Browse Exams Pricing

ExamsNSE4Questions

NSE4 Exam Questions

552 real NSE4 exam questions with expert-verified answers and explanations. Page 8 of 12.

Question #360Firewall and Authentication
Which statements about IP-based explicit proxy authentication are true? (Choose two.)
Explicit ProxyUser AuthenticationIP-based AuthenticationFortiGate Resource Usage
Question #361Firewall and Authentication
Which statement best describes the objective of the SYN proxy feature available in SP processors?
SYN proxyDDoS protectionSYN flood
Question #362Security Profiles and Content Inspection
Which of the following are possible actions for static URL filtering? (Choose three.)
URL FilteringSecurity ProfilesFortiGate Actions
Question #363VPN and ZTNA
Which statement best describes what SSL VPN Client Integrity Check does?
SSL VPNClient Integrity CheckEndpoint SecurityHost Check
Question #364FortiGate Deployment and System Configuration
A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, they are not being received. Which is one reason for this problem?
FortiGuard UpdatesPush UpdatesNetwork ConfigurationDHCP Client
Question #365Firewall and Authentication
Which best describe the mechanism of a TCP SYN flood?
TCP SYN floodDenial of ServiceTCP handshakeAttack mechanisms
Question #366Firewall Policies and Authentication
Which traffic can match a firewall policy's "Services" setting? (Choose three.)
Firewall ServicesNetwork ProtocolsFirewall PoliciesTraffic Matching
Question #367FortiGate Deployment and System Configuration
Acme Web Hosting is replacing one of their firewalls with a FortiGate. It must be able to apply port forwarding to their back-end web servers while blocking virus uploads and TCP S...
Operation ModesNATPort ForwardingSecurity Profiles
Question #368Security Profiles and Content Inspection
Which of the following statements are true about the SSL Proxy certificate that must be used for SSL Content Inspection? (Choose two.)
SSL Content InspectionCertificate ManagementFortiGate ProxySecurity Profiles
Question #369Security Profiles and Content Inspection
A FortiGate device is configure to perform an AV & IPS scheduled update every hour. Given the information in the exhibit, when will the next update happen?
AV/IPS updatesScheduled tasksFortiGate administrationSecurity content
Question #370VPN and ZTNA
Which of the following statements describe some of the differences between symmetric and asymmetric cryptography? (Choose two.)
CryptographySymmetric EncryptionAsymmetric EncryptionDigital Certificates
Question #372VPN and Routing
Which of the following IPsec configuration modes can be used for implementing L2TP- over- IPSec VPNs?
IPsec modesL2TP-over-IPSecVPNsPolicy-based IPsec
Question #373Firewall and Authentication
Which of the following statements best describes the role of a DC agents in an FSSO DC?
FSSODC AgentAuthenticationUser Identification
Question #374Security Profiles and Content Inspection
Which statement is correct concerning creating a custom signature?
Custom SignaturesIPSSecurity ProfilesFortiGate Configuration
Question #375Security Profiles and Content Inspection
Which operating system vulnerability can you protect when selecting signatures to include in an IPS sensor? (choose three)
IPSVulnerability ProtectionOS SecuritySecurity Signatures
Question #376Firewall and Authentication
Which is true of FortiGate's session table?
FortiGate session tableTCP connection statesstateful firewallconnection tracking
Question #377FortiGate Deployment and System Configuration
Which of the following statements are correct concerning the FortiGate session life support protocol? (Choose two)
FortiGate HASession SynchronizationUDP SessionsVDOMs
Question #378Firewall Policies and Authentication
Which FSSO agents are required for a FSSO agent-based polling mode solution?
FSSOAuthenticationCollector AgentDC Agents
Question #379FortiGate Deployment and System Configuration
Which are outputs for the command `diagnose hardware deviceinfo nic'? (Choose two.)
FortiGate CLINetwork Interface DiagnosticsHardware InformationTroubleshooting
Question #380Logging and Monitoring
There are eight (8) log severity levels that indicate the importance of an event. Not including Debug, which is only needed to log diagnostic data, what are both the lowest AND hig...
Log severityFortiGate loggingSyslog
Question #381FortiGate Deployment and System Configuration
Which of the following statements best describe the main requirements for a traffic session to be offload eligible to an NP6 processor? (Choose three.)
NP6 offloadHardware accelerationTraffic processingFortiGate ASICs
Question #382VPN and Routing
Which of the following statements are correct concerning IPsec dialup VPN configurations for FortiGate devices? (Choose two)
IPsec VPNDialup VPNAggressive ModePeer ID
Question #383VPN and Routing
Which of the following statements are correct concerning IKE mode config? (Choose two)
IKE Mode ConfigIPsec VPNVPN Client ConfigurationDynamic IP Assignment
Question #384FortiGate Deployment and System Configuration
For FortiGate devices equipped with Network Processor (NP) chips, which are true? (Choose three.)
NP OffloadingNetwork ProcessorsFortiGate ArchitectureSession Processing
Question #385Firewall Policies and Authentication
In a FSSO agent mode solution, how does the FSSO collector agent learn each IP address?
FSSOAuthenticationUser-ID MappingActive Directory
Question #386Routing and SD-WAN
Which of the following statements are true regarding WAN Link Load Balancing? (Choose two).
SD-WANWAN Link Load BalancingVirtual WAN InterfaceLink Health Check
