This page was exported from Lead2pass Dumps For Exam With New Updated Exam Questions [ ] Export date:Sat Oct 31 2:11:08 2020 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Free Lead2pass Fortinet NSE4 Dumps VCE Download (76-100) --------------------------------------------------- 2017 October Fortinet Official New Released NSE4 Dumps in! 100% Free Download! 100% Pass Guaranteed! Lead2pass is the best place for preparing IT exam as we are providing the latest and guaranteed questions for all certifications. We offer you the ultimate preparation resource of Fortinet NSE4 exam questions and answers. Wondering what could be this effective? It is our Fortinet NSE4 VCE and PDF which serves as a guide to pass Fortinet NSE4 exam. Following questions and answers are all new published by Fortinet Official Exam Center: QUESTION 76What capabilities can a FortiGate provide? (Choose three.) A.    Mail relay.B.    Email filtering.C.    Firewall.D.    VPN gateway.E.    Mail server.Answer: BCD QUESTION 77Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.) A.    SNMPB.    WINSC.    HTTPD.    TelnetE.    SSH Answer: CDE QUESTION 78Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit? A.    MIB-based report uploads.B.    SNMP access limited by access lists.C.    Packet encryption.D.    Running SNMP service on a non-standard port is possible. Answer: C QUESTION 79What logging options are supported on a FortiGate unit? (Choose two.) A.    LDAPB.    SyslogC.    FortiAnalyzerD.    SNMP Answer: BC QUESTION 80What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to? A.    1B.    2C.    3D.    4 Answer: C QUESTION 81Regarding the header and body sections in raw log messages, which statement is correct? A.    The header and body section layouts change depending on the log type.B.    The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type.C.    Some log types include multiple body sections.D.    Some log types do not include a body section. Answer: B QUESTION 82In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below.   Which statements are correct regarding this setting? (Choose two.) A.    Interface settings on port7 will not be synchronized with other cluster members.B.    The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.C.    When connecting to port7 you always connect to the master device.D.    A gateway address may be configured for port7. Answer: AD QUESTION 83The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members.   What is the effect of the Disconnect Cluster Member command as given in the exhibit.(Choose two.) A.    Port3 is configured with an IP address for management access.B.    The firewall rules are purged on the disconnected unit.C.    The HA mode changes to standalone.D.    The system hostname is set to the unit serial number. Answer: AC QUESTION 84Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.) A.    IP address pool.B.    Virtual IP address.C.    IP address.D.    IP address group.E.    MAC address. Answer: BCD QUESTION 85Which header field can be used in a firewall policy for traffic matching? A.    ICMP type and code.B.    DSCP.C.    TCP window size.D.    TCP sequence number. Answer: A QUESTION 86The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function? A.    set orderB.    edit policyC.    reorderD.    move Answer: D QUESTION 87Examine the following CLI configuration: config system session-ttlset default 1800end What statement is true about the effect of the above configuration line? A.    Sessions can be idle for no more than 1800 seconds.B.    The maximum length of time a session can be open is 1800 seconds.C.    After 1800 seconds, the end user must re-authenticate.D.    After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server. Answer: A QUESTION 88In which order are firewall policies processed on a FortiGate unit? A.    From top to down, according with their sequence number.B.    From top to down, according with their policy ID number.C.    Based on best match.D.    Based on the priority value. Answer: A QUESTION 89Which statements are true regarding local user authentication? (Choose two.) A.    Two-factor authentication can be enabled on a per user basis.B.    Local users are for administration accounts only and cannot be used to authenticate network users.C.    Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate.D.    Both the usernames and passwords can be stored locally on the FortiGate Answer: AD QUESTION 90Examine the following spanning tree configuration on a FortiGate in transparent mode: config system interfaceedit <interface name>set stp-forward enableend Which statement is correct for the above configuration? A.    The FortiGate participates in spanning tree.B.    The FortiGate device forwards received spanning tree messages.C.    Ethernet layer-2 loops are likely to occur.D.    The FortiGate generates spanning tree BPDU frames. Answer: B QUESTION 91Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device. Exhibit A:   Exhibit B:   Given the information provided in the exhibits, which of the following statements are correct? (Choose two.) A.    STUDENT is likely to be the master device.B.    Session-pickup is likely to be enabled.C.    The cluster mode is active-passive.D.    There is not enough information to determine the cluster mode. Answer: AD QUESTION 92An administrator has formed a high availability cluster involving two FortiGate units. [ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.Which of the following options describes the best step the administrator can take?The administrator should _____________________. A.    Increase the number of FortiGate units in the cluster and configure HA in active-active mode.B.    Enable monitoring of all active interfaces.C.    Set up a full-mesh design which uses redundant interfaces.D.    Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted. Answer: C QUESTION 93In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit? A.    Request: internal host; slave FortiGate; master FortiGate; Internet; web server.B.    Request: internal host; slave FortiGate; Internet; web server.C.    Request: internal host; slave FortiGate; master FortiGate; Internet; web server.D.    Request: internal host; master FortiGate; slave FortiGate; Internet; web server. Answer: D QUESTION 94Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device. Exhibit A:   Exhibit B   Which one of the following is the most likely reason that the cluster fails to form? A.    PasswordB.    HA modeC.    HearbeatD.    Override Answer: B QUESTION 95Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?. A.    Policy-based only.B.    Route-based only.C.    Either policy-based or route-based VPN.D.    GRE-based only. Answer: B QUESTION 96You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route.Which two configuration steps are required to achieve these objectives? (Choose two.) A.    Create one firewall policy.B.    Create two firewall policies.C.    Add a route to the remote subnet.D.    Add two IPsec phases 2. Answer: BC QUESTION 97An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.Which three configuration steps must be performed on both units to support this scenario? (Choose three.) A.    Create firewall policies to allow and control traffic between the source and destination IP addresses.B.    Configure the appropriate user groups to allow users access to the tunnel.C.    Set the operating mode to IPsec VPN mode.D.    Define the phase 2 parameters.E.    Define the Phase 1 parameters. Answer: ADE QUESTION 98What is IPsec Perfect Forwarding Secrecy (PFS)?. A.    A phase-1 setting that allows the use of symmetric encryption.B.    A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.C.    A `key-agreement' protocol.D.    A `security-association-agreement' protocol. Answer: B QUESTION 99An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration? A.    The IPsec firewall policies must be placed at the top of the list.B.    This VPN cannot be used as part of a hub and spoke topology.C.    Routes are automatically created based on the quick mode selectors.D.    A virtual IPsec interface is automatically created after the Phase 1 configuration is completed. Answer: D QUESTION 100A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received.Which are two reasons for this problem? (Choose two.) A.    The FortiGate is connected to multiple ISPs.B.    There is a NAT device between the FortiGate and the FortiGuard Distribution Network.C.    The FortiGate is in Transparent mode.D.    The external facing interface of the FortiGate is configured to get the IP address from a DHCP server. Answer: BD Practise Lead2pass NSE4 braindumps and pass your exam easily. Lead2pass is number one company for real exam dumps. Download Lead2pass NSE4 exam questions and answers PDF file and prepare from our study material. NSE4 new questions on Google Drive: 2017 Fortinet NSE4 exam dumps (All 533 Q&As) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-10-11 03:41:55 Post date GMT: 2017-10-11 03:41:55 Post modified date: 2017-10-11 03:41:55 Post modified date GMT: 2017-10-11 03:41:55 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from