NSE4 Exam - Fortinet Network Security Expert 4 Written Exam (400)

certleader.com

Q1. - (Topic 15) 

Review the configuration for FortiClient IPsec shown in the exhibit. 

Which statement is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the student_internal address object. 

B. The connecting VPN client will install a default route. 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range. 

D. The connecting VPN client will connect in web portal mode and no route will be installed. 

Answer:

Q2. - (Topic 15) 

Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit. 

Which statements is correct regarding this output? (Select one answer). 

A. One tunnel is rekeying. 

B. Two tunnels are rekeying. 

C. Two tunnels are up. 

D. One tunnel is up. 

Answer:

Q3. - (Topic 5) 

When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? 

A. The remote user's virtual IP address. 

B. The FortiGate unit's internal IP address. 

C. The remote user's public IP address. 

D. The FortiGate unit's external IP address. 

Answer:

Q4. - (Topic 8) 

Which statements are true regarding the use of a PAC file to configure the web proxy settings in an Internet browser? (Choose two.) 

A. Only one proxy is supported. 

B. Can be manually imported to the browser. 

C. The browser can automatically download it from a web server. 

D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy. 

Answer: C,D 

Q5. - (Topic 15) 

Which IPsec mode includes the peer id information in the first packet? 

A. Main mode. 

B. Quick mode. 

C. Aggressive mode. 

D. IKEv2 mode. 

Answer:

Q6. - (Topic 21) 

What functions can the IPv6 Neighbor Discovery protocol accomplish? (Choose two.) 

A. Negotiate the encryption parameters to use. 

B. Auto-adjust the MTU setting. 

C. Autoconfigure addresses and prefixes. 

D. Determine other nodes reachability. 

Answer: C,D 

Q7. - (Topic 9) 

Which two web filtering inspection modes inspect the full URL? (Choose two.) 

A. DNS-based. 

B. Proxy-based. 

C. Flow-based. 

D. URL-based. 

Answer: B,C 

Q8. - (Topic 5) 

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.) 

A. SSL VPN creates a HTTPS connection. IPsec does not. 

B. Both SSL VPNs and IPsec VPNs are standard protocols. 

C. Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices. 

D. Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. 

Answer: A,D 

Q9. - (Topic 8) 

Examine the following FortiGate web proxy configuration; then answer the question below: config web-proxy explicit set pac-file-server-status enable set pac-file-server-port 8080 set pac-file-name wpad.dat end Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet 

browser use to download the PAC file? 

A. https://10.10.1.1:8080 

B. https://10.10.1.1:8080/wpad.dat 

C. http://10.10.1.1:8080/ 

D. http://10.10.1.1:8080/wpad.dat 

Answer:

Q10. - (Topic 7) 

Which statement is correct regarding virus scanning on a FortiGate unit? 

A. Virus scanning is enabled by default. 

B. Fortinet customer support enables virus scanning remotely for you. 

C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy. 

D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate. 

Answer: