Fortinet NSE4 - Fortinet Network Security Expert 4 Exam
Page: 2 / 61
Total 301 questions
Question #6 (Topic: )
Which action does the FortiGate take when link health monitor times out?
A. All routes to the destination subnet configured in the link health monitor are removed from the routing table.
B. The distance values of all routes using interface configured in the link health monitor are increased.
C. The priority values of all routes using configured in the link health monitor are increased.
D. All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.
Answer: D
Question #7 (Topic: )
An Internet browser is using the WPAD DNS method to discover the PAC files URL. The
DNS server replies to the browsers request with the IP address 10.100.1.10. Which URL
will the browser use to download the PAC file?
DNS server replies to the browsers request with the IP address 10.100.1.10. Which URL
will the browser use to download the PAC file?
A. http://10.100.1.10/proxy.pac
B. https://10.100.1.10/
C. http://10.100.1.10/wpad.dat
D. https://10.100.1.10/proxy.pac
Answer: C
Question #8 (Topic: )
What is the default criteria for selecting the HA master unit in a HA cluster?
A. port monitor, priority, uptime, serial number
B. Port monitor, uptime, priority, serial number
C. Priority, uptime, port monitor, serial number
D. uptime, priority, port monitor, serial number
Answer: B
Question #9 (Topic: )
Which changes to IPS will reduce resource usage and improve performance? (Choose
three)
three)
A. In custom signature, remove unnecessary keywords to reduce how far into the signature tree that FortiGate must compare in order to determine whether the packet matches.
B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, applications and traffic directions that are not relevant.
C. In IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential signatures.
D. In firewall policies where IPS is not needed, disable IPS.
E. In firewall policies where IPS is used, enable session start logs.
Answer: A,B,D
Question #10 (Topic: )
Which statements are true regarding the use of a PAC file to configure the web proxy
settings in an Internet browser? (Choose two.)
settings in an Internet browser? (Choose two.)
A. Only one proxy is supported.
B. Can be manually imported to the browser.
C. The browser can automatically download it from a web server.
D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.
Answer: C,D
