
CLI accessFortiGate administrationConsole portGUI - Question #76Firewall and Authentication
What capabilities can a FortiGate provide? (Choose three.)
FortiGate featuresFirewallVPNEmail filtering - Question #77FortiGate Deployment and System Configuration
Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)
Administrative accessManagement protocolsFortiGate administration - Question #78Logging and Monitoring
Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit?
SNMP v3Network MonitoringSecurity ProtocolsFortiGate Management - Question #79Logging and Monitoring
What logging options are supported on a FortiGate unit? (Choose two.)
LoggingSyslogFortiAnalyzerLog destination - Question #80Logging and Monitoring
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?
FortiGate LoggingFortiAnalyzerFortiManagerLog Servers - Question #81Logging and Monitoring
Regarding the header and body sections in raw log messages, which statement is correct?
FortiGate logsLog message structureRaw logsHeader and body - Question #82FortiGate Deployment and System Configuration
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below. Which statements are correct regarding this setting? (Choose two.)
FortiGate HAManagement InterfaceHA ConfigurationInterface Synchronization - Question #83FortiGate Deployment and System Configuration
The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members. What is the effect of the Disconnect Cluster Member co...
FortiGate HACluster ManagementStandalone ModeManagement Access - Question #84Firewall Policies and Authentication
Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)
firewall policydestination addressfirewall objectsVirtual IP - Question #85Firewall Policies and Authentication
Which header field can be used in a firewall policy for traffic matching?
Firewall PoliciesTraffic MatchingICMPHeader Fields - Question #86Firewall Policies and Authentication
The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?
Firewall policiesCLI commandsPolicy reordering - Question #87FortiGate Deployment and System Configuration
Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line?
session managementsession timeoutFortiGate CLIsystem configuration - Question #88Firewall Policies and Authentication
In which order are firewall policies processed on a FortiGate unit?
Firewall PoliciesPolicy OrderFortiGate OperationPolicy Evaluation - Question #89Firewall and Authentication
Which statements are true regarding local user authentication? (Choose two.)
Local usersUser authenticationFortiGateTwo-factor authentication - Question #90FortiGate Deployment and System Configuration
Examine the following spanning tree configuration on a FortiGate in transparent mode: config system interface edit <interface name> set stp-forward enable end Which statement is co...
FortiGate Transparent ModeSpanning Tree ProtocolBPDU ForwardingLayer 2 Networking - Question #91FortiGate Deployment and System Configuration
Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B sho...
FortiGate HASession Synchronizationdiagnose sys session statHA Monitoring - Question #92FortiGate Deployment and System Configuration
An administrator has formed a high availability cluster involving two FortiGate units. [ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream La...
High Availability (HA)Network RedundancyLink AggregationNetwork Design - Question #93FortiGate Deployment and System Configuration
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to...
High Availability (HA)Active-Active HASession OffloadingTraffic Flow - Question #94FortiGate Deployment and System Configuration
Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit...
FortiGate HAHigh Availability configurationHA mode mismatchTroubleshooting HA - Question #95VPN and Routing
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
IPsec VPNRoute-based VPNGRE-over-IPsecVPN configuration - Question #96VPN and Routing
You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route- based mode. Users from either side must be able to initiate new sessions. There is on...
IPsec VPNRoute-based VPNFirewall PolicyStatic Route - Question #97VPN and Routing
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choos...
IPsec VPNPhase 1Phase 2Firewall Policy - Question #98VPN and ZTNA
What is IPsec Perfect Forwarding Secrecy (PFS)?.
IPsecPFSVPNKey Exchange - Question #99VPN and Routing
An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?
IPsec VPNRoute-based VPNVirtual InterfaceFortiGate VPN - Question #100FortiGate Deployment and System Configuration
A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which are two reasons for this problem? (Choose...
FortiGuard updatesNetwork troubleshootingNATDynamic IP - Question #101Security Profiles and Content Inspection
Which statement is correct regarding virus scanning on a FortiGate unit?
AntivirusSecurity ProfilesFirewall PoliciesContent Inspection