SPOTO updates the latest NSE4 certified exam answers and questions that cover all real exam. we have various exam dumps involving Cisco, CCNA, CCNP, CCIE, PMP, CISSP, ACP, CISA, CISM, Redhat, Microsoft, AWS, etc.
The following are the new 2020 NSE4 exam demos that cover all exam answers and questions! you can test yourself!
Why Choosing SPOTO NSE4 Exam Dumps!
- 100% Passing Rate
- Timely Updated Exam Dumps
- Completely Coverage of Real Exam
- Real Simulated Exam Environment
- 24h Professional Tutors Instruction
- High-score Passing Guarantee
- Latest Passing Report Feedback
- Professional Service Team
Get SPOTO 100% Pass & Stable NSE4 Exam Dumps!
NEW QUESTION 1
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
A. To remove the NAT operation.
B. To generate logs.
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
Answer: D
NEW QUESTION 2
What types of traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)
A. Traffic to botnet servers.
B. Traffic to inappropriate web sites.
C. Server information disclosure attacks.
D. Credit card data leaks.
E. SQL injection attacks.
Answer: CDE
NEW QUESTION 3
Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)
A. The firmware image must be manually uploaded to each FortiGate.
B. Only secondary FortiGate devices are rebooted.
C. Uninterruptable upgrade is enabled by default.
D. Traffic load balancing is temporally disabled while upgrading the firmware.
Answer: CD
NEW QUESTION 4
If the Issuer and Subject values are the same in a digital certificate, which type of entity was the certificate issued to?
A. A CRL
B. A person
C. A subordinate CA
D. A root CA
Answer: D
NEW QUESTION 5
Which of the following SD-WAN load balancing method use interface weight value to distribute traffic? (Choose two.)
A. Source IP
B. Spillover
C. Volume
D. Session
Answer: CD
NEW QUESTION 6
What FortiGate components are tested during the hardware test? (Choose three.)
A. Administrative access
B. HA heartbeat
C. CPU
D. Hard disk
E. Network interfaces
Answer: CDE
NEW QUESTION 7
What criteria does FortiGate use to look for a matching firewall policy to process traffic? (Choose two.)
A. Services defined in the firewall policy.
B. Incoming and outgoing interfaces.
C. Highest to lowest priority defined in the firewall policy.
D. Lowest to the highest policy ID number.
Answer: AB
NEW QUESTION 8
Which statements about virtual domains (VDOMs) arc true? (Choose two.)
A. Transparent mode and NAT/Route mode VDOMs cannot be combined on the same FortiGate.
B. Each VDOM can be configured with different system hostnames.
C. Different VLAN sub-interfaces of the same physical interface can be assigned to different VDOMs.
D. Each VDOM has its own routing table.
Answer: CD
NEW QUESTION 9
Which statements about a One-to-One IP pool are true? (Choose two.)
A. It is used for destination NAT.
B. It allows the fixed mapping of an internal address range to an external address range.
C. It does not use port address translation.
D. It allows the configuration of ARP replies.
Answer: CD
NEW QUESTION 10
Which of the following route attributes must be equal for static routes to be eligible for equal-cost multipath (ECMP) routing? (Choose two.)
A. Priority
B. Metric
C. Distance
D. Cost
Answer: AC
NEW QUESTION 11
Which statement is true regarding the policy ID number of a firewall policy?
A. Defines the order in which rules are processed.
B. Represents the number of objects used in the firewall policy.
C. Required to modify a firewall policy using the CLI.
D. Changes when firewall policies are reordered.
Answer: C
NEW QUESTION 12
How does FortiGate select the central SNAT policy that is applied to a TCP session?
A. It selects the SNAT policy specified in the configuration of the outgoing interface.
B. It selects the first matching central SNAT policy, reviewing from top to bottom.
C. It selects the central SNAT policy with the lowest priority.
D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.
Answer: B
NEW QUESTION 13
During the digital verification process, comparing the original and fresh hash results satisfies which security requirement?
A. Authentication.
B. Data integrity.
C. Non-repudiation.
D. Signature verification.
Answer: D
NEW QUESTION 14
An administrator wants to throttle the total volume of SMTP sessions to their email server. Which of the following DoS sensors can be used to achieve this?
A. tcp_port_scan
B. ip_dst_session
C. udp_flood
D. ip_src_session
Answer: B
NEW QUESTION 15
Which statements about HA for FortiGate devices are true? (Choose two.)
A. Sessions handled by proxy-based security profiles cannot be synchronized.
B. Virtual clustering can be configured between two FortiGate devices that have multiple VDOMs.
C. HA management interface settings are synchronized between cluster members.
D. Heartbeat interfaces are not required on the primary device.
Answer: AB
NEW QUESTION 16
What settings must you configure to ensure FortiGate generates logs for web filter activity on a firewall policy called Full Access? (Choose two.)
A. Enable Event Logging.
B. Enable a web filter security profile on the Full Access firewall policy.
C. Enable Log Allowed Traffic on the Full Access firewall policy.
D. Enable disk logging.
Answer: BC
NEW QUESTION 17
Which action can be applied to each filter in the application control profile?
A. Block, monitor, warning, and quarantine.
B. Allow, monitor, block and learn.
C. Allow, block, authenticate, and warning.
D. Allow, monitor, block, and quarantine.
Answer: D
NEW QUESTION 18
If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does FortiGate take?
A. It notifies the administrator by sending an email.
B. It provides a DLP block replacement page with a link to download the file.
C. It blocks all future traffic for that IP address for a configured interval.
D. It archives the data for that IP address.
Answer: C
NEW QUESTION 19
Which of the following features is supported by web filter in flow-based inspection mode with NGFW mode set to profile-based?
A. FortiGuard Quotas
B. Static URL
C. Search engines
D. Rating option
Answer: D
NEW QUESTION 20
Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)
A. Log downloads from the GUI are limited to the current log filter view.
B. Log backups from the CLI cannot be restored to another FortiGate.
C. Log backups from the CLI can be configured to upload to FTP at a scheduled time.
D. Log downloads from the GUI are stored as LZ4 compressed files.
Answer: AB
NEW QUESTION 21
Which of the following statements are best practices for troubleshooting FSSO? (Choose two.)
A. Include the group of guest users in a policy.
B. Extend timeout timers.
C. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers.
D. Ensure all firewalls allow the FSSO required ports.
Answer: AD
NEW QUESTION 22
What information is flushed when the chunk-size value is changed in the config DLP settings?
A. The database for DLP document fingerprinting.
B. The supported file types in the DLP filters.
C. The archived files and messages.
D. The filename patterns in the DLP filters.
Answer: A
NEW QUESTION 23
On a FortiGate with a hard disk, how can you upload logs to FortiAnalyzer or FortiManager? (Choose two.)
A. hourly
B. real tune
C. on-demand
D. store-and-upload
Answer: BD
NEW QUESTION 24
Which configuration objects can be selected for the Source field of a firewall policy? (Choose two.)
A. Firewall service
B. User or user group
C. IP Pool
D. FQDN address
Answer: BD
NEW QUESTION 25
Which of the following services can be inspected by the DLP profile? (Choose three.)
A. NFS
B. FTP
C. IMAP
D. CIFS
E. HTTP-POST
Answer: BCE
NEW QUESTION 26
……
Comments