This page was exported from New Exam Dumps for All Certification Exams [ ] Export date:Wed May 22 10:23:03 2019 / +0000 GMT ___________________________________________________ Title: [July-2017 Dumps] Free PassLeader NSE4 Study Guide With Free VCE and PDF Download --------------------------------------------------- New Updated NSE4 Exam Questions from PassLeader NSE4 PDF dumps! Welcome to download the newest PassLeader NSE4 VCE dumps: (360 Q&As) Keywords: NSE4 exam dumps, NSE4 exam questions, NSE4 VCE dumps, NSE4 PDF dumps, NSE4 practice tests, NSE4 study guide, NSE4 braindumps, NSE4 -- Fortinet Network Security Professional Exam P.S. New NSE4 dumps PDF: >> New NSE5 dumps PDF: >> New NSE6 dumps PDF: >> New NSE7 dumps PDF: >> New NSE8 dumps PDF: NEW QUESTION 301A FortiGate interface is configured with the following commands:What statements about the configuration are correct? (Choose two.) A.    IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.B.    FortiGate can provide DNS settings to IPv6 clients.C.    FortiGate can send IPv6 router advertisements (RAs.)D.    FortiGate can provide IPv6 addresses to DHCPv6 client. Answer: CD NEW QUESTION 302Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.) A.    SP3B.    CP8C.    NP4D.    NP6 Answer: CD NEW QUESTION 303Under what circumstance would you enable LEARN as the Action on a firewall policy? A.    You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.B.    You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.C.    You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.D.    You want FortiGate to automatically modify your firewall policies as it learns your networking behavior. Answer: B NEW QUESTION 304What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.) A.    Code blocksB.    SMS phone messageC.    FortiTokenD.    Browser pop-up windowE.    Email Answer: BCE NEW QUESTION 305You are tasked to architect a new IPsec deployment with the following criteria:- There are two HQ sites that all satellite offices must connect to.- The satellite offices do not need to communicate directly with other satellite offices.- No dynamic routing will be used.- The design should minimize the number of tunnels being configured.Which topology should be used to satisfy all of the requirements? A.    RedundantB.    Hub-and-spokeC.    Partial meshD.    Fully meshed Answer: B NEW QUESTION 306View the exhibit. Which of the following statements are correct? (Choose two.) A.    This is a redundant IPsec setup.B.    The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.C.    This setup requires at least two firewall policies with action set to IPsec.D.    Dead peer detection must be disabled to support this type of IPsec setup. Answer: AB NEW QUESTION 307Which statements about DNS filter profiles are true? (Choose two.) A.    They can inspect HTTP traffic.B.    They must be applied in firewall policies with SSL inspection enabled.C.    They can block DNS request to known botnet command and control servers.D.    They can redirect blocked requests to a specific portal. Answer: BC NEW QUESTION 308An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive. Which statements are true? (Choose two.) A.    Logs must be stored on FortiGate first, before transmitting to FortiAnalyzer.B.    FortiGate uses port 8080 for log transmission.C.    Log messages are transmitted as plain text in LZ4 compressed format (store-and-upload method).D.    FortiGate can encrypt communications using SSL encrypted OFTP traffic. Answer: AD NEW QUESTION 309Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.) A.    The collector agent does not need to search any security event logs.B.    WMI polling can increase bandwidth usage with large networks.C.    The NetSessionEnum function is used to track user logoffs.D.    The collector agent uses a Windows API to query DCs for user logins. Answer: BD NEW QUESTION 310An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.) A.    The interface has been configured for one-arm sniffer.B.    The interface is a member of a virtual wire pair.C.    The operation mode is transparent.D.    The interface is a member of a zone.E.    Captive portal is enabled in the interface. Answer: BCD NEW QUESTION 311View the example routing table. Which route will be selected when trying to reach A. [10/0] via, port2B.    The traffic will be dropped because it cannot be routedC. [10/0] via, port3D. [10/0] via, port1 Answer: A NEW QUESTION 312When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? A.    The FortiGate unit's public IP addressB.    The FortiGate unit's internal IP addressC.    The remote user's virtual IP addressD.    The remote user's public IP address Answer: B NEW QUESTION 313What is FortiGate's behavior when local disk logging is disabled? A.    Only real-time logs appear on the FortiGate dashboard.B.    No logs are generated.C.    Alert emails are disabled.D.    Remote logging is automatically enabled. Answer: A NEW QUESTION 314What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.) A.    Traffic to inappropriate web sitesB.    SQL injection attacksC.    Server information disclosure attacksD.    Credit card data leaksE.    Traffic to botnet command and control (C&C) servers Answer: BCE NEW QUESTION 315Which statements about One-to-One IP pool are true? (Choose two.) A.    It allows configuration of ARP replies.B.    It allows fixed mapping of an internal address range to an external address range.C.    It is used for destination NAT.D.    It does not use port address translation. Answer: BC NEW QUESTION 316Which statements correctly describe transparent mode operation? (Choose three.) A.    All interfaces of the transparent mode FortiGate device must be on different IP subnets.B.    The transparent FortiGate is visible to network hosts in an IP traceroute.C.    It permits inline traffic inspection and firewalling without changing the IP scheme of the network.D.    Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.E.    The FortiGate acts as transparent bridge and forwards traffic at Layer-2. Answer: CDE NEW QUESTION 317View the exhibit. What is the effect of the Disconnect Cluster Member operation as shown in the exhibit? (Choose two.) A.    The HA mode changes to standalone.B.    The firewall policies are deleted on the disconnected member.C.    The system hostname is set to the FortiGate serial number.D.    The port3 is configured with an IP address for management access. Answer: AD NEW QUESTION 318What step is required an SSL VPN to access to an internal server using port forward mode? A.    Configure the virtual IP addresses to be assigned to the SSL VPN users.B.    Install FortiClient SSL VPN clientC.    Create a SSL VPN realm reserved for clients using port forward mode.D.    Configure the client application to forward IP traffic to a Java applet proxy. Answer: D NEW QUESTION 319View the exhibit. This is a sniffer output of a telnet connection request from to the port1 interface of FGT1.In this scenario. FGT1 has the following routing table:Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding? A.    The port1 cable is disconnected.B.    The connection is dropped due to reverse path forwarding check.C.    The connection is denied due to forward policy check.D.    FGT1's port1 interface is administratively down. Answer: B NEW QUESTION 320An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.) A.    Enable a web filtering profile on the firewall policy.B.    Create an application control policy.C.    Enable logging on the firewall policy.D.    Enable an application control security profile on the firewall policy. Answer: BD NEW QUESTION 321A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups. What is required in the SSL VPN configuration to meet these requirements? A.    Two separated SSL VPNs in different interfaces of the same VDOMB.    Different SSL VPN realms for each groupC.    Different virtual SSLVPN IP addresses for each groupD.    Two firewall policies with different captive portals Answer: D NEW QUESTION 322…… Download the newest PassLeader NSE4 dumps from now! 100% Pass Guarantee! NSE4 PDF dumps & NSE4 VCE dumps: (360 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!) P.S. New NSE4 dumps PDF: >> New NSE5 dumps PDF: >> New NSE6 dumps PDF: >> New NSE7 dumps PDF: >> New NSE8 dumps PDF: --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-18 08:14:50 Post date GMT: 2017-07-18 08:14:50 Post modified date: 2017-07-18 08:14:50 Post modified date GMT: 2017-07-18 08:14:50 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from