Question #387Content Inspection
Which of the following statements best describes what the Document Fingerprinting feature is for?
Document FingerprintingData Loss PreventionDLPContent Inspection
Question #388FortiGate Deployment and System Configuration
Which statement describes how traffic flows in sessions handled by a slave unit in an active- active HA cluster?
FortiGate HAActive-Active HATraffic FlowSession Distribution
Question #389FortiGate Deployment and System Configuration
Which of the following statements is correct concerning multiple vdoms configured in a FortiGate device?
VDOMsFortiGate CapabilitiesSystem ConfigurationDevice Models
Question #390Security Profiles and Content Inspection
Files that are larger than the oversized limit are subjected to which Antivirus check?
AntivirusFortiSandboxOversized filesContent Inspection
Question #391FortiGate Deployment and System Configuration
Which of the following traffic shaping functions can be offloaded to a NP processor? (Choose two.)
NP ProcessorTraffic ShapingHardware OffloadingQoS
Question #392FortiGate Deployment and System Configuration
Which statement best describes what a Fortinet System on a Chip (SoC) is?
Fortinet SoCASIC technologyHardware architectureFortiGate processors
Question #393Routing and SD-WAN
A static route is configured for a FortiGate unit from the CLI using the following commands: config router static edit 1 set device "wan1" set distance 20 set gateway 192.168.100.1...
Static RoutingRouting TableFortiGate CLIInterface Status
Question #394FortiGate Deployment and System Configuration
A FortiGate devices is configured with four VDOMs: 'root' and 'vdom1' are in NAT/route mode; 'vdom2' and 'vdom2' are in transparent mode. The management VDOM is 'root'. Which of th...
VDOMsInter-VDOM LinksFortiGate ConfigurationNetwork Modes
Question #395FortiGate Deployment and System Configuration
You have created a new administrator account, and assign it the prof_admin profile. Which is false about that account's permissions?
Administrator profilesFortiGate permissionsSystem administrationFirmware management
Question #396Firewall Policies and Authentication
In FortiOS session table output, what are the two possible `proto_state' values for a UDP session? (Choose two.)
FortiOS session tableUDP session statesproto_stateFortiGate CLI
Question #397FortiGate Deployment and System Configuration
Which of the following statements are true regarding traffic accelerated by an NP processor? (Choose two.)
NP ProcessorHardware AccelerationSession OffloadingFortiGate Architecture
Question #398Firewall Policies and Authentication
Which of the following statements best describes how the collector agent learns that a user has logged off from the network?
Fortinet Single Sign-On (FSSO)Collector AgentDomain ControllerUser Authentication
Question #399Firewall Policies and Authentication
Which define device identification? (Choose two.)
Device IdentificationFortiClientFirewall PolicyAgent-based Identification
Question #400Firewall and Authentication
Which does FortiToken use as input when generating a token code? (Choose two.)
FortiTokenMulti-factor authenticationAuthenticationOTP
Question #401FortiGate Deployment and System Configuration
What types of troubleshooting can you do when uploading firmware? (Choose two.)
Firmware ManagementTroubleshootingSystem Configuration
Question #402Firewall and Authentication
Which of the following FSSO modes must be used for Novell eDirectory networks?
FSSOAuthenticationeDirectoryAgents
Question #403Security Profiles and Content Inspection
Examine the following log message attributes and select two correct statements from the list below. (Choose two.) status="passthrough" msg="URL belongs to a category with warnings...
Log interpretationWeb filteringSecurity profilesPolicy actions
Question #404VPN and Routing
Which of the following statements are correct concerning the IPsec phase 1 and phase 2, shown in the exhibit? (choose two)
IPsec VPNRemote Access VPNFortiClientRouting
Question #405FortiGate Deployment and System Configuration
A FortiGate device is configured with two VDOMs. The management VDOM is 'root' , and is configured in transparent mode,'vdom1' is configured as NAT/route mode. Which traffic is gen...
VDOM modesManagement VDOMFortiGate servicesDevice-level functions
Question #406FortiGate Deployment and System Configuration
What information is synchronized between two FortiGate units that belong to the same HA cluster? (Choose three)
HA SynchronizationFortiGate ClusteringConfiguration ManagementStateful Failover
Question #407Security Profiles and Content Inspection
Which action is taken by the FortiGate device when a file matches more than one rule in a Data Leak Prevention sensor?
DLPSecurity ProfilesRule PrecedenceContent Inspection
Question #408Security Profiles and Content Inspection
Which protocol can an Internet browser use to download the PAC file with the web proxy configuration?
PAC fileWeb proxyHTTP protocolClient configuration
Question #409FortiGate Deployment and System Configuration
Which of the following statements are correct concerning layer 2 broadcast domains in transparent mode VDOMs?(Choose two)
VLANsBroadcast DomainsTransparent ModeVDOMs
Question #410Logging and Monitoring
If you enable the option "Generate Logs when Session Starts", what effect does this have on the number of traffic log messages generated for each session?
FortiGate LoggingTraffic LogsSession LoggingLog Generation

PreviousPage 8 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.