[Lead2pass New] NSE4 Exam Questions Free Download From Lead2pass (151-175)

2017 October Fortinet Official New Released NSE4 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

NSE4 easy pass guide: Preparing for Fortinet NSE4 exam is really a tough task to accomplish. However, Lead2pass delivers the most comprehensive braindumps, covering each and every aspect of NSE4 exam curriculum.

Following questions and answers are all new published by Fortinet Official Exam Center: https://www.lead2pass.com/nse4.html

QUESTION 151
Which of the following products is designed to manage multiple FortiGate devices?

A.    FortiGate device
B.    FortiAnalyzer device
C.    FortiClient device
D.    FortiManager device
E.    FortiMail device
F.    FortiBridge device

Answer: D

QUESTION 152
Which of the following products provides dedicated hardware to analyze log data from multiple FortiGate devices?

A.    FortiGate device
B.    FortiAnalyzer device
C.    FortiClient device
D.    FortiManager device
E.    FortiMail device
F.    FortiBridge device

Answer: B

QUESTION 153
Which of the following are valid FortiGate device interface methods for handling DNS requests? (Select all that apply.)

A.    Forward-only
B.    Non-recursive
C.    Recursive
D.    Iterative
E.    Conditional-forward

Answer: ABC

QUESTION 154
The default administrator profile that is assigned to the default “admin” user on a FortGate device is:____________________.

A.    trusted-admin
B.    super_admin
C.    super_user
D.    admin
E.    fortinet-root

Answer: B

QUESTION 155
Which of the following logging options are supported on a FortiGate unit? (Select all that apply.)

A.    LDAP
B.    Syslog
C.    FortiAnalyzer
D.    Local disk and/or memory

Answer: BCD

QUESTION 156
In order to match an identity-based policy, the FortiGate unit checks the IP information. Once inside the policy, the following logic is followed:

A.    First, a check is performed to determine if the user’s login credentials are valid. Next, the user is checked to determine if they belong to any of the groups defined for that policy. Finally, user restrictions are determined and port, time, and UTM profiles are applied.
B.    First, user restrictions are determined and port, time, and UTM profiles are applied. Next, a check is performed to determine if the user’s login credentials are valid. Finally, the user is checked to determine if they belong to any of the groups defined for that policy.
C.    First, the user is checked to determine if they belong to any of the groups defined for that policy. Next, user restrictions are determined and port, time, and UTM profiles are applied. Finally, a check is performed to determine if the user’s login credentials are valid.

Answer: A

QUESTION 157
Which of the following statements regarding the firewall policy authentication timeout is true?

A.    The authentication timeout is an idle timeout.
This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source IP.
B.    The authentication timeout is a hard timeout.
This means that the FortiGate unit will remove the temporary policy for this user’s source IP after this timer has expired.
C.    The authentication timeout is an idle timeout.
This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source MAC.
D.    The authentication timeout is a hard timeout.
This means that the FortiGate unit will remove the temporary policy for this user’s source MAC after this timer has expired.

Answer: A

QUESTION 158
Two-factor authentication is supported using the following methods? (Select all that apply.)

A.    FortiToken
B.    Email
C.    SMS phone message
D.    Code books

Answer: ABC

QUESTION 159
Which of the following statements are true regarding Local User Authentication? (Select all that apply.)

A.    Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.
B.    Two-factor authentication can be enabled on a per user basis.
C.    Administrators can create an account for the user locally and specify the remote server to verify the password.
D.    Local users are for administration accounts only and cannot be used for identity policies.

Answer: ABC

QUESTION 160
Which of the statements below are true regarding firewall policy disclaimers? (Select all that apply.)

A.    User must accept the disclaimer to proceed with the authentication process.
B.    The disclaimer page is customizable.
C.    The disclaimer cannot be used in combination with user authentication.
D.    The disclaimer can only be applied to wireless interfaces.

Answer: AB

QUESTION 161
Examine the firewall configuration shown below; then answer the question following it.

 

Which of the following statements are correct based on the firewall configuration illustrated in the exhibit? (Select all that apply.)

A.    A user can access the Internet using only the protocols that are supported by user authentication.
B.    A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.
These require authentication before the user will be allowed access.
C.    A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.
D.    A user cannot access the Internet using any protocols unless the user has passed firewall authentication.

Answer: AD

QUESTION 162
When browsing to an internal web server using a web-mode SSL VPN bookmark, from which of the following source IP addresses would the web server consider the HTTP request to be initiated?

A.    The remote user’s virtual IP address.
B.    The FortiGate unit’s internal IP address.
C.    The remote user’s public IP address.
D.    The FortiGate unit’s external IP address.

Answer: B

QUESTION 163
An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN.
The tunnel will start up for a few seconds, then shut down.
Which of the following statements best describes how to resolve this issue?

