[Lead2pass New] 2017 Lead2pass New Updated NSE4 Exam Questions (76-100)

2017 October Fortinet Official New Released NSE4 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass is the best place for preparing IT exam as we are providing the latest and guaranteed questions for all certifications. We offer you the ultimate preparation resource of Fortinet NSE4 exam questions and answers. Wondering what could be this effective? It is our Fortinet NSE4 VCE and PDF which serves as a guide to pass Fortinet NSE4 exam.

Following questions and answers are all new published by Fortinet Official Exam Center: https://www.lead2pass.com/nse4.html

QUESTION 76
What capabilities can a FortiGate provide? (Choose three.)

A.    Mail relay.
B.    Email filtering.
C.    Firewall.
D.    VPN gateway.
E.    Mail server.

Answer: BCD

QUESTION 77
Which network protocols are supported for administrative access to a FortiGate unit? (Choose three.)

A.    SNMP
B.    WINS
C.    HTTP
D.    Telnet
E.    SSH

Answer: CDE

QUESTION 78
Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit?

A.    MIB-based report uploads.
B.    SNMP access limited by access lists.
C.    Packet encryption.
D.    Running SNMP service on a non-standard port is possible.

Answer: C

QUESTION 79
What logging options are supported on a FortiGate unit? (Choose two.)

A.    LDAP
B.    Syslog
C.    FortiAnalyzer
D.    SNMP

Answer: BC

QUESTION 80
What is the maximum number of FortiAnalyzer/FortiManager devices a FortiGate unit can be configured to send logs to?

A.    1
B.    2
C.    3
D.    4

Answer: C

QUESTION 81
Regarding the header and body sections in raw log messages, which statement is correct?

A.    The header and body section layouts change depending on the log type.
B.    The header section layout is always the same regardless of the log type. The body section layout changes depending on the log type.
C.    Some log types include multiple body sections.
D.    Some log types do not include a body section.

Answer: B

QUESTION 82
In HA, the option Reserve Management Port for Cluster Member is selected as shown in the exhibit below.

 

Which statements are correct regarding this setting? (Choose two.)

A.    Interface settings on port7 will not be synchronized with other cluster members.
B.    The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.
C.    When connecting to port7 you always connect to the master device.
D.    A gateway address may be configured for port7.

Answer: AD

QUESTION 83
The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members.

 

What is the effect of the Disconnect Cluster Member command as given in the exhibit.
(Choose two.)

A.    Port3 is configured with an IP address for management access.
B.    The firewall rules are purged on the disconnected unit.
C.    The HA mode changes to standalone.
D.    The system hostname is set to the unit serial number.

Answer: AC

QUESTION 84
Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)

A.    IP address pool.
B.    Virtual IP address.
C.    IP address.
D.    IP address group.
E.    MAC address.

Answer: BCD

QUESTION 85
Which header field can be used in a firewall policy for traffic matching?

A.    ICMP type and code.
B.    DSCP.
C.    TCP window size.
D.    TCP sequence number.

Answer: A

QUESTION 86
The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?

A.    set order
B.    edit policy
C.    reorder
D.    move

Answer: D

QUESTION 87
Examine the following CLI configuration:

config system session-ttl
set default 1800
end

What statement is true about the effect of the above configuration line?

A.    Sessions can be idle for no more than 1800 seconds.
B.    The maximum length of time a session can be open is 1800 seconds.
C.    After 1800 seconds, the end user must re-authenticate.
D.    After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

Answer: A

QUESTION 88
In which order are firewall policies processed on a FortiGate unit?

A.    From top to down, according with their sequence number.
B.    From top to down, according with their policy ID number.
C.    Based on best match.
D.    Based on the priority value.

Answer: A

QUESTION 89
Which statements are true regarding local user authentication? (Choose two.)

