The Secret of Fortinet NSE4 vce

Q1. - (Topic 13) 

In transparent mode, forward-domain is an CLI setting associate with ______________. 

A. a static route. 

B. a firewall policy. 

C. an interface. 

D. a virtual domain. 

View Answer

Q2. - (Topic 5) 

A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration: 

Which static route is automatically added to the client’s routing table when the tunnel mode is activated? 

A. A route to a destination subnet matching the Internal_Servers address object. 

B. A route to the destination subnet configured in the tunnel mode widget. 

C. A default route. 

D. A route to the destination subnet configured in the SSL VPN global settings. 

View Answer

Q3. - (Topic 14) 

What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.) 

A. Enable session pick-up. 

B. Enable override. 

C. Connections must be UDP or ICMP. 

D. Connections must not be handled by a proxy. 

View Answer

Q4. - (Topic 22) 

Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.) 

A. Fragmented packet. 

B. Multicast packet. 

C. SCTP packet. 

D. GRE packet. 

View Answer

Q5. - (Topic 5) 

Regarding the use of web-only mode SSL VPN, which statement is correct? 

A. It supports SSL version 3 only. 

B. It requires a Fortinet-supplied plug-in on the web client. 

C. It requires the user to have a web browser that supports 64-bit cipher length. 

D. The JAVA run-time environment must be installed on the client. 

View Answer

Q6. - (Topic 17) 

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory. 

Which of the following statements are correct regarding FSSO in a Windows domain environment when agent mode is used? (Choose two.) 

A. An FSSO collector agent must be installed on every domain controller. 

B. An FSSO domain controller agent must be installed on every domain controller. 

C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit. 

D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit. 

View Answer

Q7. - (Topic 20) 

In which process states is it impossible to interrupt/kill a process? (Choose two.) 

A. S – Sleep 

B. R – Running 

C. D – Uninterruptable Sleep 

D. Z – Zombie 

View Answer

Q8. - (Topic 14) 

Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.) 

A. The device this command is executed on is likely to switch from master to slave status if override is disabled. 

B. The device this command is executed on is likely to switch from master to slave status if override is enabled. 

C. This command has no impact on the HA algorithm. 

D. This command resets the uptime variable used in the HA algorithm so it may cause a 

new master to become elected. 

View Answer

Q9. - (Topic 5) 

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) 

A. SSL VPN creates a HTTPS connection. IPsec does not. 

B. Both SSL VPNs and IPsec VPNs are standard protocols. 

C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. 

D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. 

View Answer

Q10. - (Topic 11) 

Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it. 

Which two statements are correct regarding this output? (Choose two.) 

A. There will be six routes in the routing table. 

B. There will be seven routes in the routing table. 

C. There will be two default routes in the routing table. 

D. There will be two routes for the 10.0.2.0/24 subnet in the routing table. 

View Answer