Certbus > Fortinet > Security Expert > NSE4 > NSE4 Online Practice Questions and Answers

NSE4 Online Practice Questions and Answers

Questions 4

The exhibit shows a part output of the diagnostic command 'diagnose debug application ike 255', taken during establishment of a VPN. Which of the following statement are correct concerning this output? (choose two)

A. The quick mode selectors negotiated between both IPsec VPN peers is 0.0.0.0/32 for both source and destination addresses.

B. The output corresponds to a phase 2 negotiation

C. NAT-T enabled and there is third device in the path performing NAT of the traffic between both IPsec VPN peers.

D. The IP address of the remote IPsec VPN peer is 172.20.187.114

Browse 301 Q&As
Questions 5

Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.)

A. The source quick mode selector must be an IPv4 address.

B. The destination quick mode selector must be an IPv6 address.

C. The Local Gateway IP must be an IPv4 address.

D. The remote gateway IP must be an IPv6 address.

Browse 301 Q&As
Questions 6

In FortiOS session table output, what is the correct `proto_state' number for an established, non-proxied TCP connection?

B. 11

C. 01

D. 05

Browse 301 Q&As
Questions 7

You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using routebased mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route.

Which two configuration steps are required to achieve these objectives? (Choose two.)

A. Create one firewall policy.

B. Create two firewall policies.

C. Add a route to the remote subnet.

D. Add two IPsec phases 2.

Browse 301 Q&As
Questions 8

Which action does the FortiGate take when link health monitor times out?

A. All routes to the destination subnet configured in the link health monitor are removed from the routing table.

B. The distance values of all routes using interface configured in the link health monitor are increased.

C. The priority values of all routes using configured in the link health monitor are increased.

D. All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.

Browse 301 Q&As
Questions 9

Which of the following authentication methods can be used for SSL VPN authentication? (Choose three.)

A. Remote Password Authentication (RADIUS, LDAP)

B. Two-Factor Authentication

C. Local Password Authentication

D. FSSO

E. RSSO

Browse 301 Q&As
Questions 10

What capabilities can a FortiGate provide? (Choose three)

A. Mail relay

B. Email filtering

C. Firewall

D. VPN gateway

E. Mail server

Browse 301 Q&As
Questions 11

Review the exhibit of an explicit proxy policy configuration.

If there is a proxy connection attempt coming from the IP address 10.0.1.5, and from a user that has not authenticated yet, what action does the FortiGate proxy take?

A. User is prompted to authenticate. Traffic from the user Student will be allowed by the policy #1. Traffic from any other user will be allowed by the policy #2.

B. User is not prompted to authenticate. The connection is allowed by the proxy policy #2.

C. User is not prompted to authenticate. The connection will be allowed by the proxy policy #1.

D. User is prompted to authenticate. Only traffic from the user Student will be allowed. Traffic from any other user will be blocked.

Browse 301 Q&As
Questions 12

What is IPsec Perfect Forwarding Secrecy (PFS)?

A. A phase-1 setting that allows the use of symmetric encryption.

B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.

C. A `key-agreement' protocol.

D. A `security-association- agreement' protocol.

Browse 301 Q&As
Questions 13

Which of the following statements are true about the SSL Proxy certificate that must be used for SSL Content Inspection? (Choose two.)

A. It cannot be signed by a private CA

B. It must have either the field "CA=True" or the filed "Key Usage=KeyCertSign"

C. It must be installed in the FortiGate device

D. The subject filed must contain either the FQDN, or the IP address of the FortiGate device

Browse 301 Q&As
Questions 14

An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.

Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

A. Create firewall policies to allow and control traffic between the source and destination IP addresses.

B. Configure the appropriate user groups to allow users access to the tunnel.

C. Set the operating mode to IPsec VPN mode.

D. Define the phase 2 parameters.

E. Define the Phase 1 parameters.

Browse 301 Q&As
Questions 15

Of the following information, what can be recorded by a Data Leak Prevention sensor configured to do a summary archiving? (Choose three.)

A. Visited URL (for the case of HTTP traffic)

B. Sender email address (for the case of SMTP traffic)

C. Recipient email address (for the case of SMTP traffic)

D. Attached file (for the case of SMTP traffic)

E. Email body (for the case of SMTP traffic)

Browse 301 Q&As
Questions 16

Which statement best describes what SSL VPN Client Integrity Check does?

A. Blocks SSL VPN connection attempts from users that has been blacklisted.

B. Detects the Windows client security applications running in the SSL VPN client's PCs.

C. Validates the SSL VPN user credential.

D. Verifies which SSL VPN portal must be presented to each SSL VPN user.

E. Verifies that the latest SSL VPN client is installed in the client's PC.

Browse 301 Q&As
Questions 17

Which statement best describes the objective of the SYN proxy feature available in SP processors?

A. Accelerate the TCP 3-way handshake

B. Collect statistics regarding traffic sessions

C. Analyze the SYN packet to decide if the new session can be offloaded to the SP processor

D. Protect against SYN flood attacks.

Browse 301 Q&As
Questions 18

In the debug command output shown in the exhibit, which of the following best described the MAC address 00:09:0f:69:03:7e ?

A. It is one of the secondary MAC addresses of the port1 interface.

B. It is the primary MAC address of the port interface.

C. It is the MAC address of another network devices located in the same LAN segment as the FortiGate unit's port1 interface.

D. It is the HA virtual MAC address.

Browse 301 Q&As
Exam Code: NSE4
Exam Name: Fortinet Network Security Expert 4 Written Exam (400)
Last Update: Jul 10, 2023
Questions: 301 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99