[PDF&VCE] Easily Pass Fortinet NSE4 Exam With Lead2pass Latest Fortinet NSE4 Brain Dumps (220-230)

By | September 9, 2016

2016 September Fortinet Official New Released NSE4 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

You can prepare for Fortinet NSE4 exam with little effort because Lead2pass is now at your service to act as a guide to pass Fortinet NSE4 exam. Our Fortinet NSE4 braindumps are rich in variety. We offer Fortinet NSE4 PDF dumps and Fortinet NSE4 VCE. Both are the newest version.


Following questions and answers are all new published by Fortinet Official Exam Center: http://www.lead2pass.com/nse4.html

QUESTION 220
Examine the exhibit shown below then answer the question that follows it.

2201

Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:

A.    FortiGate unit’s encryption certificate used by the SSL proxy.
B.    FortiGate unit’s signing certificate used by the SSL proxy.
C.    FortiGuard’s signing certificate used by the SSL proxy.
D.    FortiGuard’s encryption certificate used by the SSL proxy.

Answer: A
QUESTION 221
Shown below is a section of output from the debug command diag ip arp list.

index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1

In the output provided, which of the following best describes the IP address
172.20.187.150?

A.    It is the primary IP address of the port1 interface.
B.    It is one of the secondary IP addresses of the port1 interface.
C.    It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.

Answer: C
QUESTION 222
Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it.

2221

Which one of the following statements correctly describes this output?

A.    The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.
B.    The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup.
C.    OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used.
D.    172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.

Answer: A
QUESTION 223
Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it.

2231

Which of the following statements are correct regarding this configuration? (Select all that apply).

A.    The phase1 is for a route-based VPN configuration.
B.    The phase1 is for a policy-based VPN configuration.
C.    The local gateway IP is the address assigned to port1.
D.    The local gateway IP address is 10.200.3.1.

Answer: AC
QUESTION 224
Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.

2241

Which one of the following statements is correct regarding this output?

A.    OSPF Hello packets will only be sent on interfaces configured with the IP addresses
172.16.1.1 and 172.16.1.2.
B.    OSPF Hello packets will be sent on all interfaces of the FortiGate device.
C.    OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.
D.     OSPF Hello packets are not sent on point-to-point networks.

Answer: C
QUESTION 225
Examine the static route configuration shown below; then answer the question following it.

config router static
edit 1
set dst 172.20.1.0 255.255.255.0
set device port1
set gateway 172.11.12.1
set distance 10
set weight 5
next
edit 2
set dst 172.20.1.0 255.255.255.0
set blackhole enable
set distance 5
set weight 10
next
end

Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)

A.    All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.
B.    As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.
C.    The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.
D.    The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.
E.    Traffic to 172.20.1.0/24 will be shared through both routes.

Answer: AC
QUESTION 226
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)

A.    VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B.    A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C.    VDOMs share firmware versions, as well as antivirus and IPS databases.
D.    Only administrative users with a ‘super_admin’ profile will be able to enter multiple VDOMs to make configuration changes.

Answer: ABC
QUESTION 227
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)

A.    They both create separate broadcast domains.
B.    Port Pairing works only for physical interfaces.
C.    Forwarding Domains only apply to virtual interfaces.
D.    They may contain physical and/or virtual interfaces.
E.    They are only available in high-end models.

Answer: AD
QUESTION 228
Examine the Exhibits shown below, then answer the question that follows.
Review the following DLP Sensor (Exhibit 1):

2281

Review the following File Filter list for rule #1 (Exhibit 2):

2282

Review the following File Filter list for rule #2 (Exhibit 3):

2283

Review the following File Filter list for rule #3 (Exhibit 4):

2284

An MP3 file is renamed to `workbook.exe’ and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4.
Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?

A.    The file will be detected by rule #1 as an `Audio (mp3)’, a log entry will be created and it will be allowed to pass through.
B.    The file will be detected by rule #2 as a “*.exe”, a log entry will be created and the interface that received the traffic will be brought down.
C.    The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.
D.    Nothing, the file will go undetected.

Answer: A
QUESTION 229
What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)

A.    Enable session pick-up.
B.    Only applies to connections handled by a proxy.
C.    Only applies to UDP and ICMP connections.
D.    Connections must not be handled by a proxy.

Answer: AD
QUESTION 230
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)

A.    Using a hub and spoke topology is required to achieve full redundancy.
B.    Using a hub and spoke topology simplifies configuration because fewer tunnels are required.
C.    Using a hub and spoke topology provides stronger encryption.
D.    The routing at a spoke is simpler, compared to a meshed node.

Answer: BD

Fortinet Certification NSE4 certificate are those engaged in IT industry’s dream. You need to choose the professional training by Lead2pass Fortinet NSE4 dumps. Lead2pass will be with you, and to ensure the success wherever you may increase pursuit your career. Let Lead2pass take all your heart, let the dream to reality!

NSE4 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDSzRfSzg3bmFGZE0

2016 Fortinet NSE4 exam dumps (All 294 Q&As) from Lead2pass:

http://www.lead2pass.com/nse4.html [100% Exam Pass Guaranteed]