FORTINET NSE4 SAMPLE EXAM QUESTIONS WITH
WELL VERIFIED ANSWERS
How does FGT load balance traffic when using the spillover method in ECMP Routing?
Sessions are distributed on interface threshold
Sessions are distributed on route weight - ✔✔Sessions are distributed on interface
threshold
What is the default RPF check method on FGT?
Loose (Feasible Path)
Strict - ✔✔Loose (Feasible Path)
Which route lookup scenario satisfies the RPF check for a packet?
Routing table has an active route for the destination IP of the packet
Routing table has an active route for the source IP of the packet - ✔✔Routing table
has an active route for the source IP of the packet
What is the purpose of the link health monitor setting "update-static-route"?
It creates a new static route for the backup interface
It removes all static routes associated with the link health monitors interface - ✔✔It
removes all static routes associated with the link health monitors interface
When using link health monitoring, which route attribute must you also configure to
achieve route failover protection ?
Distance
Metric - ✔✔Distance
,What is the distance for this route? 10.200.2.0/24 [110/2] via 10.200.2.254, [25/0]?
110
2 - ✔✔110
Which CLI commands can you use to view standby and inactive routes?
get router info routing-table all
get router info routing-table database - ✔✔get router info routing-table database
Which CLI packet capture verbosity level prints interface names?
3
4 - ✔✔4
Which method of load balancing is supported by SD-WAN but not supported by ECMP?
Sessions
Volume - ✔✔Volume
Which configuration task is correct when implementing SD-WAN?
Configure a default route using SD-WAN virtual interface
Configure firewall policies for each individual member interface - ✔✔Configure a
default route using SD-WAN virtual interface
Which link attribute is used in SD-WAN Link quality measurements?
Cost
Latency - ✔✔Latency
, Which status check protocol is available on only the CLI?
TCP-echo
HTTP - ✔✔TCP-echo
What is an SD-WAN rule matching parameter for traffic sources?
User groups
IPS signatures - ✔✔User groups
What can you configure SD-WAN rules to choose the egress interface based on which
parameter?
Weight
Latency - ✔✔Latency
Which monitor should you use to monitor the session distribution across the SD-WAN
member interfaces?
SD-WAN Link Status monitor
SD-WAN Usage monitor - ✔✔SD-WAN Usage monitor
When verifying SD-WAN traffic routing with the CLI packet capture tool, which verbosity
level should you use?
1
4 - ✔✔4
Which type of administrator can make changes to all ?
A custom VDOM administrator
An administrator with the super.admin profile - ✔✔An administrator with the
super.admin profile
WELL VERIFIED ANSWERS
How does FGT load balance traffic when using the spillover method in ECMP Routing?
Sessions are distributed on interface threshold
Sessions are distributed on route weight - ✔✔Sessions are distributed on interface
threshold
What is the default RPF check method on FGT?
Loose (Feasible Path)
Strict - ✔✔Loose (Feasible Path)
Which route lookup scenario satisfies the RPF check for a packet?
Routing table has an active route for the destination IP of the packet
Routing table has an active route for the source IP of the packet - ✔✔Routing table
has an active route for the source IP of the packet
What is the purpose of the link health monitor setting "update-static-route"?
It creates a new static route for the backup interface
It removes all static routes associated with the link health monitors interface - ✔✔It
removes all static routes associated with the link health monitors interface
When using link health monitoring, which route attribute must you also configure to
achieve route failover protection ?
Distance
Metric - ✔✔Distance
,What is the distance for this route? 10.200.2.0/24 [110/2] via 10.200.2.254, [25/0]?
110
2 - ✔✔110
Which CLI commands can you use to view standby and inactive routes?
get router info routing-table all
get router info routing-table database - ✔✔get router info routing-table database
Which CLI packet capture verbosity level prints interface names?
3
4 - ✔✔4
Which method of load balancing is supported by SD-WAN but not supported by ECMP?
Sessions
Volume - ✔✔Volume
Which configuration task is correct when implementing SD-WAN?
Configure a default route using SD-WAN virtual interface
Configure firewall policies for each individual member interface - ✔✔Configure a
default route using SD-WAN virtual interface
Which link attribute is used in SD-WAN Link quality measurements?
Cost
Latency - ✔✔Latency
, Which status check protocol is available on only the CLI?
TCP-echo
HTTP - ✔✔TCP-echo
What is an SD-WAN rule matching parameter for traffic sources?
User groups
IPS signatures - ✔✔User groups
What can you configure SD-WAN rules to choose the egress interface based on which
parameter?
Weight
Latency - ✔✔Latency
Which monitor should you use to monitor the session distribution across the SD-WAN
member interfaces?
SD-WAN Link Status monitor
SD-WAN Usage monitor - ✔✔SD-WAN Usage monitor
When verifying SD-WAN traffic routing with the CLI packet capture tool, which verbosity
level should you use?
1
4 - ✔✔4
Which type of administrator can make changes to all ?
A custom VDOM administrator
An administrator with the super.admin profile - ✔✔An administrator with the
super.admin profile
