Act now and download your Fortinet nse4 exam test today! Do not waste time for the worthless Fortinet fortinet nse4 exam tutorials. Download Renewal Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet fortinet nse4 with a classic professional.
Q1. - (Topic 6)
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
A. Policy-based only.
B. Route-based only.
C. Either policy-based or route-based VPN.
D. GRE-based only.
Q2. - (Topic 15)
Which statements are correct properties of a partial mesh VPN deployment. (Choose two.)
A. VPN tunnels interconnect between every single location.
B. VPN tunnels are not configured between every single location.
C. Some locations are reached via a hub location.
D. There are no hub locations in a partial mesh.
Q3. - (Topic 22)
Two FortiGate units with NP6 processors form an active-active cluster. The cluster is doing security profile (UTM) inspection over all the user traffic. What statements are true regarding the sessions that the master unit is offloading to the slave unit for inspection? (Choose two.)
A. They are accelerated by hardware in the master unit.
B. They are not accelerated by hardware in the master unit.
C. They are accelerated by hardware in the slave unit.
D. They are not accelerated by hardware in the slave unit.
Q4. - (Topic 22)
Which is one of the conditions that must be met for offloading the encryption and decryption of IPsec traffic to an NP6 processor?
A. No protection profile can be applied over the IPsec traffic.
B. Phase-2 anti-replay must be disabled.
C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6.
D. IPsec traffic must not be inspected by any FortiGate session helper.
Q5. - (Topic 7)
Examine the exhibit; then answer the question below.
Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?
A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network.
B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.
C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network.
D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network.
Q6. - (Topic 14)
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below.
Which statements are correct regarding this setting? (Choose two.)
A. Interface settings on port7 will not be synchronized with other cluster members.
B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.
C. When connecting to port7 you always connect to the master device.
D. A gateway address may be configured for port7.
Q7. - (Topic 3)
For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?
A. The traffic is allowed and no log is generated.
B. The traffic is allowed and logged.
C. The traffic is blocked and no log is generated.
D. The traffic is blocked and logged.
Q8. - (Topic 4)
When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)
Q9. - (Topic 7)
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet customer support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.
Q10. - (Topic 1)
Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)