Your success in Fortinet fortinet nse4 is our sole target and we develop all our fortinet nse4 dumps braindumps in a way that facilitates the attainment of this target. Not only is our nse4 exam dump study material the best you can find, it is also the most detailed and the most updated. fortinet nse4 exam dumps Practice Exams for Fortinet fortinet nse4 exam are written to the highest standards of technical accuracy.

Q1. - (Topic 18) 

Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.) 

A. The web client SSL handshake. 

B. The web server SSL handshake. 

C. File buffering. 

D. Communication with the URL filter process. 

Answer: A,B 


Q2. - (Topic 8) 

Examine the following FortiGate web proxy configuration; then answer the question below: config web-proxy explicit set pac-file-server-status enable set pac-file-server-port 8080 set pac-file-name wpad.dat end Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet 

browser use to download the PAC file? 

A. https://10.10.1.1:8080 

B. https://10.10.1.1:8080/wpad.dat 

C. http://10.10.1.1:8080/ 

D. http://10.10.1.1:8080/wpad.dat 

Answer:


Q3. - (Topic 13) 

Examine the following spanning tree configuration on a FortiGate in transparent mode: 

config system interface 

edit <interface name> 

set stp-forward enable 

end 

Which statement is correct for the above configuration? 

A. The FortiGate participates in spanning tree. 

B. The FortiGate device forwards received spanning tree messages. 

C. Ethernet layer-2 loops are likely to occur. 

D. The FortiGate generates spanning tree BPDU frames. 

Answer:


Q4. - (Topic 14) 

Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.) 

A. The device this command is executed on is likely to switch from master to slave status if override is disabled. 

B. The device this command is executed on is likely to switch from master to slave status if override is enabled. 

C. This command has no impact on the HA algorithm. 

D. This command resets the uptime variable used in the HA algorithm so it may cause a 

new master to become elected. 

Answer: A,D 


Q5. - (Topic 13) 

Which statements are correct for port pairing and forwarding domains? (Choose two.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domain only applies to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

Answer: A,D 


Q6. - (Topic 7) 

Which statement is correct regarding virus scanning on a FortiGate unit? 

A. Virus scanning is enabled by default. 

B. Fortinet customer support enables virus scanning remotely for you. 

C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy. 

D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate. 

Answer:


Q7. - (Topic 1) 

What are valid options for handling DNS requests sent directly to a FortiGates interface IP? (Choose three.) 

A. Conditional-forward. 

B. Forward-only. 

C. Non-recursive. 

D. Iterative. 

E. Recursive. 

Answer: B,C,E 


Q8. - (Topic 3) 

Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line? 

A. Sessions can be idle for no more than 1800 seconds. 

B. The maximum length of time a session can be open is 1800 seconds. 

C. After 1800 seconds, the end user must re-authenticate. 

D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server. 

Answer:


Q9. - (Topic 14) 

In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below. 

Which statements are correct regarding this setting? (Choose two.) 

A. Interface settings on port7 will not be synchronized with other cluster members. 

B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface. 

C. When connecting to port7 you always connect to the master device. 

D. A gateway address may be configured for port7. 

Answer: A,D 


Q10. - (Topic 5) 

A user logs into a SSL VPN portal and activates the tunnel mode. The administrator has enabled split tunneling. The exhibit shows the firewall policy configuration: 

Which static route is automatically added to the client’s routing table when the tunnel mode is activated? 

A. A route to a destination subnet matching the Internal_Servers address object. 

B. A route to the destination subnet configured in the tunnel mode widget. 

C. A default route. 

D. A route to the destination subnet configured in the SSL VPN global settings. 

Answer: