Skip to content

[Lead2pass New] Lead2pass Latest Fortinet NSE4 Exam Questions Free Download (251-260)

Posted in Fortinet, NSE4 Dumps, NSE4 Exam Questions, NSE4 New Questions, NSE4 PDF, and NSE4 VCE

Lead2pass 2017 November New Fortinet NSE4 Exam Dumps!

100% Free Download! 100% Pass Guaranteed!

Fortinet NSE4 is the industry leader in information technology, and getting certified by them is a guaranteed way to succeed with IT careers. We help you do exactly that with our high quality Fortinet NSE4 training materials.

Following questions and answers are all new published by Fortinet Official Exam Center: https://www.lead2pass.com/nse4.html

QUESTION 251
Which of the following cannot be used in conjunction with the endpoint compliance check?

A.    HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.
B.    Any form of firewall policy authentication.
C.    WAN optimization.
D.    Traffic shaping.

Answer: A

QUESTION 252
An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings.
Which of the following statements are correct regarding the IPSec VPN configuration?

A.    To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network.
B.    The virtual IPSec interface is automatically created after the phase1 configuration.
C.    The IPSec policies must be placed at the top of the list.
D.    This VPN cannot be used as part of a hub and spoke topology.
E.    Routes were automatically created based on the address objects in the firewall policies.

Answer: B

QUESTION 253
Which of the following items are considered to be advantages of using the application control features on the FortiGate unit?
Application control allows an administor to:

A.    set a unique session-ttl for select applications.
B.    customize application types in a similar way to adding custom IPS signatures.
C.    check which applications are installed on workstations attempting to access the network.
D.    enable AV scanning per application rather than per policy.

Answer: A

QUESTION 254
Which of the following DLP actions will always be performed if it is selected?

A.    Archive
B.    Quarantine Interface
C.    Ban Sender
D.    Block
E.    None
F.    Ban
G.    Quarantine IP Address

Answer: A

QUESTION 255
A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM.
What would be a possible cause for this problem?

A.    The dmz interface is referenced in the configuration of another VDOM.
B.    The administrator does not have the proper permissions to reassign the dmz interface.
C.    Non-management VDOMs can not reference physical interfaces.
D.    The dmz interface is in PPPoE or DHCP mode.
E.    Reassigning an interface to a different VDOM can only be done through the CLI.

Answer: A

QUESTION 256
In order to load-share traffic using multiple static routes, the routes must be configured with …

A.    the same distance and same priority.
B.    the same distance and the same weight.
C.    the same distance but each of them must be assigned a unique priority.
D.    a distance equal to its desired weight for ECMP but all must have the same priority.

Answer: A

QUESTION 257
If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?

A.    The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR).
B.    The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR).
C.    At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.
D.    The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP.
E.    By design, BGP cannot redistribute routes learned through OSPF.

Answer: C

QUESTION 258
Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.)

A.    Tunnel mode can only be used if the SSL VPN user groups have at least one Host Check option enabled.
B.    The specific routes needed to access internal resources through an SSL VPN connection in tunnel mode from the client computer are defined in the routing widget associated with the SSL VPN portal.
C.    In order to apply a portal to a user, that user must belong to an SSL VPN user group.
D.    The portal settings specify whether the connection will operate in web-only or tunnel mode.

Answer: CD

QUESTION 259
When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?

A.    Common Name
B.    Organization
C.    Organizational Unit
D.    Serial Number
E.    Validity

Answer: A

 

QUESTION 260
Which of the following describes the best custom signature for detecting the use of the word “Fortinet” in chat applications?

1601

2602

A.    The sample packet trace illustrated in the exhibit provides details on the packet that requires detection.
F-SBID( –protocol tcp; –flow from_client; –pattern “X-MMS-IM-Format”; –pattern “fortinet”; –no_case; )
B.    F-SBID( –protocol tcp; –flow from_client; –pattern “fortinet”; –no_case; )
C.    F-SBID( –protocol tcp; –flow from_client; –pattern “X-MMS-IM-Format”; –pattern “fortinet”; –within 20; –no_case; )
D.    F-SBID( –protocol tcp; –flow from_client; –pattern “X-MMS-IM-Format”; –pattern “fortinet”; –within 20; )

Answer: A

More free Lead2pass NSE4 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDeFZLNEJDeDRQdlE

Our relationship with you doesn’t begin and end with your monetary transaction with us. In case you have issues in finding or using any product be it related to NSE4 Exam or other Fortinet certifications, our friendly support staff will assist you promptly whenever you contact us.

2017 Fortinet NSE4 (All 533 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/nse4.html [100% Exam Pass Guaranteed]