New Updated NSE4 Exam Questions from PassLeader NSE4 PDF dumps! Welcome to download the newest PassLeader NSE4 VCE dumps: https://www.passleader.com/nse4.html (562 Q&As)
Keywords: NSE4 exam dumps, NSE4 exam questions, NSE4 VCE dumps, NSE4 PDF dumps, NSE4 practice tests, NSE4 study guide, NSE4 braindumps, NSE4 — Fortinet Network Security Professional Exam
P.S. New NSE4 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpWVVnQl8wTTd0NW8
>> New NSE5 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM
>> New NSE6 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ
>> New NSE7 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpZk45YTEzNVBoMGc
>> New NSE8 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpN0wyemxuQTI1UTA
NEW QUESTION 1
What does the command diagnose debuf fsso-polling refresh-user do?
A. It refreshes user group information form any servers connected to the FortiGate using a collector agent.
B. It refreshes all users learned through agentless polling.
C. It displays status information and some statistics related with the polls done by FortiGate on each DC.
D. It enables agentless polling mode real-time debug.
Answer: C
NEW QUESTION 2
Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?
A. The FortiGate is able to handle NATed connections only with aggressive mode.
B. FortiClient supports aggressive mode.
C. The remote peers are able to provide their peer IDs in the first message with aggressive mode.
D. Main mode does not support XAuth for user authentication.
Answer: B
NEW QUESTION 3
Which statements about FortiGate inspection modes are true? (Choose two.)
A. The default inspection mode is proxy based.
B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.
C. Proxy-based inspection is not available in VDOMs operating in transparent mode.
D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.
Answer: AC
NEW QUESTION 4
In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?
A. Client > primary FortiGate > secondary FortiGate > primary FortiGate > web server.
B. Client > secondary FortiGate > web server.
C. Client > secondary FortiGate > primary FortiGate > web server.
D. Client > primary FortiGate > secondary FortiGate > web server.
Answer: D
NEW QUESTION 5
A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface. Which statement about the VLAN IDs in this scenario is true?
A. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
B. The two VLAN sub-interfaces must have different VLAN IDs.
C. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in the same subnet.
D. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
Answer: C
NEW QUESTION 6
How can you format the FortiGate flash disk?
A. Load the hardware test (HQIP) image.
B. Execute the CLI command execute formatlogdisk.
C. Load a debug FortiOS image.
D. Select the format boot device option from the BIOS menu.
Answer: D
NEW QUESTION 7
How do you configure inline SSL inspection on a firewall policy? (Choose two.)
A. Enable one or more flow-based security profiles on the firewall policy.
B. Enable the SSL/SSH Inspection profile on the firewall policy.
C. Execute the inline ssl inspection CLI command.
D. Enable one or more proxy-based security profiles on the firewall policy.
Answer: AB
NEW QUESTION 8
Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)
A. IPv6
B. RIP
C. GRE
D. NAT64
Answer: AD
NEW QUESTION 9
An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy. What else is required for the CASI profile to work properly?
A. You must enable logging for security events on the firewall policy.
B. You must activate a FortiCloud account.
C. You must apply an application control profile to the firewall policy.
D. You must enable SSL inspection on the firewall policy.
Answer: C
NEW QUESTION 10
How does FortiGate look for a matching firewall policy to process traffic?
A. From top to bottom, based on the sequence numbers.
B. Based on best match.
C. From top to bottom, based on the policy ID numbers.
D. From lower to higher, based on the priority value.
Answer: A
NEW QUESTION 11
How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?
A. Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.
B. Enable the shape option in a firewall policy with service set to BitTorrent.
C. Apply a traffic shaper to a BitTorrent entry in the SSL/SSH inspection profile.
D. Apply a traffic shaper to a protocol options profile.
Answer: B
NEW QUESTION 12
Which file names will match the *.tiff file name pattern configured in a data leak prevention filter? (Choose two.)
A. tiff.tiff
B. tiff.png
C. tiff.jpeg
D. gif.tiff
Answer: AD
NEW QUESTION 13
An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?
A. Only digital certificates will be accepted as an authentication method in phase 1.
B. Dialup clients must provide a username and password for authentication.
C. Phase 1 negotiations will skip pre-shared key exchange.
D. Dialup clients must provide their local ID during phase 2 negotiations.
Answer: B
NEW QUESTION 14
Which component of FortiOS performs application control inspection?
A. Kernel
B. Antivirus engine
C. IPS engine
D. Application control engine
Answer: D
NEW QUESTION 15
Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)
A. They support GRE-over-IPsec.
B. They can be configured in both NAT/Route and transparent operation modes.
C. They require two firewall policies: one for each direction of traffic flow.
D. They support L2TP-over-IPsec.
Answer: BC
NEW QUESTION 16
What statement describes what DNS64 does?
A. Converts DNS A record lookups to AAAA record lookups.
B. Translates the destination IPv6 address of the DNS traffic to an IPv4 address.
C. Synthesizes DNS AAAA records from A records.
D. Translates the destination IPv4 address of the DNS traffic to an IPv6 address.
Answer: B
NEW QUESTION 17
Which of the following statements are true when using Web Proxy Auto-discovery Protocol (WPAD) with the DHCP discovery method? (Choose two.)
A. The browser sends a DHCPINFORM request to the DHCP server.
B. The browser will need to be preconfigured with the DHCP server’s IP address.
C. The DHCP server provides the PAC file for download.
D. If the DHCP method fails, browsers will try the DNS method.
Answer: CD
NEW QUESTION 18
What inspections are executed by the IPS engine? (Choose three.)
A. Application control
B. Flow-based data leak prevention
C. Proxy-based antispam
D. Flow-based web filtering
E. Proxy-based antivirus
Answer: ABD
NEW QUESTION 19
……
Download the newest PassLeader NSE4 dumps from passleader.com now! 100% Pass Guarantee!
NSE4 PDF dumps & NSE4 VCE dumps: https://www.passleader.com/nse4.html (562 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!)
P.S. New NSE4 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpWVVnQl8wTTd0NW8
>> New NSE5 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM
>> New NSE6 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpX0pDRzN5bDJDMTQ
>> New NSE7 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpZk45YTEzNVBoMGc
>> New NSE8 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpN0wyemxuQTI1UTA