Browse Exams Pricing

ExamsNSE4Questions

NSE4 Exam Questions

552 real NSE4 exam questions with expert-verified answers and explanations. Page 7 of 12.

Question #310FortiGate Deployment and System Configuration
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
FortiGate interfacesInterface configurationVirtual WireTransparent Mode
Question #311Routing and SD-WAN
View the example routing table. Which route will be selected when trying to reach 10.20.30.254?
Routing TableLongest Prefix MatchSubnettingStatic Routing
Question #312VPN and Routing
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
SSL VPNWeb-modeFortiGate proxySource IP
Question #313Logging and Monitoring
What is FortiGate's behavior when local disk logging is disabled?
LoggingLocal loggingReal-time logsFortiGate behavior
Question #314Security Profiles and Content Inspection
What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
Web Application FirewallApplication SecuritySQL InjectionInformation Disclosure
Question #315Firewall Policies and Authentication
Which statements about One-to-One IP pool are true? (Choose two.)
NATIP PoolsOne-to-One NATStatic NAT
Question #316FortiGate Deployment and System Configuration
Which statements correctly describe transparent mode operation? (Choose three.)
Transparent modeFortiGate operationLayer 2 bridgingNetwork deployment
Question #317FortiGate Deployment and System Configuration
View the exhibit. What is the effect of the Disconnect Cluster Member operation as shown in the exhibit? (Choose two.)
FortiGate HACluster ManagementSystem ConfigurationManagement Access
Question #318VPN and Routing
What step is required an SSL VPN to access to an internal server using port forward mode?
SSL VPNPort Forward ModeClient ConfigurationVPN Access
Question #319VPN and Routing
View the exhibit. This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1. In this scenario. FGT1 has the following routing table...
Reverse Path Forwarding (RPF)Packet FlowRoutingTroubleshooting Connectivity
Question #320Security Profiles and Content Inspection
An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage...
Application ControlLoggingFirewall PolicySecurity Profiles
Question #321VPN and Routing
A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups. What is...
SSL VPNVPN RealmsUser AuthenticationFortiGate Configuration
Question #322VPN and Routing
Examine the routing database. Which of the following statements are correct? (Choose two.)
Routing tableDefault routesRoute selectionMetric
Question #323Security Profiles and Content Inspection
View the exhibit. When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?
SSL InspectionUntrusted CertificatesHTTPS TrafficSecurity Profiles
Question #324FortiGate Deployment and System Configuration
View the exhibit. When Role is set to Undefined, which statement is true?
FortiGate InterfacesInterface RolesGUI ConfigurationSystem Configuration
Question #325Firewall Policies and Authentication
Which statement is true regarding the policy ID numbers of firewall policies?
Firewall PoliciesPolicy IDCLI ConfigurationFortiGate Management
Question #326VPN and Routing
An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?
SSL VPNSplit TunnelingTraffic RoutingContent Inspection Preparation
Question #327Security Profiles and Content Inspection
Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)
Security ProcessorsHardware accelerationContent inspectionFortiGate architecture
Question #328FortiGate Deployment and System Configuration
An administrator has configured two VLAN interfaces: A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client...
DHCPVLANsNetwork SegmentationForward Domains
Question #329Security Profiles and Content Inspection
(Addicting.Games). Based on this configuration, which statement is true?
Application ControlApplication OverridesSecurity ProfilesContent Inspection
Question #330VPN and Routing
What are the purposes of NAT traversal in IPsec? (Choose two.)
IPsecNAT Traversal (NAT-T)VPNUDP encapsulation
Question #331Security Profiles and Content Inspection
Which statements about application control are true? (Choose two.)
Application ControlSecurity ProfilesDeep Packet InspectionFortiGate Features
Question #332Logging and Monitoring
View the exhibit. The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output: What should be done next to t...
Network TroubleshootingPacket CaptureFortiGate DiagnosticsConnectivity Issues
Question #333Firewall Policies and Authentication
Which of the following statements about NTLM authentication are correct? (Choose two.)
NTLM AuthenticationFSSOCollector AgentMulti-domain Environments
Question #334VPN and Routing
What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?