A.    This user does not have permission to enable tunnel mode.
Make sure that the tunnel mode widget has been added to that user’s web portal.
B.    This FortiGate unit may have multiple Internet connections.
To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface.
C.    Check the SSL adaptor on the host machine.
If necessary, uninstall and reinstall the adaptor from the tunnel mode portal.
D.    Make sure that only Internet Explorer is used.
All other browsers are unsupported.

Answer: B

QUESTION 164
You are the administrator in charge of a FortiGate unit which acts as a VPN gateway.
You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions.
There is only 1 subnet at either end and the FortiGate unit already has a default route.
Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)

A.    Create one firewall policy.
B.    Create two firewall policies.
C.    Add a route for the remote subnet.
D.    Add a route for incoming traffic.
E.    Create a phase 1 definition.
F.    Create a phase 2 definition.

Answer: BCEF

QUESTION 165
Which email filter is NOT available on a FortiGate device?

A.    Sender IP reputation database.
B.    URLs included in the body of known SPAM messages.
C.    Email addresses included in the body of known SPAM messages.
D.    Spam object checksums.
E.    Spam grey listing.

Answer: E

QUESTION 166
A firewall policy has been configured such that traffic logging is disabled and a UTM function is enabled.
In addition, the system setting `utm-incident-traffic-log’ has been enabled.
In which log will a UTM event message be stored?

A.    Traffic
B.    UTM
C.    System
D.    None

Answer: A

QUESTION 167
Which one of the following statements is correct about raw log messages?

A.    Logs have a header and a body section.
The header will have the same layout for every log message.
The body section will change layout from one type of log message to another.
B.    Logs have a header and a body section.
The header and body will change layout from one type of log message to another.
C.    Logs have a header and a body section.
The header and body will have the same layout for every log message.

Answer: A

QUESTION 168
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?

A.    Packet encryption
B.    MIB-based report uploads
C.    SNMP access limits through access lists
D.    Running SNMP service on a non-standard port is possible

Answer: A

QUESTION 169
Which of the following authentication types are supported by FortiGate units? (Select all that apply.)

A.    Kerberos
B.    LDAP
C.    RADIUS
D.    Local Users

Answer: BCD

QUESTION 170
Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

A.    Firewall
B.    Directory Service
C.    Local
D.    LDAP
E.    PKI

Answer: AB

QUESTION 171
Users may require access to a web site that is blocked by a policy.
Administrators can give users the ability to override the block.
Which of the following statements regarding overrides are correct? (Select all that apply.)

A.    A protection profile may have only one user group defined as an override group.
B.    A firewall user group can be used to provide override privileges for FortiGuard Web Filtering.
C.    Authentication to allow the override is based on a user’s membership in a user group.
D.    Overrides can be allowed by the administrator for a specific period of time.

Answer: BCD

QUESTION 172
Users may require access to a web site that is blocked by a policy.
Administrators can give users the ability to override the block.
Which of the following statements regarding overrides is NOT correct?

A.    A web filter profile may only have one user group defined as an override group.
B.    A firewall user group can be used to provide override privileges for FortiGuard Web Filtering.
C.    When requesting an override, the matched user must belong to a user group for which the override capabilty has been enabled.
D.    Overrides can be allowed by the administrator for a specific period of time.

Answer: A

QUESTION 173
An administrator has configured a FortiGate unit so that end users must authenticate against the firewall using digital certificates before browsing the Internet.
What must the user have for a successful authentication? (Select all that apply.)

A.    An entry in a supported LDAP Directory.
B.    A digital certificate issued by any CA server.
C.    A valid username and password.
D.    A digital certificate issued by the FortiGate unit.
E.    Membership in a firewall user group.

Answer: BE

QUESTION 174
The FortiGate unit can be configured to allow authentication to a RADIUS server. The RADIUS server can use several different authentication protocols during the authentication process.
Which of the following are valid authentication protocols that can be used when a user authenticates to the RADIUS server? (Select all that apply.)

A.    MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication Protocol v2)
B.    PAP (Password Authentication Protocol)
C.    CHAP (Challenge-Handshake Authentication Protocol)
D.    MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol v1)
E.    FAP (FortiGate Authentication Protocol)

Answer: ABCD

QUESTION 175
Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)

A.    Domain Local Security Agent.
B.    Collector Agent.
C.    Active Directory Agent.
D.    User Authentication Agent.
E.    Domain Controller Agent.

Answer: BE

Lead2pass provides guarantee of Fortinet NSE4 exam because Lead2pass is an authenticated IT certifications site. The NSE4 dump is updated with regular basis and the answers are rechecked of every exam. Good luck in your exam.

NSE4 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDeFZLNEJDeDRQdlE

2017 Fortinet NSE4 exam dumps (All 533 Q&As) from Lead2pass:

https://www.lead2pass.com/nse4.html [100% Exam Pass Guaranteed]

Comments are closed.