[Lead2pass New] Free Lead2pass NSE4 PDF Download 100% Pass Exam NSE4 (176-200)

Published on Author admin

2017 October Fortinet Official New Released NSE4 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

How to 100% pass NSE4 exam? Lead2pass provides the guaranteed NSE4 exam preparation material to boost up your confidence in NSE4 exam. Successful candidates have provided their reviews about our NSE4 dumps. Now Lead2pass supplying the new version of NSE4 VCE and PDF dumps. We ensure our NSE4 exam questions are the most complete and authoritative compared with others’, which will ensure your NSE4 exam pass.

Following questions and answers are all new published by Fortinet Official Exam Center: https://www.lead2pass.com/nse4.html

QUESTION 176
A FortiGate unit can create a secure connection to a client using SSL VPN in tunnel mode.
Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.)

A.    Split tunneling can be enabled when using tunnel mode SSL VPN.
B.    Software must be downloaded to the web client to be able to use a tunnel mode SSL VPN.
C.    Users attempting to create a tunnel mode SSL VPN connection must be members of a configured user group on the FortiGate unit.
D.    Tunnel mode SSL VPN requires the FortiClient software to be installed on the user’s computer.
E.    The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit.

Answer: ABCE

QUESTION 177
An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the “Connect” button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel.
Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet?

A.    

B.    
C.    
D.    

Answer: A

QUESTION 178
Which of the following antivirus and attack definition update features are supported by FortiGate units? (Select all that apply.)

A.    Manual, user-initiated updates from the FortiGuard Distribution Network.
B.    Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FortiGuard Distribution Network.
C.    Push updates from the FortiGuard Distribution Network.
D.    Update status including version numbers, expiry dates, and most recent update dates and times.

Answer: ABCD

QUESTION 179
By default the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action?

A.    Block all network attacks.
B.    Block the most common network attacks.
C.    Allow all traffic.
D.    Allow and log all traffic.

Answer: C

QUESTION 180
A FortiGate unit can scan for viruses on which types of network traffic? (Select all that apply.)

A.    POP3
B.    FTP
C.    SMTP
D.    SNMP
E.    NetBios

Answer: ABC

QUESTION 181
Which of the following statements regarding Banned Words are correct? (Select all that apply.)

A.    The FortiGate unit can scan web pages and email messages for instances of banned words.
B.    When creating a banned word list, an administrator can indicate either specific words or patterns.
C.    Banned words can be expressed as wildcards or regular expressions.
D.    Content is automatically blocked if a single instance of a banned word appears.
E.    The FortiGate unit includes a pre-defined library of common banned words.

Answer: ABC

QUESTION 182
In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic?

A.    The traffic is blocked.
B.    The traffic is passed.
C.    The traffic is passed and logged.
D.    The traffic is blocked and logged.

Answer: A

QUESTION 183
Which of the following statements is correct regarding URL Filtering on the FortiGate unit?

A.    The available actions for URL Filtering are Allow and Block.
B.    Multiple URL Filter lists can be added to a single Web filter profile.
C.    A FortiGuard Web Filtering Override match will override a block action in the URL filter list.
D.    The available actions for URL Filtering are Allow, Block and Exempt.

Answer: D

QUESTION 184
Which of the following statements is correct regarding URL Filtering on the FortiGate unit?

A.    The FortiGate unit can filter URLs based on patterns using text and regular expressions.
B.    The available actions for URL Filtering are Allow and Block.
C.    Multiple URL Filter lists can be added to a single Web filter profile.
D.    A FortiGuard Web Filtering Override match will override a block action in the URL filter list.

Answer: A

QUESTION 185
Which of the following Regular Expression patterns will make the term “bad language” case insensitive?

A.    [bad language]
B.    /bad language/i
C.    i/bad language/
D.    “bad language”
E.    /bad language/c

Answer: B

QUESTION 186
SSL content inspection is enabled on the FortiGate unit. Which of the following steps is required to prevent a user from being presented with a web browser warning when accessing an SSL-encrypted website?

A.    The root certificate of the FortiGate SSL proxy must be imported into the local certificate store on the user’s workstation.
B.    Disable the strict server certificate check in the web browser under Internet Options.
C.    Enable transparent proxy mode on the FortiGate unit.
D.    Enable NTLM authentication on the FortiGate unit. NTLM authentication suppresses the certificate warning messages in the web browser.

Answer: A

QUESTION 187
Which of the following statements describes the method of creating a policy to block access to an FTP site?

A.    Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list.
B.    Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny.
C.    Create a firewall policy with a protection profile containing the Block FTP option enabled.
D.    None of the above.

Answer: B

QUESTION 188
UTM features can be applied to which of the following items?

A.    Firewall policies
B.    User groups
C.    Policy routes
D.    Address groups

Answer: A

QUESTION 189
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function.How are UTM features applied to traffic?

