It is more faster and easier to pass the Fortinet nse4 fortinet exam by using Free Fortinet Fortinet Network Security Expert 4 Written Exam (400) questuins and answers. Immediate access to the Renew fortinet nse4 exam Exam and find the same core area fortinet nse4 questions with professionally verified answers, then PASS your exam with a high score now.

Q33. - (Topic 6) 

You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. 

Which two configuration steps are required to achieve these objectives? (Choose two.) 

A. Create one firewall policy. 

B. Create two firewall policies. 

C. Add a route to the remote subnet. 

D. Add two IPsec phases 2. 

Answer: B,C 


Q34. - (Topic 14) 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. 

Exhibit A: 

Exhibit B 

Which one of the following is the most likely reason that the cluster fails to form? 

A. Password 

B. HA mode 

C. Hearbeat 

D. Override 

Answer:


Q35. - (Topic 17) 

Which statement is one disadvantage of using FSSO NetAPI polling mode over FSSO Security Event Log (WinSecLog) polling mode? 

A. It requires a DC agent installed in some of the Windows DC. 

B. It runs slower. 

C. It might miss some logon events. 

D. It requires access to a DNS server for workstation name resolution. 

Answer:


Q36. - (Topic 10) 

Which statements are true regarding traffic shaping that is applied in an application sensor, and associated with a firewall policy? (Choose two.) 

A. Shared traffic shaping cannot be used. 

B. Only traffic matching the application control signature is shaped. 

C. Can limit the bandwidth usage of heavy traffic applications. 

D. Per-IP traffic shaping cannot be used. 

Answer: B,C 


Q37. - (Topic 2) 

Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit? 

A. MIB-based report uploads. 

B. SNMP access limited by access lists. 

C. Packet encryption. 

D. Running SNMP service on a non-standard port is possible. 

Answer:


Q38. - (Topic 16) 

Review the IPS sensor filter configuration shown in the exhibit 

Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.) 

A. It does not log attacks targeting Linux servers. 

B. It matches all traffic to Linux servers. 

C. Its action will block traffic matching these signatures. 

D. It only takes effect when the sensor is applied to a policy. 

Answer: C,D 


Q39. - (Topic 7) 

Examine the exhibit; then answer the question below. 

Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit? 

A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network. 

B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. 

C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network. 

D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network. 

Answer:


Q40. - (Topic 14) 

The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members. 

What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.) 

A. Port3 is configured with an IP address for management access. 

B. The firewall rules are purged on the disconnected unit. 

C. The HA mode changes to standalone. 

D. The system hostname is set to the unit serial number. 

Answer: A,C