Taking benefit from the Fortinet practice exam simply by Ucertify Fortinet Fortinet, you can throw apart the long Fortinet NSE4 books. The Ucertify internet site provides Fortinet Fortinet NSE4 preparation components which assure full accomplishment. You will pass your real NSE4 exam with no any difficulty after you have participated your Ucertify Fortinet NSE4 online training. Getting your Fortinet Fortinet certification by your self is very challenging. However, your Ucertify Fortinet NSE4 on-line practice tests have aided many candidates to be able to pass the Fortinet Fortinet NSE4 real examination quickly. So, it is a clever choice for you to adopt the Ucertify Fortinet Fortinet NSE4 simulation training. All the crucial points associated with Fortinet questions and answers will likely be within your current grasp simply by using the Fortinet Fortinet NSE4 practice questions.
2021 Sep NSE4 practice exam
Q21. - (Topic 18)
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?
A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file.
C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.
D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.
Answer: C
Q22. - (Topic 11)
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?
A. A lookup is done only when the first packet coming from the client (SYN) arrives.
B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.
C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).
D. A lookup is always done each time a packet arrives, from either the server or the client side.
Answer: B
Q23. - (Topic 9)
Which of the following regular expression patterns make the terms "confidential data" case insensitive?
A. [confidential data]
B. /confidential data/i
C. i/confidential data/
D. "confidential data"
Answer: B
Q24. - (Topic 20)
Examine the following output from the diagnose sys session list command:
session info: proto=6 proto_state=65 duration=3 expire=9 timeout=3600 flags=00000000 sockflag=00000000 sockport=443 av_idx=9 use=5 origin-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic
13895Bps
reply-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic
13895Bps
state=redir local may_dirty ndr npu nlb os rs
statistic(bytes/packets/allow_err): org=864/8/1 reply=2384/7/1 tuples=3
orgin->sink: org pre->post, reply pre->post dev=7->6/6->7 gwy=172.17.87.3/10.1.10.1
hook=post dir=org act=snat 192.168.1.110:57999->74.201.86.29:443(172.17.87.16:57999)
hook=pre dir=reply act=dnat 74.201.86.29:443-
>172.17.87.16:57999(192.168.1.110:57999)
hook=post dir=reply act=noop 74.201.86.29:443->192.168.1.110:57999(0.0.0.0:0)
misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=0
npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0/0
Which statements are true regarding the session above? (Choose two.)
A. Session Time-To-Live (TTL) was configured to 9 seconds.
B. FortiGate is doing NAT of both the source and destination IP addresses on all packets coming from the 192.168.1.110 address.
C. The IP address 192.168.1.110 is being translated to 172.17.87.16.
D. The FortiGate is not translating the TCP port numbers of the packets in this session.
Answer: C,D
Q25. - (Topic 16)
Review the IPS sensor filter configuration shown in the exhibit
Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.)
A. It does not log attacks targeting Linux servers.
B. It matches all traffic to Linux servers.
C. Its action will block traffic matching these signatures.
D. It only takes effect when the sensor is applied to a policy.
Answer: C,D
Renewal NSE4 exam question:
Q26. - (Topic 3)
Which header field can be used in a firewall policy for traffic matching?
A. ICMP type and code.
B. DSCP.
C. TCP window size.
D. TCP sequence number.
Answer: A
Q27. - (Topic 1)
When creating FortiGate administrative users, which configuration objects specify the account rights?
A. Remote access profiles.
B. User groups.
C. Administrator profiles.
D. Local-in policies.
Answer: C
Q28. - (Topic 15)
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit below.
Which statements are correct regarding this output? (Choose two.)
A. The connecting client has been allocated address 172.20.1.1.
B. In the Phase 1 settings, dead peer detection is enabled.
C. The tunnel is idle.
D. The connecting client has been allocated address 10.200.3.1.
Answer: A,B
Q29. - (Topic 1)
What capabilities can a FortiGate provide? (Choose three.)
A. Mail relay.
B. Email filtering.
C. Firewall.
D. VPN gateway.
E. Mail server.
Answer: B,C,D
Q30. - (Topic 4)
Which statement regarding the firewall policy authentication timeout is true?
A. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source IP.
B. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired.
C. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MAC.
D. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired.
Answer: A