Master the nse4 exam dump Fortinet Network Security Expert 4 Written Exam (400) content and be ready for exam day success quickly with this Ucertify nse4 exam exam answers. We guarantee it!We make it a reality and give you real nse4 exam questions in our Fortinet fortinet nse4 exam dumps braindumps.Latest 100% VALID Fortinet fortinet nse4 Exam Questions Dumps at below page. You can use our Fortinet nse4 dumps braindumps and pass your exam.

Q9. - (Topic 3) 

For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate? 

A. The traffic is allowed and no log is generated. 

B. The traffic is allowed and logged. 

C. The traffic is blocked and no log is generated. 

D. The traffic is blocked and logged. 

Answer:


Q10. - (Topic 1) 

Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.) 

A. SNMP 

B. WINS 

C. HTTP 

D. Telnet 

E. SSH 

Answer: C,D,E 


Q11. - (Topic 4) 

Which two statements are true regarding firewall policy disclaimers? (Choose two.) 

A. They cannot be used in combination with user authentication. 

B. They can only be applied to wireless interfaces. 

C. Users must accept the disclaimer to continue. 

D. The disclaimer page is customizable. 

Answer: C,D 


Q12. - (Topic 15) 

Review the static route configuration for IPsec shown in the exhibit; then answer the question below. 

Which statements are correct regarding this configuration? (Choose two.) 

A. Interface remote is an IPsec interface. 

B. A gateway address is not required because the interface is a point-to-point connection. 

C. A gateway address is not required because the default route is used. 

D. Interface remote is a zone. 

Answer: A,B 


Q13. - (Topic 22) 

Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor? 

A. No protection profile can be applied over the IPsec traffic. 

B. Phase-2 anti-replay must be disabled. 

C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6. 

D. IPsec traffic must not be inspected by any FortiGate session helper. 

Answer: C


Q14. - (Topic 11) 

Examine the exhibit below; then answer the question following it. 

In this scenario, the FortiGate unit in Ottawa has the following routing table: 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2 

C 172.20.167.0/24 is directly connected, port1 

C 172.20.170.0/24 is directly connected, port2 

Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets? 

A. The forward policy check. 

B. The reverse path forwarding check. 

C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate’s routing table. 

D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table. 

Answer:


Q15. - (Topic 2) 

Regarding the header and body sections in raw log messages, which statement is correct? 

A. The header and body section layouts change depending on the log type. 

B. The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type. 

C. Some log types include multiple body sections. 

D. Some log types do not include a body section. 

Answer:


Q16. - (Topic 15) 

Review the configuration for FortiClient IPsec shown in the exhibit. 

Which statement is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the student_internal address object. 

B. The connecting VPN client will install a default route. 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. 

D. The connecting VPN client will connect in web portal mode and no route will be installed. 

Answer: