Browse Exams Pricing

ExamsNSE4Questions

NSE4 Exam Questions

552 real NSE4 exam questions with expert-verified answers and explanations. Page 9 of 12.

Question #411Security Profiles and Content Inspection
Which of the following actions that can be taken by the Data Leak Prevention scanning? (Choose three.)
DLPContent InspectionSecurity Actions
Question #412VPN and Routing
What configuration objects are automatically added when using the FortiGate's FortiClient VPN Configurations Wizard?(Choose two)
FortiClient VPNVPN WizardIPsec Phase 1IPsec Phase 2
Question #413VPN and ZTNA
What is required in a FortiGate configuration to have more than one dialup IPsec VPN using aggressive mode?
IPsec VPNAggressive ModeDialup VPNPeer ID
Question #414Firewall and Authentication
Examine the network topology diagram in the exhibit; the workstation with the IP address 212.10.11.110 sends a TCP SYN packet to the workstation with the IP address 212.10.11.20. W...
Reverse Path Forwarding (RPF)Loose RPFStrict RPFFortiGate Security
Question #415Firewall Policies and Authentication
In a FSSO agentless polling mode solution, where must the collector agent be?
FSSOAgentless pollingAuthenticationActive Directory
Question #416Firewall and Authentication
Which authentication methods does FortiGate support for firewall authentication? (Choose two.)
Firewall AuthenticationRADIUSLocal AuthenticationUser Management
Question #417VPN and Routing
How many packets are interchanged between both IPSec ends during the negotiation of a main- mode phase 1?
IPSecIKEv1Main ModePhase 1 Negotiation
Question #418FortiGate Deployment and System Configuration
Which is NOT true about the settings for an IP pool type port block allocation?
IP PoolNATPort Block AllocationFortiGate Configuration
Question #419FortiGate Deployment and System Configuration
You have configured the DHCP server on a FortiGate's port1 interface (or internal, depending on the model) to offer IPs in a range of 192.168.1.65-192.168.1.253. When the first hos...
DHCP ServerIP Address AllocationFortiGate ConfigurationNetwork Services
Question #420VPN and ZTNA
Regarding the use of web-only mode SSL VPN, which statement is correct?
SSL VPNWeb-only modeClient requirementsBrowser security
Question #421Content Inspection
Which of the following network protocols can be inspected by the Data Leak Prevention scanning? (Choose three.)
Data Leak Prevention (DLP)DLP ProtocolsContent Inspection
Question #422VPN and Routing
Which of the following IPsec configuration modes can be used when the FortiGate is running in NAT mode?
IPsec VPNVPN ModesFortiGate NAT ModeVPN Configuration
Question #423VPN and Routing
The exhibit shows a part output of the diagnostic command 'diagnose debug application ike 255', taken during establishment of a VPN. Which of the following statement are correct co...
IPsec VPNIKE NegotiationFortiGate CLITroubleshooting
Question #424VPN and Routing
Which statement best describes what SSL.root is?
SSL VPNVirtual InterfaceVDOMsNetwork Interfaces
Question #425Security Profiles and Content Inspection
Which statement concerning IPS is false?
IPSSecurity ProfilesFortiGuardUpdates
Question #426FortiGate Deployment and System Configuration
Which of the following statements are correct differences between NAT/route and transparent mode? (Choose two.)
FortiGate ModesTransparent ModeNAT/Route ModeNetwork Configuration
Question #427FortiGate Deployment and System Configuration
Which type of conserve mode writes a log message immediately, rather than when the device exits conserve mode?
Conserve ModeProxy Conserve ModeLoggingFortiGate Memory
Question #428Security Profiles and Content Inspection
Which of the following statements are true regarding the web filtering modes? (Choose two.)
Web FilteringProxy ModeFlow ModeSecurity Profiles
Question #429Firewall and Authentication
Which of the following statements are characteristics of a FSSO solution using advanced access mode? (Choose three.)
FSSOAuthenticationAdvanced Access ModeUser Groups
Question #430FortiGate Deployment and System Configuration
Which of the following are operating mode supported in FortiGate devices? (Choose two)
FortiGate operating modesDeployment modesNAT/Route modeTransparent mode
Question #431FortiGate Deployment and System Configuration
Which of the following statements is correct regarding FortiGate interfaces and spanning tree protocol? (Choose Two)
Spanning Tree ProtocolFortiGate Transparent ModeNetwork InterfacesVDOMs
Question #432FortiGate Deployment and System Configuration
Which of the following statements are correct regarding FortiGate virtual domains (VDOMs)? (Choose two)
VDOMsFortiGate SystemSystem ConfigurationMulti-Tenancy
Question #433VPN and Routing
Which of the following IKE modes is the one used during the IPsec phase 2 negotiation?
IPsecIKEVPNQuick Mode
Question #434Firewall and Authentication
Which user group types does FortiGate support for firewall authentication? (Choose three.)
Firewall AuthenticationUser GroupsFortiGate User ManagementSingle Sign-On
Question #435Firewall and Authentication
Which authentication scheme is not supported by the RADIUS implementation on FortiGate?
RADIUSAuthentication ProtocolsFSSOFortiGate
Question #436Security Profiles and Content Inspection
The exhibit is a screen shot of an Application Control profile. Different settings are circled and numbered. Select the number identifying the setting which will provide additional...
