[Update Jan 10, 2021] NSE 4 Network Security Professional NSE4 dumps from Lead4Pass with PDF and VCE

January 10, 2021

Lead4Pass has shared the latest NSE4 dumps exam questions and answers more than once, and today continues to share some free NSE4 exam questions and answers to help all candidates progress.

Lead4Pass has also helped candidates pass the NSE 4 Network Security Professional NSE4 Fortinet Network Security Expert 4 Written Exam (400) certification exam more than once because they use
Full NSE4 dumps with PDF and VCE: https://www.leads4pass.com/nse4.html (301 Q&A).

Read the NSE 4 Network Security Professional NSE4 exam questions and answers shared online today:

Number of exam questionsExam nameFromRelease time
15Fortinet Network Security Expert 4 Written Exam (400)lead4passJan 10, 2021
New Question 1:

Which of the following statements are correct regarding SSL VPN Web-only mode? (Choose two.)

A. It can only be used to connect to web services.

B. IP traffic is encapsulated over HTTPS.

C. Access to internal network resources is possible from the SSL VPN portal.

D. The standalone FortiClient SSL VPN client CAN NOT be used to establish a Web-only SSL VPN.

E. It is not possible to connect to SSH servers through the VPN.

 

Correct Answer: BC


New Question 2:

 

Which best describes the mechanism of a TCP SYN flood?

A. The attacker keeps open many connections with slow data transmission so that other clients cannot start new connections.

B. The attacker sends a packet designed to “sync” with the FortiGate.

C. The attacker sends a specially crafted malformed packet, intended to crash the target by exploiting its parser.

D. The attacker starts many connections, but never acknowledges to fully form them.

 

Correct Answer: D


New Question 3:

 

Which of the following are possible actions for FortiGuard web category filtering? (Choose three.)

A. Allow

B. Block

C. Exempt

D. Warning

E. Shape

 

Correct Answer: ABD


New Question 4:

 

Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.

Which statements are correct regarding this configuration? (Choose two.)

A. The Phase 2 will re-key even if there is no traffic.

B. There will be a DH exchange for each re-key.

C. The sequence number of ESP packets received from the peer will not be checked.

D. Quick mode selectors will default to those used in the firewall policy.

 

Correct Answer: AB


New Question 5:

 

Which statement best describes what SSL.root is?

A. The name of the virtual network adapter required in each user\’s PC for SSL VPN Tunnel mode.

B. The name of a virtual interface in the root VDOM where all the SSL VPN user traffic comes from.

C. A Firewall Address object that contains the IP addresses assigned to SSL VPN users.

D. The virtual interface in the root VDOM that the remote SSL VPN tunnels connect to.

 

Correct Answer: B


New Question 6:

 

An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network. Which of the following FortiAnalyzers will be detected?

A. 192.168.11.100

B. 192.168.11.251

C. 192.168.10.100

D. 192.168.10.251

 

Correct Answer: AB


New Question 7:

 

Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.)

A. The web client SSL handshake.

B. The web server SSL handshake.

C. File buffering.

D. Communication with the URL filter process.

 

Correct Answer: AB


New Question 8:

 

Which statement is correct concerning an IPsec VPN with the remote gateway setting configured as \’Dynamic DNS\’?

A. The FortiGate will accept IPsec VPN connection from any IP address.

B. The FQDN resolution of the local FortiGate IP address where the VPN is terminated must be provided by a dynamic DNS provider.

C. The FortiGate will Accept IPsec VPN connections only from IP addresses included on a dynamic DNS access list.

D. The remote gateway IP address can change dynamically.

 

Correct Answer: D


New Question 9:

 

When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?

A. The name of the attribute that identifies each user (Common Name Identifier).

B. The user account or group element names (user DN).

C. The server secret to allow for remote queries (Primary server secret).

D. The credentials for an LDAP administrator (password).

 

Correct Answer: C


New Question 10:

 

Which of the following statements are true regarding the web filtering modes? (Choose two.)

A. Proxy based mode allows for customizable block pages to display when sites are prevented.

B. Proxy based mode requires more resources than flow-based.

C. Flow based mode offers more settings under the advanced configuration section of the GUI.

D. Proxy based mode offers higher throughput than flow-based mode.

 

Correct Answer: AB


New Question 11:

 

In FortiOS session table output, what is the correct `proto_state\’ number for an established, non-proxied TCP connection?

A. 00

B. 11

C. 01

D. 05

 

Correct Answer: C


New Question 12:

 

Which two web filtering inspection modes inspect the full URL? (Choose two.)

A. DNS-based

B. Proxy-based

C. Flow-based

D. URL-based

 

Correct Answer: BC


New Question 13:

 

Which of the following statements best describe the main requirements for a traffic session to be offload eligible to an NP6 processor? (Choose three.)

A. Session packets do NOT have an 802.1Q VLAN tag.

B. It is NOT multicast traffic.

C. It does NOT require proxy-based inspection.

D. Layer 4 protocol must be UDP, TCP, SCTP or ICMP.

E. It does NOT require flow-based inspection.

 

Correct Answer: CDE


New Question 14:

 

Which of the following Fortinet products can receive updates from the FortiGuard Distribution Network?

A. FortiGate

B. FortiClient

C. FortiMail

D. FortiAnalyzer

 

Correct Answer: ABC


New Question 15:

 

You have configured the DHCP server on a FortiGate\’s port1 interface (or internal, depending on the model) to offer IPs in a range of 192.168.1.65-192.168.1.253. When the first host sends a DHCP request, what IP will the DHCP offer?

A. 192.168.1.99

B. 192.168.1.253

C. 192.168.1.65

D. 192.168.1.66

 

Correct Answer: C


 

Lead4Pass updates NSE 4 Network Security Professional NSE4 exam questions and answers throughout the year and frequently shares a selection of free exam questions and answers, as shown above, candidates can improve themselves through online learning.

Also able to download the latest NSE4 dumps: https://www.leads4pass.com/nse4.html (Dumps PDF+VCE) to help them successfully pass the NSE4 Fortinet Network Security Expert 4 Written Exam (400) certification exam on their first attempt.