aiotestking uk

NSE4 Exam Questions - Online Test


NSE4 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 16) 

Examine the following log message for IPS: 

2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50" 

Which statement is correct about the above log? (Choose two.) 

A. The target is 192.168.3.168. 

B. The target is 192.168.3.170. 

C. The attack was NOT blocked. 

D. The attack was blocked. 

Answer: B,C 

Q2. - (Topic 2) 

What logging options are supported on a FortiGate unit? (Choose two.) 

A. LDAP 

B. Syslog 

C. FortiAnalyzer 

D. SNMP 

Answer: B,C 

Q3. - (Topic 1) 

When creating FortiGate administrative users, which configuration objects specify the account rights? 

A. Remote access profiles. 

B. User groups. 

C. Administrator profiles. 

D. Local-in policies. 

Answer:

Q4. - (Topic 9) 

Which of the following regular expression patterns make the terms "confidential data" case insensitive? 

A. [confidential data] 

B. /confidential data/i 

C. i/confidential data/ 

D. "confidential data" 

Answer:

Q5. - (Topic 10) 

How do you configure a FortiGate to apply traffic shaping to P2P traffic, such as BitTorrent? 

A. Apply a traffic shaper to a BitTorrent entry in an application control list, which is then applied to a firewall policy. 

B. Enable the shape option in a firewall policy with service set to BitTorrent. 

C. Define a DLP rule to match against BitTorrent traffic and include the rule in a DLP sensor with traffic shaping enabled. 

D. Apply a traffic shaper to a protocol options profile. 

Answer:

Q6. - (Topic 5) 

Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.) 

A. Split tunneling is supported. 

B. It requires the installation of a VPN client. 

C. It requires the use of an Internet browser. 

D. It does not support traffic from third-party network applications. 

E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit. 

Answer: A,B,E 

Q7. - (Topic 19) 

Data leak prevention archiving gives the ability to store files and message data onto a 

FortiAnalyzer unit for which of the following types of network traffic? (Choose three.) 

A. POP3 

B. SNMP 

C. IPsec 

D. SMTP 

E. HTTP 

Answer: A,D,E 

Q8. - (Topic 19) 

For data leak prevention, which statement describes the difference between the block and 

quarantine actions? 

A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol. 

B. A block action prevents the transaction. A quarantine action archives the data. 

C. A block action has a finite duration. A quarantine action must be removed by an administrator. 

D. A block action is used for known users. A quarantine action is used for unknown users. 

Answer:

Q9. - (Topic 7) 

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. 

Which are two reasons for this problem? (Choose two.) 

A. The FortiGate is connected to multiple ISPs. 

B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network. 

C. The FortiGate is in Transparent mode. 

D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server. 

Answer: B,D 

Q10. - (Topic 12) 

A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. 

What would be a possible cause for this problem? 

A. The administrator does not have the proper permissions to reassign the dmz interface. 

B. The dmz interface is referenced in the configuration of another VDOM. 

C. Non-management VDOMs cannot reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

Answer: