NSE4 Online Practice Questions and Answers

Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)

A. Fragmented packets.

B. Multicast packet.

C. SCTP packet.

D. GRE packet.

A user logs into a SSL VPN portal and activates the tunnel mode. The exhibit shows the firewall policy and the user's SSL VPN portal configuration:

Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table.

A. A route to a destination subnet matching the Internal_Servers address object.

B. A route to the destination subnet configured in the tunnel mode widget.

C. A default route.

D. A route to the destination subnet configured in the SSL VPN global settings.

A FortiGate device is configure to perform an AV and IPS scheduled update every hour.

Given the information in the exhibit, when will the next update happen?

A. 01:00

B. 02:05

C. 11:00

D. 11:08

Which of the following network protocols can be inspected by the Data Leak Prevention scanning? (Choose three.)

A. SMTP

B. HTTP-POST

C. AIM

D. MAPI

E. ICQ

Which of the following statements describes the objectives of the gratuitous ARP packets sent by an HA cluster?

A. To synchronize the ARp tables in all the FortiGate Unis that are part of the HA cluster.

B. To notify the network switches that a new HA master unit has been elected.

C. To notify the master unit that the slave devices are still up and alive.

D. To notify the master unit about the physical MAC addresses of the slave units.

Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three)

A. Source IP address.

B. TCP flags

C. Source TCP/UDP ports

D. Type of service.

E. Checksum

Which of the following statements is correct regarding FortiGate interfaces and spanning tree protocol? (Choose Two)

A. Only FortiGate switch interfaces Participate in spanning tree.

B. All FortiGate interfaces in transparent mode VDOMs participate in spanning tree.

C. All FortiGate interfaces in NAT/route mode VDOMs Participate in spanning tree.

D. All FortiGate interfaces in transparent mode VDOMs may block or forward BPDUs.

Where are most of the security events logged?

A. Security log

B. Forward Traffic log

C. Event log

D. Alert log

E. Alert Monitoring Console

Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)

A. Both proxy-based and flow-based inspection are supported.

B. A replacement message cannot be presented to users when a virus has been detected.

C. It saves CPU resources.

D. The ingress and egress interfaces can be in different SPs.

A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, they are not being received.

Which of the following statements are possible reasons for this? (Select all that apply.)

A. The external facing interface of the FortiGate unit is configured to use DHCP.

B. The FortiGate unit has not been registered.

C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured.

D. The FortiGate unit is in Transparent mode which does not support push updates.