New Updated NSE4 Exam Questions from PassLeader NSE4 PDF dumps! Welcome to download the newest PassLeader NSE4 VCE dumps: http://www.passleader.com/nse4.html (294 Q&As)
Keywords: NSE4 exam dumps, NSE4 exam questions, NSE4 VCE dumps, NSE4 PDF dumps, NSE4 practice tests, NSE4 study guide, NSE4 braindumps, NSE 4 — Fortinet Network Security Professional Exam
P.S. Free NSE4 dumps download from Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpWVVnQl8wTTd0NW8
NEW QUESTION 220
Examine the exhibit shown below then answer the question that follows it.
Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:
A. FortiGate unit’s encryption certificate used by the SSL proxy.
B. FortiGate unit’s signing certificate used by the SSL proxy.
C. FortiGuard’s signing certificate used by the SSL proxy.
D. FortiGuard’s encryption certificate used by the SSL proxy.
NEW QUESTION 221
Shown below is a section of output from the debug command diag ip arp list.
index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1
In the output provided, which of the following best describes the IP address 172.20.187.150?
A. It is the primary IP address of the port1 interface.
B. It is one of the secondary IP addresses of the port1 interface.
C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.
NEW QUESTION 222
Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it.
Which one of the following statements correctly describes this output?
A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.
B. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup.
C. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used.
D. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.
NEW QUESTION 223
Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. The phase1 is for a route-based VPN configuration.
B. The phase1 is for a policy-based VPN configuration.
C. The local gateway IP is the address assigned to port1.
D. The local gateway IP address is 10.200.3.1.
NEW QUESTION 224
Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.
Which one of the following statements is correct regarding this output?
A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2.
B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.
C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.
D. OSPF Hello packets are not sent on point-to-point networks.
NEW QUESTION 225
Examine the static route configuration shown below; then answer the question following it.
config router static
set dst 172.20.1.0 255.255.255.0
set device port1
set gateway 188.8.131.52
set distance 10
set weight 5
set dst 172.20.1.0 255.255.255.0
set blackhole enable
set distance 5
set weight 10
Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)
A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.
B. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.
C. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
D. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.
E. Traffic to 172.20.1.0/24 will be shared through both routes.
NEW QUESTION 226
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a ‘super_admin’ profile will be able to enter multiple VDOMs to make configuration changes.
NEW QUESTION 227
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)
A. They both create separate broadcast domains.
B. Port Pairing works only for physical interfaces.
C. Forwarding Domains only apply to virtual interfaces.
D. They may contain physical and/or virtual interfaces.
E. They are only available in high-end models.
NEW QUESTION 228
Examine the Exhibits shown below, then answer the question that follows.
Review the following DLP Sensor (Exhibit 1):
Review the following File Filter list for rule #1 (Exhibit 2):
Review the following File Filter list for rule #2 (Exhibit 3):
Review the following File Filter list for rule #3 (Exhibit 4):
An MP3 file is renamed to `workbook.exe’ and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4. Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?
A. The file will be detected by rule #1 as an ‘Audio (mp3)’, a log entry will be created and it will be allowed to pass through.
B. The file will be detected by rule #2 as a “*.exe”, a log entry will be created and the interface that received the traffic will be brought down.
C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.
D. Nothing, the file will go undetected.
NEW QUESTION 229
What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)
A. Enable session pick-up.
B. Only applies to connections handled by a proxy.
C. Only applies to UDP and ICMP connections.
D. Connections must not be handled by a proxy.
NEW QUESTION 230
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
C. Using a hub and spoke topology provides stronger encryption.
D. The routing at a spoke is simpler, compared to a meshed node.
NEW QUESTION 231
Download the newest PassLeader NSE4 dumps from passleader.com now! 100% Pass Guarantee!
NSE4 PDF dumps & NSE4 VCE dumps: http://www.passleader.com/nse4.html (294 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!)
P.S. Free NSE4 Exam Dumps Collection On Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpWVVnQl8wTTd0NW8