Limited Time Discount Offer
30% Off - Ends in 02:00:00

X

Fortinet NSE4 Dumps

Fortinet
Fortinet Network Security Expert 4 Written (400)
Fortinet
Fortinet Network Security Expert 4 Written (400)

Questions & Answers for Fortinet NSE4

Showing 1-15 of 274 Questions

Question #1 - Topic 1

Examine the following log message for IPS and identify the valid responses below. (Select
all that apply.)
2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root
severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0
status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood"
icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1"
ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold
50"

A. The target is 192.168.3.168.

B. The target is 192.168.3.170.

C. The attack was detected and blocked.

D. The attack was detected only.

E. The attack was TCP based.

Question #2 - Topic 1

Review the output of the command config router ospf shown in the Exhibit below; then
answer the question following it.

Which one of the following statements is correct regarding this output?

A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2.

B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.

C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.

D. OSPF Hello packets are not sent on point-to-point networks.

Question #3 - Topic 1

Review the static route configuration for IPsec shown in the Exhibit below; then answer the
question following it.

Which of the following statements are correct regarding this configuration? (Select all that
apply).

A. Remote_1 is a Phase 1 object with interface mode enabled

B. The gateway address is not required because the interface is a point-to-point connection

C. The gateway address is not required because the default route is used

D. Remote_1 is a firewall zone

Question #4 - Topic 1

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and
REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT
device. Exhibit B shows the command output of 'show system ha' for the REMOTE device.
Exhibit A:

Exhibit B

Which one of the following is the most likely reason that the cluster fails to form?

A. Password

B. HA mode

C. Hearbeat

D. Override

Question #5 - Topic 1

Examine the Exhibit shown below; then answer the question following it.

The Vancouver FortiGate unit initially had the following information in its routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2
C 172.11.11.0/24 is directly connected, port1
Afterwards, the following static route was added:
config router static
edit 6
set dst 172.20.1.0 255.255.255.0
set pririoty 0
set device port1
set gateway 172.11.12.1
next
end
Since this change, the new static route is NOT showing up in the routing table. Given the
information provided, which of the following describes the cause of this problem?

A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.

B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.

C. The priority is 0, which means that the route will remain inactive.

D. The static route configuration is missing the distance setting.

Question #6 - Topic 1

Which of the following statements are correct about the HA diag command diagnose sys ha
reset-uptime? (Select all that apply.)

A. The device this command is executed on is likely to switch from master to slave status if master override is disabled.

B. The device this command is executed on is likely to switch from master to slave status if master override is enabled.

C. This command has no impact on the HA algorithm.

D. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

Question #7 - Topic 1

Review the IPsec phase1 configuration in the Exhibit shown below; then answer the
question following it.

Which of the following statements are correct regarding this configuration? (Select all that
apply).

A. The phase1 is for a route-based VPN configuration.

B. The phase1 is for a policy-based VPN configuration.

C. The local gateway IP is the address assigned to port1.

D. The local gateway IP address is 10.200.3.1.

Question #8 - Topic 1

Examine the exhibit shown below then answer the question that follows it.

Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of
the following:

A. FortiGate unit’s encryption certificate used by the SSL proxy.

B. FortiGate unit’s signing certificate used by the SSL proxy.

C. FortiGuard’s signing certificate used by the SSL proxy.

D. FortiGuard’s encryption certificate used by the SSL proxy.

Question #9 - Topic 1

In a High Availability cluster operating in Active-Active mode, which of the following
correctly describes the path taken by the SYN packet of an HTTP session that is offloaded
to a subordinate unit?

A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server

B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server

C. Request: Internal Host; Slave FortiGate; Internet; Web Server

D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server

Question #10 - Topic 1

Examine the Exhibits shown below, then answer the question that follows.
Review the following DLP Sensor (Exhibit 1):

Review the following File Filter list for rule #1 (Exhibit 2):

Review the following File Filter list for rule #2 (Exhibit 3):

Review the following File Filter list for rule #3 (Exhibit 4):

An MP3 file is renamed to workbook.exe and put into a ZIP archive. It is then sent through
the FortiGate device over HTTP. It is intercepted and processed by the configuration
shown in the above Exhibits 1-4.
Assuming the file is not too large for the File scanning threshold, what action will the
FortiGate unit take?

A. The file will be detected by rule #1 as an Audio (mp3), a log entry will be created and it will be allowed to pass through.

B. The file will be detected by rule #2 as a *.exe, a log entry will be created and the interface that received the traffic will be brought down.

C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.

D. Nothing, the file will go undetected.

Question #11 - Topic 1

Examine the static route configuration shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.1.0 255.255.255.0
set device port1
set gateway 172.11.12.1
set distance 10
set weight 5
next
edit 2
set dst 172.20.1.0 255.255.255.0
set blackhole enable
set distance 5
set weight 10
next
end
Which of the following statements correctly describes the static routing configuration
provided? (Select all that apply.)

A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.

B. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.

C. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.

D. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.

E. Traffic to 172.20.1.0/24 will be shared through both routes.

Question #12 - Topic 1

Which of the following statements are correct regarding Application Control?

A. Application Control is based on the IPS engine.

B. Application Control is based on the AV engine.

C. Application Control can be applied to SSL encrypted traffic.

D. Application Control cannot be applied to SSL encrypted traffic.

Question #13 - Topic 1

How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

A. File TypE. Microsoft Office(msoffice)

B. File TypE. Archive(zip)

C. File TypE. Unknown Filetype(unknown)

D. File NamE. "*.ppt", "*.doc", "*.xls"

E. File NamE. "*.pptx", "*.docx", "*.xlsx"

Question #14 - Topic 1

The eicar test virus is put into a zip archive, which is given the password of Fortinet in
order to open the archive. Review the configuration in the exhibits shown below; then
answer the question that follows.
Exhibit A Antivirus Profile:

Exhibit B Non-default UTM Proxy Options Profile:

Exhibit C DLP Profile:

Which of one the following profiles could be enabled in order to prevent the file from
passing through the FortiGate device over HTTP on the standard port for that protocol?

A. Only Exhibit A

B. Only Exhibit B

C. Only Exhibit C with default UTM Proxy settings.

D. All of the Exhibits (A, B and C)

E. Only Exhibit C with non-default UTM Proxy settings (Exhibit B).

Question #15 - Topic 1

For Data Leak Prevention, which of the following describes the difference between the
block and quarantine actions?

A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.

B. A block action prevents the transaction. A quarantine action archives the data.

C. A block action has a finite duration. A quarantine action must be removed by an administrator.

D. A block action is used for known users. A quarantine action is used for unknown users.

×