The Replace Guide To NSE4 dumps

Q1. - (Topic 6) 

You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route. 

Which two configuration steps are required to achieve these objectives? (Choose two.) 

A. Create one firewall policy. 

B. Create two firewall policies. 

C. Add a route to the remote subnet. 

D. Add two IPsec phases 2. 

View Answer

Q2. - (Topic 15) 

Review the configuration for FortiClient IPsec shown in the exhibit. 

Which statement is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the student_internal address object. 

B. The connecting VPN client will install a default route. 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. 

D. The connecting VPN client will connect in web portal mode and no route will be installed. 

View Answer

Q3. - (Topic 4) 

The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below. 

Based on the firewall configuration illustrated in the exhibit, which statement is correct? 

A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge. 

B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. 

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services. 

D. DNS Internet access is always allowed, even for users that has not authenticated. 

View Answer

Q4. - (Topic 10) 

Which statements are correct regarding application control? (Choose two.) 

A. It is based on the IPS engine. 

B. It is based on the AV engine. 

C. It can be applied to SSL encrypted traffic. 

D. Application control cannot be applied to SSL encrypted traffic. 

View Answer

Q5. - (Topic 20) 

Examine the following output from the diagnose sys session list command: 

session info: proto=6 proto_state=65 duration=3 expire=9 timeout=3600 flags=00000000 sockflag=00000000 sockport=443 av_idx=9 use=5 origin-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

reply-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

state=redir local may_dirty ndr npu nlb os rs 

statistic(bytes/packets/allow_err): org=864/8/1 reply=2384/7/1 tuples=3 

orgin->sink: org pre->post, reply pre->post dev=7->6/6->7 gwy=172.17.87.3/10.1.10.1 

hook=post dir=org act=snat 192.168.1.110:57999->74.201.86.29:443(172.17.87.16:57999) 

hook=pre dir=reply act=dnat 74.201.86.29:443-

>172.17.87.16:57999(192.168.1.110:57999) 

hook=post dir=reply act=noop 74.201.86.29:443->192.168.1.110:57999(0.0.0.0:0) 

misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=0 

npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0/0 

Which statements are true regarding the session above? (Choose two.) 

A. Session Time-To-Live (TTL) was configured to 9 seconds. 

B. FortiGate is doing NAT of both the source and destination IP addresses on all packets coming from the 192.168.1.110 address. 

C. The IP address 192.168.1.110 is being translated to 172.17.87.16. 

D. The FortiGate is not translating the TCP port numbers of the packets in this session. 

View Answer

Q6. - (Topic 2) 

What logging options are supported on a FortiGate unit? (Choose two.) 

A. LDAP 

B. Syslog 

C. FortiAnalyzer 

D. SNMP 

View Answer

Q7. - (Topic 13) 

Which statements correctly describe transparent mode operation? (Choose three.) 

A. The FortiGate acts as transparent bridge and forwards traffic at Layer-2. 

B. Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses. 

C. The transparent FortiGate is clearly visible to network hosts in an IP trace route. 

D. Permits inline traffic inspection and firewalling without changing the IP scheme of the network. 

E. All interfaces of the transparent mode FortiGate device must be on different IP subnets. 

View Answer

Q8. - (Topic 11) 

When does a FortiGate load-share traffic between two static routes to the same destination subnet? 

A. When they have the same cost and distance. 

B. When they have the same distance and the same weight. 

C. When they have the same distance and different priority. 

D. When they have the same distance and same priority. 

View Answer

Q9. - (Topic 14) 

An administrator has formed a high availability cluster involving two FortiGate units. 

[ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] 

The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. 

Which of the following options describes the best step the administrator can take? 

The administrator should _____________________. 

A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode. 

B. Enable monitoring of all active interfaces. 

C. Set up a full-mesh design which uses redundant interfaces. 

D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted. 

View Answer

Q10. - (Topic 16) 

Review the IPS sensor filter configuration shown in the exhibit 

Based on the information in the exhibit, which statements are correct regarding the filter? (Choose two.) 

A. It does not log attacks targeting Linux servers. 

B. It matches all traffic to Linux servers. 

C. Its action will block traffic matching these signatures. 

D. It only takes effect when the sensor is applied to a policy. 

View Answer