Master the fortinet nse4 Fortinet Network Security Expert 4 Written Exam (400) content and be ready for exam day success quickly with this Exambible fortinet nse4 exam dumps. We guarantee it!We make it a reality and give you real nse4 exam dump questions in our Fortinet nse4 exam dump braindumps.Latest 100% VALID Fortinet fortinet nse4 exam dumps Exam Questions Dumps at below page. You can use our Fortinet fortinet nse4 exam braindumps and pass your exam.
Q11. - (Topic 6)
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario? (Choose three.)
A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
B. Configure the appropriate user groups to allow users access to the tunnel.
C. Set the operating mode to IPsec VPN mode.
D. Define the phase 2 parameters.
E. Define the Phase 1 parameters.
Answer: A,D,E
Q12. - (Topic 21)
Which statements are true regarding IPv6 anycast addresses? (Choose two.)
A. Multiple interfaces can share the same anycast address.
B. They are allocated from the multicast address space.
C. Different nodes cannot share the same anycast address.
D. An anycast packet is routed to the nearest interface.
Answer: A,D
Q13. - (Topic 9)
Which web filtering inspection mode inspects DNS traffic?
A. DNS-based.
B. FQDN-based.
C. Flow-based.
D. URL-based.
Answer: A
Q14. - (Topic 3)
Which header field can be used in a firewall policy for traffic matching?
A. ICMP type and code.
B. DSCP.
C. TCP window size.
D. TCP sequence number.
Answer: A
Q15. - (Topic 4)
Which statement regarding the firewall policy authentication timeout is true?
A. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP.
B. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired.
C. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC.
D. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired.
Answer: A
Q16. - (Topic 12)
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.
Which of the following settings will this administrator be able to configure? (Choose two.)
A. Firewall addresses.
B. DHCP servers.
C. FortiGuard Distribution Network configuration.
D. System hostname.
Answer: A,B
Q17. - (Topic 3)
Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)
A. IP address pool.
B. Virtual IP address.
C. IP address.
D. IP address group.
E. MAC address.
Answer: B,C,D
Q18. - (Topic 1)
What capabilities can a FortiGate provide? (Choose three.)
A. Mail relay.
B. Email filtering.
C. Firewall.
D. VPN gateway.
E. Mail server.
Answer: B,C,D
Q19. - (Topic 4)
The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.
Based on the firewall configuration illustrated in the exhibit, which statement is correct?
A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.
B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.
D. DNS Internet access is always allowed, even for users that has not authenticated.
Answer: D
Q20. - (Topic 15)
Review the IPsec phase 1 configuration in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.)
A. The remote gateway address on 10.200.3.1.
B. The local IPsec interface address is 10.200.3.1.
C. The local gateway IP is the address assigned to port1.
D. The local gateway IP address is 10.200.3.1.
Answer: A,C