The Fortinet provider features loads of certification and also NSE4 recognition is one. Its the recognition for just as one Fortinet qualified builder. The Fortinet NSE4 recognition is really famed that numerous of the corporations have popped up to give guidance to the people ambitious to turn into Fortinet qualified experts. As soon as a person has cleaned this NSE4 recognition he will be supposed to enjoy a serious portion within the provider where he will be currently employed or perhaps to use.
2021 Sep NSE4 free practice questions
Q31. - (Topic 1)
How is the FortiGate password recovery process?
A. Interrupt boot sequence, modify the boot registry and reboot. After changing the password, reset the boot registry.
B. Log in through the console port using the “maintainer” account within several seconds of physically power cycling the FortiGate.
C. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password.
D. Interrupt the boot sequence and restore a configuration file for which the password has
been modified.
Answer: B
Q32. - (Topic 5)
Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)
A. SSL VPN creates a HTTPS connection. IPsec does not.
B. Both SSL VPNs and IPsec VPNs are standard protocols.
C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.
D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.
Answer: A,D
Q33. - (Topic 3)
In which order are firewall policies processed on a FortiGate unit?
A. From top to down, according with their sequence number.
B. From top to down, according with their policy ID number.
C. Based on best match.
D. Based on the priority value.
Answer: A
Q34. - (Topic 4)
When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)
A. SMTP
B. POP3
C. HTTP
D. FTP
Answer: C,D
Q35. - (Topic 8)
Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.)
A. Only one proxy is supported.
B. Can be manually imported to the browser.
C. The browser can automatically download it from a web server.
D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.
Answer: C,D
Replace NSE4 exam cram:
Q36. - (Topic 13)
Which statements correctly describe transparent mode operation? (Choose three.)
A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
C. The transparent FortiGate is clearly visible to network hosts in an IP trace route.
D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
E. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
Answer: A,B,D
Q37. - (Topic 12)
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.
Which of the following settings will this administrator be able to configure? (Choose two.)
A. Firewall addresses.
B. DHCP servers.
C. FortiGuard Distribution Network configuration.
D. System hostname.
Answer: A,B
Q38. - (Topic 14)
An administrator has formed a high availability cluster involving two FortiGate units.
[ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ]
The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.
Which of the following options describes the best step the administrator can take?
The administrator should _____________________.
A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode.
B. Enable monitoring of all active interfaces.
C. Set up a full-mesh design which uses redundant interfaces.
D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.
Answer: C
Q39. - (Topic 17)
With FSSO, a domain user could authenticate either against the domain controller running the collector agent and domain controller agent, or a domain controller running only the domain controller agent.
If you attempt to authenticate with a domain controller running only the domain controller agent, which statements are correct? (Choose two.)
A. The login event is sent to the collector agent.
B. The FortiGate receives the user information directly from the receiving domain controller agent of the secondary domain controller.
C. The domain collector agent may perform a DNS lookup for the authenticated client's IP address.
D. The user cannot be authenticated with the FortiGate in this manner because each domain controller agent requires a dedicated collector agent.
Answer: A,C
Q40. - (Topic 3)
For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?
A. The traffic is allowed and no log is generated.
B. The traffic is allowed and logged.
C. The traffic is blocked and no log is generated.
D. The traffic is blocked and logged.
Answer: C