IPv6 TransitionIPsec VPNTunnelingNetwork Connectivity
Question #335VPN and Routing
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
ADVPNVPNDynamic RoutingSpoke-to-Spoke
Question #336FortiGate Deployment and System Configuration
View the exhibit. Which statements about the exhibit are true? (Choose two.)
VDOMsVLANsFortiGate InterfacesBroadcast Domains
Question #337Firewall Policies and Authentication
Which statement about the firewall policy authentication timeout is true?
Firewall policiesAuthentication timeoutIdle timeoutUser authentication
Question #338FortiGate Deployment and System Configuration
Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)
Administrative AccessSecurity Best PracticesManagement ProtocolsFortiGate Configuration
Question #339Security Profiles and Content Inspection
If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?
DLPSecurity ProfilesTraffic EnforcementIP Quarantine
Question #340Security Profiles and Content Inspection
How can a browser trust a web-server certificate signed by a third party CA?
PKICertificatesCA TrustSSL/TLS
Question #341Firewall and Authentication
How does FortiGate verify the login credentials of a remote LDAP user?
LDAPAuthenticationRemote AuthenticationUser Verification
Question #342Security Profiles and Content Inspection
An administrator has enabled proxy-based antivirus scanning and configured the following settings: Which statement about the above configuration is true?
AntivirusSecurity ProfilesContent InspectionProxy-based scanning
Question #343Logging and Monitoring
Examine this output from the diagnose sys top command: Which statements about the output are true? (Choose two.)
Process MonitoringCPU UtilizationMemory UtilizationSystem Diagnostics
Question #344Security Profiles and Content Inspection
An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?
IPS signatureIPS sensorCustom IPSSecurity Profiles
Question #345FortiGate Deployment and System Configuration
An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. W...
DNS Server ConfigurationRecursive DNSFortiGate DNS
Question #346FortiGate Deployment and System Configuration
Which statements about high availability (HA) for FortiGates are true? (Choose two.)
FortiGate HAHA configurationVDOM supportSession synchronization
Question #347FortiGate Deployment and System Configuration
Which of the following statements about central NAT are true? (Choose three.)
Central NATFortiGate NAT ConfigurationFirewall PoliciesCLI Configuration
Question #348Security Profiles and Content Inspection
Which statement about the FortiGuard services for the FortiGate is true?
FortiGuard ServicesAntivirusIPS UpdatesWeb Filtering
Question #349Security Profiles and Content Inspection
Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)
Antivirus (AV)Flow-based InspectionFull ScanReplacement Pages
Question #350VPN and Routing
An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?
IPsec VPNRoute-based VPNVirtual InterfaceFortiGate Configuration
Question #351Security Profiles and Content Inspection
What information is flushed when the chunk-size value is changed in the config dlp settings?
DLPDocument FingerprintingFortiGate ConfigurationContent Inspection
Question #352Firewall Policies and Authentication
How does FortiGate select the central SNAT policy that is applied to a TCP session?
SNATCentral SNAT PolicyPolicy Matching OrderFortiGate NAT
Question #353Content Inspection
When using WPAD DNS method, what is the FQDN format that browsers use to query the DNS server?
WPADProxy Auto-DiscoveryDNSClient Configuration
Question #354Logging and Monitoring
An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP...
Packet SnifferTroubleshootingFortiGate DiagnosticsTCP Session Flow
Question #355Firewall Policies and Authentication
Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)
FSSOActive Directory IntegrationAuthentication ModesCollector Agent
Question #356Firewall Policies and Authentication
Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)
Firewall policyPolicy sourceAddress objectsUser authentication
Question #357Firewall Policies and Authentication
Examine the exhibit, which contains a virtual IP and a firewall policy configuration. The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP...
Firewall PoliciesSource NATOne-to-one NATFortiGate NAT
Question #358Security Profiles and Content Inspection
Which statement about data leak prevention (DLP) on a FortiGate is true?
DLPFortiGateContent ArchivingSecurity Profiles
Question #359VPN and Routing
Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)
IPsec VPNIPv6 over IPv4VPN ConfigurationQuick Mode Selectors

PreviousPage 7 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.