A.    One or more UTM features are enabled in a firewall policy.
B.    In the system configuration for that UTM feature, you can identify the policies to which the feature is to be applied.
C.    Enable the appropriate UTM objects and identify one of them as the default.
D.    For each UTM object, identify which policy will use it.

Answer: A

QUESTION 190
If no firewall policy is specified between two FortiGate interfaces and zones are not used, which of the following statements describes the action taken on traffic flowing between these interfaces?

A.    The traffic is blocked.
B.    The traffic is passed.
C.    The traffic is passed and logged.
D.    The traffic is blocked and logged.

Answer: A

QUESTION 191
Which of the following products can be installed on a computer running Windows XP to provide personal firewall protection, antivirus protection, web and mail filtering, spam filtering, and VPN functionality?

A.    FortiGate
B.    FortiAnalyzer
C.    FortiClient
D.    FortiManager
E.    FortiReporter

Answer: C

QUESTION 192
File blocking rules are applied before which of the following?

A.    Firewall policy processing
B.    Virus scanning
C.    Web URL filtering
D.    White/Black list filtering

Answer: B

QUESTION 193
Which of the following pieces of information can be included in the Destination Address field of a firewall policy?

A.    An IP address pool, a virtual IP address, an actual IP address, and an IP address group.
B.    A virtual IP address, an actual IP address, and an IP address group.
C.    An actual IP address and an IP address group.
D.    Only an actual IP address.

Answer: B

QUESTION 194
FortiGate units are preconfigured with four default protection profiles. These protection profiles are used to control the type of content inspection to be performed.
What action must be taken for one of these profiles to become active?

A.    The protection profile must be assigned to a firewall policy.
B.    The “Use Protection Profile” option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam.
C.    The protection profile must be set as the Active Protection Profile.
D.    All of the above.

Answer: A

QUESTION 195
A FortiGate 60 unit is configured for your small office. The DMZ interface is connected to a network containing a web server and email server. The Internal interface is connected to a network containing 10 user workstations and the WAN1 interface is connected to your ISP.
You want to configure firewall policies so that your users can send and receive email messages to the email server on the DMZ network.
You also want the email server to be able to retrieve email messages from an email server hosted by your ISP using the POP3 protocol.
Which policies must be created for this communication? (Select all that apply.)

A.    Internal > DMZ
B.    DMZ > Internal
C.    Internal > WAN1
D.    WAN1 > Internal
E.    DMZ > WAN1
F.    WAN1 > DMZ

Answer: AE

QUESTION 196
The ordering of firewall policies is very important.
Policies can be re-ordered within the FortiGate Web Config and also using the CLI.
The command used in the CLI to perform this function is __________.

A.    set order
B.    edit policy
C.    reorder
D.    move

Answer: D

QUESTION 197
Which of the following network protocols can be used to access a FortiGate unit as an administrator?

A.    HTTPS, HTTP, SSH, TELNET, PING, SNMP
B.    FTP, HTTPS, NNTP, TCP, WINS
C.    HTTP, NNTP, SMTP, DHCP
D.    Telnet, FTP, RLOGIN, HTTP, HTTPS, DDNS
E.    Telnet, UDP, NNTP, SMTP

Answer: A

QUESTION 198
Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?

A.    The FortiGate unit requires only a single IP address for receiving updates and configuring from a management computer.
B.    The FortiGate unit must use public IP addresses on both the internal and external networks.
C.    The FortiGate unit commonly uses private IP addresses on the internal network but hides them using network address translation.
D.    The FortiGate unit uses only DHCP-assigned IP addresses on the internal network.

Answer: C

QUESTION 199
Which of the following statements correctly describes how a FortiGate unit functions in Transparent mode?

A.    To manage the FortiGate unit, one of the interfaces must be designated as the management interface. This interface may not be used for forwarding data.
B.    An IP address is used to manage the FortiGate unit but this IP address is not associated with a specific interface.
C.    The FortiGate unit must use public IP addresses on the internal and external networks.
D.    The FortiGate unit uses private IP addresses on the internal network but hides them using address translation.

Answer: B

QUESTION 200
The Idle Timeout setting on a FortiGate unit applies to which of the following?

A.    Web browsing
B.    FTP connections
C.    User authentication
D.    Administrator access
E.    Web filtering overrides.

Answer: D

The Fortinet NSE4 exam questions from Lead2pass are the most reliable guide for Fortinet exam. We offer the latest NSE4 PDF and VCE dumps with new version VCE player for free download, and the newest NSE4 dump ensures your exam 100% pass. A large number of successful candidates have shown a lot of faith in our NSE4 exam dumps. If you want pass the Fortinet NSE4 exam, please choose Lead2pass.

NSE4 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDeFZLNEJDeDRQdlE

2017 Fortinet NSE4 exam dumps (All 533 Q&As) from Lead2pass:

https://www.lead2pass.com/nse4.html [100% Exam Pass Guaranteed]