2016/09 New NSE4: Fortinet Network Security Professional Exam Questions Updated Today!
Free Download NSE4 Exam Dumps(PDF & VCE) 294Q&As from Braindump2go.com Today!
100% Real Exam Questions! 100% Exam Pass Guaranteed!
NEW QUESTION 220 – NEW QUESTION 230:
1.|2016/09 New NSE4 Exam Dumps(PDF & VCE)294Q&As Dowbload:http://www.braindump2go.com/nse4.html
2.|2016/09 New NSE4 Exam Questions & Answers:https://drive.google.com/folderview?id=0B75b5xYLjSSNMVFlbFVYbm15N1k&usp=sharing
Examine the exhibit shown below then answer the question that follows it.
Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:
A. FortiGate unit’s encryption certificate used by the SSL proxy.
B. FortiGate unit’s signing certificate used by the SSL proxy.
C. FortiGuard’s signing certificate used by the SSL proxy.
D. FortiGuard’s encryption certificate used by the SSL proxy.
Shown below is a section of output from the debug command diag ip arp list.
index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1
In the output provided, which of the following best describes the IP address
A. It is the primary IP address of the port1 interface.
B. It is one of the secondary IP addresses of the port1 interface.
C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.
Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it.
Which one of the following statements correctly describes this output?
A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.
B. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup.
C. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used.
D. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.
Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. The phase1 is for a route-based VPN configuration.
B. The phase1 is for a policy-based VPN configuration.
C. The local gateway IP is the address assigned to port1.
D. The local gateway IP address is 10.200.3.1.
Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.
Which one of the following statements is correct regarding this output?
A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses
172.16.1.1 and 172.16.1.2.
B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.
C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.
D. OSPF Hello packets are not sent on point-to-point networks.
Examine the static route configuration shown below; then answer the question following it.
config router static
set dst 172.20.1.0 255.255.255.0
set device port1
set gateway 126.96.36.199
set distance 10
set weight 5
set dst 172.20.1.0 255.255.255.0
set blackhole enable
set distance 5
set weight 10
Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)
A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.
B. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.
C. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
D. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.
E. Traffic to 172.20.1.0/24 will be shared through both routes.
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a ‘super_admin’ profile will be able to enter multiple VDOMs to make configuration changes.
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)
A. They both create separate broadcast domains.
B. Port Pairing works only for physical interfaces.
C. Forwarding Domains only apply to virtual interfaces.
D. They may contain physical and/or virtual interfaces.
E. They are only available in high-end models.
Examine the Exhibits shown below, then answer the question that follows.
Review the following DLP Sensor (Exhibit 1):
Review the following File Filter list for rule #1 (Exhibit 2):
Review the following File Filter list for rule #2 (Exhibit 3):
Review the following File Filter list for rule #3 (Exhibit 4):
An MP3 file is renamed to `workbook.exe’ and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4.
Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?
A. The file will be detected by rule #1 as an `Audio (mp3)’, a log entry will be created and it will be allowed to pass through.
B. The file will be detected by rule #2 as a “*.exe”, a log entry will be created and the interface that received the traffic will be brought down.
C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.
D. Nothing, the file will go undetected.
What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)
A. Enable session pick-up.
B. Only applies to connections handled by a proxy.
C. Only applies to UDP and ICMP connections.
D. Connections must not be handled by a proxy.
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
C. Using a hub and spoke topology provides stronger encryption.
D. The routing at a spoke is simpler, compared to a meshed node.
1.Braindump2go |2016/09 New NSE4 PDF & NSE4 VCE 294Q&As Dowbload:
2.Braindump2go |2016/09 New NSE4 Questions & Answers: