Browse Exams Pricing

ExamsNSE4Questions

NSE4 Exam Questions

552 real NSE4 exam questions with expert-verified answers and explanations. Page 5 of 12.

Question #206FortiGate Deployment and System Configuration
The command structure of the FortiGate CLI consists of commands, objects, branches, tables, and parameters. Which of the following items describes user?
FortiGate CLICLI Command StructureConfiguration ObjectsSystem Configuration
Question #207FortiGate Deployment and System Configuration
The command structure of the CLI on a FortiGate unit consists of commands, objects, branches, tables and parameters. Which of the following items describes port1?
FortiGate CLICLI StructureInterfacesSystem Configuration
Question #209Firewall Policies and Authentication
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. An administrator must assign a set of UTM features to a...
UTM FeaturesFirewall PoliciesUser-based PoliciesSecurity Profiles
Question #210Security Profiles and Content Inspection
Which of the following items represent the minimum configuration steps an administrator must perform to enable Data Leak Prevention for traffic flowing through the FortiGate unit?...
DLPFortiGate ConfigurationSecurity ProfilesFirewall Policies
Question #211FortiGate Deployment and System Configuration
Because changing the operational mode to Transparent resets device (or vdom) to all defaults, which precautions should an Administrator take prior to performing this? (Select all t...
FortiGate operational modesTransparent modeConfiguration backupLayer 2 loops
Question #212Content Inspection
Which of the following statements best describes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?
FTP proxyContent inspectionProxy behaviorFTP splice
Question #213Security Profiles and Content Inspection
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?
Email securityPOP3/IMAP proxyContent inspectionApplication layer security
Question #214FortiGate Deployment and System Configuration
The FortiGate Web Config provides a link to update the firmware in the System > Status window.Clicking this link will perform which of the following actions?
Firmware UpdateFortiGate GUISystem ConfigurationAdministration
Question #215FortiGate Deployment and System Configuration
Which of the following statements correctly describes how a push update from the FortiGuard Distribution Network (FDN) works?
FortiGuard UpdatesFDNUpdate MechanismFortiGate Management
Question #216FortiGate Deployment and System Configuration
Which of the following statements best describes the green status indicators that appear next to different FortiGuard Distribution Network services as illustrated in the exhibit?
FortiGuardStatus IndicatorsConnectivityGUI
Question #217Content Inspection
Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that app...
DLPArchivingFortiAnalyzerContent Inspection
Question #218Security Profiles and Content Inspection
Which of the following statements are correct regarding Application Control?
Application ControlSecurity ProfilesIPS EngineSSL Inspection
Question #220Security Profiles and Content Inspection
Examine the exhibit shown below then answer the question that follows it. Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:
SSL InspectionCertificatesFortiGateProxy Options
Question #221FortiGate Deployment and System Configuration
Shown below is a section of output from the debug command diag ip arp list. index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 r...
ARPNetwork DiagnosticsFortiGate CLILayer 2 Networking
Question #222Routing and SD-WAN
Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it. Which one of the following statements correctl...
Routing TableECMPLoad BalancingFortiGate Routing
Question #223VPN and Routing
Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it. Which of the following statements are correct regarding this configuration?...
IPsec VPNPhase 1Route-based VPNLocal Gateway
Question #224Routing and SD-WAN
Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it. Which one of the following statements is correct regarding th...
OSPFRouting ProtocolsFortiGate ConfigurationInterface Activation
Question #225VPN and Routing
Examine the static route configuration shown below; then answer the question following it. config router static edit 1 set dst 172.20.1.0 255.255.255.0 set device port1 set gateway...
Static RoutingBlackhole RouteFortiGate RoutingSession Management
Question #226FortiGate Deployment and System Configuration
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
VDOMsFortiGate configurationSystem architectureVirtualization
Question #227FortiGate Deployment and System Configuration
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)
Port PairingForwarding DomainsNetwork SegmentationInterface Configuration
Question #228Security Profiles and Content Inspection
Examine the Exhibits shown below, then answer the question that follows. Review the following DLP Sensor (Exhibit 1): Review the following File Filter list for rule #1 (Exhibit 2):...
DLPFile FilterTrue File Type DetectionSecurity Profiles
Question #229FortiGate Deployment and System Configuration
What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)
High AvailabilitySession Pick-upTCP FailoverProxy Interactions
Question #230VPN and Routing
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)
IPSec VPNVPN TopologiesConfiguration ComplexityRouting Simplicity
Question #231Security Profiles and Content Inspection