A.    Two-factor authentication can be enabled on a per user basis.
B.    Local users are for administration accounts only and cannot be used to authenticate network users.
C.    Administrators can create the user accounts is a remote server and store the user passwords locally in the FortiGate.
D.    Both the usernames and passwords can be stored locally on the FortiGate

Answer: AD

QUESTION 90
Examine the following spanning tree configuration on a FortiGate in transparent mode:

config system interface
edit <interface name>
set stp-forward enable
end

Which statement is correct for the above configuration?

A.    The FortiGate participates in spanning tree.
B.    The FortiGate device forwards received spanning tree messages.
C.    Ethernet layer-2 loops are likely to occur.
D.    The FortiGate generates spanning tree BPDU frames.

Answer: B

QUESTION 91
Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device.

Exhibit A:

 

Exhibit B:

 

Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)

A.    STUDENT is likely to be the master device.
B.    Session-pickup is likely to be enabled.
C.    The cluster mode is active-passive.
D.    There is not enough information to determine the cluster mode.

Answer: AD

QUESTION 92
An administrator has formed a high availability cluster involving two FortiGate units.

[ Multiple upstream Layer 2 switches] — [ FortiGate HA Cluster ] — [ Multiple downstream Layer 2 switches ]

The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.
Which of the following options describes the best step the administrator can take?
The administrator should _____________________.

A.    Increase the number of FortiGate units in the cluster and configure HA in active-active mode.
B.    Enable monitoring of all active interfaces.
C.    Set up a full-mesh design which uses redundant interfaces.
D.    Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.

Answer: C

QUESTION 93
In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

A.    Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
B.    Request: internal host; slave FortiGate; Internet; web server.
C.    Request: internal host; slave FortiGate; master FortiGate; Internet; web server.
D.    Request: internal host; master FortiGate; slave FortiGate; Internet; web server.

Answer: D

QUESTION 94
Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device.

Exhibit A:

 

Exhibit B

 

Which one of the following is the most likely reason that the cluster fails to form?

A.    Password
B.    HA mode
C.    Hearbeat
D.    Override

Answer: B

QUESTION 95
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.

A.    Policy-based only.
B.    Route-based only.
C.    Either policy-based or route-based VPN.
D.    GRE-based only.

Answer: B

QUESTION 96
You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route-based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a default route.
Which two configuration steps are required to achieve these objectives? (Choose two.)

A.    Create one firewall policy.
B.    Create two firewall policies.
C.    Add a route to the remote subnet.
D.    Add two IPsec phases 2.

Answer: BC

QUESTION 97
An administrator wants to create an IPsec VPN tunnel between two FortiGate devices.
Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

A.    Create firewall policies to allow and control traffic between the source and destination IP addresses.
B.    Configure the appropriate user groups to allow users access to the tunnel.
C.    Set the operating mode to IPsec VPN mode.
D.    Define the phase 2 parameters.
E.    Define the Phase 1 parameters.

Answer: ADE

QUESTION 98
What is IPsec Perfect Forwarding Secrecy (PFS)?.

A.    A phase-1 setting that allows the use of symmetric encryption.
B.    A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.
C.    A `key-agreement’ protocol.
D.    A `security-association-agreement’ protocol.

Answer: B

QUESTION 99
An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

A.    The IPsec firewall policies must be placed at the top of the list.
B.    This VPN cannot be used as part of a hub and spoke topology.
C.    Routes are automatically created based on the quick mode selectors.
D.    A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

Answer: D

QUESTION 100
A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received.
Which are two reasons for this problem? (Choose two.)

A.    The FortiGate is connected to multiple ISPs.
B.    There is a NAT device between the FortiGate and the FortiGuard Distribution Network.
C.    The FortiGate is in Transparent mode.
D.    The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.

Answer: BD

Practise Lead2pass NSE4 braindumps and pass your exam easily. Lead2pass is number one company for real exam dumps. Download Lead2pass NSE4 exam questions and answers PDF file and prepare from our study material.

NSE4 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDeFZLNEJDeDRQdlE

2017 Fortinet NSE4 exam dumps (All 533 Q&As) from Lead2pass:

https://www.lead2pass.com/nse4.html [100% Exam Pass Guaranteed]