Act now and download your Fortinet fortinet nse4 test today! Do not waste time for the worthless Fortinet nse4 exam tutorials. Download Refresh Fortinet Fortinet Network Security Expert 4 Written Exam (400) exam with real questions and answers and begin to learn Fortinet fortinet nse4 exam with a classic professional.

Q49. - (Topic 2) 

What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to? 

A. 1 

B. 2 

C. 3 

D. 4 

Answer:


Q50. - (Topic 9) 

Which of the following regular expression patterns make the terms "confidential data" case insensitive? 

A. [confidential data] 

B. /confidential data/i 

C. i/confidential data/ 

D. "confidential data" 

Answer:


Q51. - (Topic 15) 

Review the IPsec phase 1 configuration in the exhibit; then answer the question below. 

Which statements are correct regarding this configuration? (Choose two.) 

A. The remote gateway address on 10.200.3.1. 

B. The local IPsec interface address is 10.200.3.1. 

C. The local gateway IP is the address assigned to port1. 

D. The local gateway IP address is 10.200.3.1. 

Answer: A,C 


Q52. - (Topic 20) 

Examine the following output from the diagnose sys session list command: 

session info: proto=6 proto_state=65 duration=3 expire=9 timeout=3600 flags=00000000 sockflag=00000000 sockport=443 av_idx=9 use=5 origin-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

reply-shaper=guarantee-100kbps prio=2 guarantee 12800Bps max 134217728Bps traffic 

13895Bps 

state=redir local may_dirty ndr npu nlb os rs 

statistic(bytes/packets/allow_err): org=864/8/1 reply=2384/7/1 tuples=3 

orgin->sink: org pre->post, reply pre->post dev=7->6/6->7 gwy=172.17.87.3/10.1.10.1 

hook=post dir=org act=snat 192.168.1.110:57999->74.201.86.29:443(172.17.87.16:57999) 

hook=pre dir=reply act=dnat 74.201.86.29:443-

>172.17.87.16:57999(192.168.1.110:57999) 

hook=post dir=reply act=noop 74.201.86.29:443->192.168.1.110:57999(0.0.0.0:0) 

misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=0 

npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0/0 

Which statements are true regarding the session above? (Choose two.) 

A. Session Time-To-Live (TTL) was configured to 9 seconds. 

B. FortiGate is doing NAT of both the source and destination IP addresses on all packets coming from the 192.168.1.110 address. 

C. The IP address 192.168.1.110 is being translated to 172.17.87.16. 

D. The FortiGate is not translating the TCP port numbers of the packets in this session. 

Answer: C,D 


Q53. - (Topic 8) 

Examine the following FortiGate web proxy configuration; then answer the question below: config web-proxy explicit set pac-file-server-status enable set pac-file-server-port 8080 set pac-file-name wpad.dat end Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet 

browser use to download the PAC file? 

A. https://10.10.1.1:8080 

B. https://10.10.1.1:8080/wpad.dat 

C. http://10.10.1.1:8080/ 

D. http://10.10.1.1:8080/wpad.dat 

Answer:


Q54. - (Topic 5) 

Regarding the use of web-only mode SSL VPN, which statement is correct? 

A. It supports SSL version 3 only. 

B. It requires a Fortinet-supplied plug-in on the web client. 

C. It requires the user to have a web browser that supports 64-bit cipher length. 

D. The JAVA run-time environment must be installed on the client. 

Answer:


Q55. - (Topic 11) 

Examine the exhibit below; then answer the question following it. 

In this scenario, the FortiGate unit in Ottawa has the following routing table: 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2 

C 172.20.167.0/24 is directly connected, port1 

C 172.20.170.0/24 is directly connected, port2 

Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets? 

A. The forward policy check. 

B. The reverse path forwarding check. 

C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate’s routing table. 

D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table. 

Answer:


Q56. - (Topic 20) 

In which process states is it impossible to interrupt/kill a process? (Choose two.) 

A. S – Sleep 

B. R – Running 

C. D – Uninterruptable Sleep 

D. Z – Zombie 

Answer: C,D