The eicar test virus is put into a zip archive, which is given the password of "Fortinet" in order to open the archive. Review the configuration in the exhibits shown below; then a...
DLPEncrypted archivesContent inspectionSecurity profiles
Question #232Firewall and Authentication
With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Do...
FSSOAuthentication FlowCollector AgentDomain Controller Agent
Question #233FortiGate Deployment and System Configuration
In Transparent Mode, forward-domain is an attribute of ______________.
Transparent ModeForward DomainInterface ConfigurationLayer 2 Networking
Question #234Security Profiles and Content Inspection
Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) config ips se...
IPS SensorSecurity ProfilesCLI ConfigurationLogging
Question #235Logging and Monitoring
In which of the following report templates would you configure the charts to be included in the report?
ReportingReport TemplatesLayout ConfigurationFortiGate Reports
Question #236Security Profiles and Content Inspection
A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction...
DLPFortiGate DLPSecurity ProfilesRule Actions
Question #237Security Profiles and Content Inspection
An administrator is examining the attack logs and notices the following entry: type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192....
IPS Log AnalysisSecurity ProfilesAttack IdentificationFortiGate Log Interpretation
Question #238VPN and Routing
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)
IPSec VPNVPN TopologiesHub-and-SpokeFull Mesh
Question #239Logging and Monitoring
An administrator wishes to generate a report showing Top Traffic by service type. They notice that web traffic overwhelms the pie chart and want to exclude the web traffic from the...
ReportingData FilteringTraffic AnalysisFortiGate Logs
Question #240FortiGate Deployment and System Configuration
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 int...
FortiGate Management AccessInterface ConfigurationTroubleshootingdiagnose debug flow
Question #241FortiGate Deployment and System Configuration
Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?
WCCPWeb CacheHealth CheckService Monitoring
Question #242FortiGate Deployment and System Configuration
A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following items would an admi...
VDOMsAdministrative ScopeGlobal SettingsFortiGuard Configuration
Question #243Security Profiles and Content Inspection
Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?
Antivirus scanningGrayware protectionSecurity profiles
Question #244VPN and Routing
WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?
WAN OptimizationActive/Passive ModePeer RecognitionTunnel Establishment
Question #245FortiGate Deployment and System Configuration
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. Which of the following statements are correct regarding these VDOMs? (Select all th...
VDOMsFortiGate ConfigurationOperational ModesAdministrator Access
Question #246Logging and Monitoring
Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met. Considering this, which of the following statements is NOT correct?
FortiGate alertsFortiAnalyzer alertsLoggingMonitoring
Question #248Security Profiles and Content Inspection
SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?
SSL ProxyContent InspectionTraffic BufferingApplication Proxy
Question #249FortiGate Deployment and System Configuration
An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform?
Administrator ProfilesUser ManagementAccess ControlFortiGate Administration
Question #250Firewall and Authentication
Which of the following statements is correct about how the FortiGate unit verifies username and password during user authentication?
User AuthenticationLocal AccountsRemote AuthenticationFortiGate Users
Question #251Firewall and Authentication
Which of the following cannot be used in conjunction with the endpoint compliance check?
Endpoint ComplianceAuthentication RedirectionFeature CompatibilityAccess Control
Question #252VPN and Routing
An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings. Which of the following statements are correct regarding the IPSec VPN...
IPSec VPNInterface Mode VPNVirtual InterfaceVPN Configuration
Question #253Security Profiles and Content Inspection
Which of the following items are considered to be advantages of using the application control features on the FortiGate unit? Application control allows an administor to:
Application ControlFortiGateSession ManagementFirewall Policies
Question #254Security Profiles and Content Inspection
Which of the following DLP actions will always be performed if it is selected?
DLP ActionsContent InspectionSecurity ProfilesFortiGate DLP
Question #255FortiGate Deployment and System Configuration
A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM...
FortiGate VDOMsInterface assignmentConfiguration dependenciesSystem configuration
Question #256Routing and SD-WAN
In order to load-share traffic using multiple static routes, the routes must be configured with ...
Static RoutingECMPRoute MetricsLoad Balancing
Question #257Routing and SD-WAN
If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be annou...
Route RedistributionBGPOSPFFortiGate Routing
Question #258VPN and ZTNA
Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.)
SSL VPNFortiGate ConfigurationVPN PortalsUser Groups

PreviousPage 5 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.