Fortinet NSE4 - Test questions 2 with Complete & Verified Solutions | 100% Correct

Fortinet NSE4 - Test questions 2 with Complete & Verified Solutions | 100% Correct Which statements about a One-to-One IP pool are true? (choose two) - Answer ️️ -- It allows the fixed mapping of an internal address range to an external address rage. - It doesn't use port address translation. Which of the following FortiGate configuration tasks will create a route in the policy route table? (Choose two.) - Answer ️️ -- Static route created with a ISDB object - SD-WAN rule created to route traffic based on link latency. (FortiGate Infrastructure 6.2 Study Guide page 13) A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups. What is required in the SSL VPN configuration to meet these requirements? - Answer ️️ -Different SSL VPN realms for each group. What are the best practice to strengthen the security of SSL VPN access? - Answer ️️ -- Config host restriction by IP or MAC address - Config 2 factor auth using security certificates - Config a client integrity check (host check) Which statement about FortiGuard services for FortiGate is true? - Answer ️️ -Antivirus signatures are downloaded locally on FortiGate. Which of the following route attributes must be equal for static routes to be eligible for equal cost multipath (ECMP) routing? (Choose two.) - Answer ️️ -- Priority - Distance Which statement is true regarding the policy ID number of a firewall policy? - Answer ️️ -Is required to modify a firewall policy using the CLI Which statement is true regarding SSL VPN timers? (Choose two.) - Answer ️️ -- Helps mitigate vulnerabilities such as Slowloris and R-U-Dead-Yet, that allow attackers to cause a DOS through partial HTTP request. - Helps avoid logouts when SSL-VPN users experience long network latency. (FortiGate Security 6.0 Study Guide page 585) Which of the following conditions must be met in order for a web browser to trust a web server certificate signed by a third-party CA? - Answer ️️ -The CA certificate that signed the web- server certificate must be installed on the browser. When using SD-WAN, how do you configure the next-hop gateway address for a member interface so that FortiGate can forward Internet traffic? - Answer ️️ -It must be provided in the SD-WAN member interface configuration. (you must specify at least 2 interfaces & their gateway) (FortiGate Infrastructure 6.2 Study Guide page 70) Which of the following services can be inspected by the DLP profile? (Choose three.) - Answer ️️ -- FTP - IMAP - HTTP-POST Which of the following statements describe WMI polling mode for the FSSO collector agent? (Choose two.) - Answer ️️ -- The CA used a Windows API to query DCs for user logins - The CAs don't need to search any security event logs. (FortiGate Infrastructure 6.2 Study Guide page 242) Collector Agent-Based Polling Mode Options: - Answer ️️ -- NetAPI - WniSecLog - WMI Describe WMI: - Answer ️️ -A Windows API that gets system information from a Windows server. The DC returns all requested logon events. The collector Agent is a WMI client and sends WMI queries for user logon events to the DC, which in this case, is a WMI server. The CA doesn't need to search security events logs on the DC for user logon events. Which statements about DNS filter profiles are true? (Choose two.) - Answer ️️ -- Block DNS request to known botnet command and control - Redirects blocked requests to a specific portal - Allow access when rating error occurs (FortiGate Security 6.0 Study Guide page 374) An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario? - Answer ️️ -Dialup clients must provide a username and password for authentication What is a Forward domain? - Answer ️️ -- Is a setting at the interface level to subdivide a VDOM into multiple broadcast domains. - Interfaces with the same domain ID belong to the same broadcast domain (FortiGate Infrastructure 6.2 Study Guide page 163) Which of the following statements about virtual domains (VDOMs) are true? (Choose two.) - Answer ️️ -- The root VDOM is the management vdom by default - Each VDOM maintains its own routing table When configuring a Security Fabric FGT to communicate with a downstream FGT, which settings are required? - Answer ️️ -- FortiTeremetry (admin access) - IP & mas