Application ControlLogging ConfigurationTraffic VisibilityDeep Packet Inspection
Question #437Security Profiles and Content Inspection
Of the following information, what can be recorded by a Data Leak Prevention sensor configured to do a summary archiving? (Choose three.)
DLPContent InspectionLoggingArchivingSMTP Security
Question #438Firewall Policies and Authentication
Which portion of the configuration does an administrator specify the type of IPsec configuration (either policy-based or route-based)?
IPsec VPNFortiGate ConfigurationPolicy-based VPNRoute-based VPN
Question #439FortiGate Deployment and System Configuration
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to...
High Availability (HA)Active-Active HASession OffloadingPacket Flow
Question #440VPN and Routing
The exhibit shows a FortiGate routing table. Which of the following statements are correct?(Choose two)
Routing Table InterpretationRoute SelectionDefault RoutesNext-Hop
Question #441Security Profiles and Content Inspection
Which of the following statements is true regarding the TCP SYN packets that go from a client, through an implicit web proxy (transparent proxy), to a web server listening at TCP p...
Transparent ProxyTCP HeadersNetwork FlowFortiGate Proxy
Question #442VPN and ZTNA
Which of the following statements are correct regarding SSL VPN Web-only mode? (Choose two.)
SSL VPNWeb-only modeVPN modesFortiGate VPN
Question #443FortiGate Deployment and System Configuration
Which are the three different types of Conserve Mode that can occur on a FortiGate device? (Choose three.)
FortiGate Conserve ModeMemory managementSystem stability
Question #444Logging and Monitoring
Examine this log entry. What does the log indicate? (Choose three.) date=2013-12-04 time=09:30:18 logid=0100032001 type=event subtype=system level=information vd="root" user="admin...
FortiGate LogsLog InterpretationAdministrator AccessGUI Navigation
Question #445Firewall and Authentication
Which of the following statements are correct about NTLM authentication? (Choose three)
NTLM AuthenticationUser AuthenticationFortiGate AuthenticationDirectory Services
Question #446VPN and Routing
Which of the following statements are true about IPsec VPNs? (Choose three.)
IPsec VPNOSI ModelNetwork OverheadProtocol Security
Question #447Security Profiles and Content Inspection
Which UTM feature sends a UDP query to FortiGuard servers each time FortiGate scans a packet (unless the response is locally cached)?
Web FilteringFortiGuardUTM FeaturesReal-time lookup
Question #448VPN and Routing
Which of the following combinations of two FortiGate device configurations (side A and side B), can be used to successfully establish an IPsec VPN between them? (choose two)
IPsec VPNVPN ConfigurationPolicy-based VPNFortiGate
Question #449Routing and SD-WAN
What must be configured in order to keep two static routes to the same destination in the routing table?
Static RoutingRouting TableAdministrative DistanceRoute Priority
Question #450FortiGate Deployment and System Configuration
A FortiGate devices has two VDOMs in NAT/route mode. Which of the following solutions can be implemented by a network administrator to route traffic between the two VDOMs.(Choose t...
VDOMsInter-VDOM routingFortiGate configurationNetwork connectivity
Question #451FortiGate Deployment and System Configuration
What is the default criteria for selecting the HA master unit in a HA cluster?
HA (High Availability)Master selection criteriaFortiGate clusterSystem configuration
Question #452Logging and Monitoring
Which of the following are considered log types? (Choose three.)
Log typesFortiGate loggingTraffic logsEvent logs
Question #453Routing and SD-WAN
The exhibit shoes three static routes. Which routes will be used to route the packets to the destination IP address 172.20.168.1?
Static RoutingRouting DecisionsLongest Prefix MatchFortiGate Routing
Question #454Firewall Policies and Authentication
In which order are firewall policies processed on a FortiGate unit?
Firewall PoliciesPolicy Processing OrderFortiGate PoliciesPolicy Sequence
Question #455Firewall and Authentication
Which of the following statements must be true for a digital certificate to be valid? (Choose two.)
Digital CertificatesCertificate ValidityPKITrusted CA
Question #456VPN and Routing
Which of the following authentication methods are supported in an IPsec phase 1? (Choose two.)
IPsecPhase 1 AuthenticationPre-shared KeysRSA Signatures
Question #457VPN and Routing
Which of the following statements best describe what a FortiGate does when packets match a black hole route?
Black hole routingPacket droppingFortiGate routing
Question #458FortiGate Deployment and System Configuration
If you have lost your password for the "admin" account on your FortiGate, how should you reset it?
Password resetAdmin account recoveryFortiGate consoleSystem access
Question #459Security Profiles and Content Inspection
What actions are possible with Application Control? (Choose three.)
Application ControlSecurity ProfilesTraffic ShapingFortiGate Features
Question #460Security Profiles and Content Inspection
Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic. What statements are true re...
FortiGate HA (Active-Active)NP6 ProcessorSecurity Profiles (UTM)Hardware Acceleration

PreviousPage 9 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.