This page was exported from Up-To-Date And Reliable MCPD Exam Questions For 100 Percent Pass [ ] Export date:Fri Nov 15 10:32:30 2019 / +0000 GMT ___________________________________________________ Title: [Feb-2016 Update] Download Free PassLeader Premium 222q NSE4 Exam Questions (21-40) --------------------------------------------------- 100% Pass Ensure NSE4 Exam Dumps: PassLeader provides the newest NSE4 dumps updated in recent days with total 222q exam questions, it is the best study materials for preparing NSE4 certification exams. PassLeader's NSE4 exam dumps will offer you the latest questions and answers with free VCE and PDF file to download, which will help you 100% passing NSE4 exam. And PassLeader also supply the newest free version VCE Player now! keywords: NSE4 exam,222q NSE4 exam dumps,222q NSE4 exam questions,NSE4 pdf dumps,NSE4 vce dumps,NSE4 practice test,NSE4 study guide,NSE 4 -- Fortinet Network Security Professional Exam QUESTION 21In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway? A.    A lookup is done only when the first packet coming from the client (SYN) arrives.B.    A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.C.    Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).D.    A lookup is always done each time a packet arrives, from either the server or the client side. Answer: B QUESTION 22Examine the two static routes to the same destination subnet as shown below; then answer the question following it.config router staticedit 1set dst distance 20set priority 10set device port1nextedit 2set dst distance 20set priority 20set device port2nextendWhich of the following statements correctly describes the static routing configuration provided above? A.    The FortiGate evenly shares the traffic to through both routes.B.    The FortiGate shares the traffic to through both routes, but the port2 route will carry approximately twice as much of the traffic.C.    The FortiGate sends all the traffic to through port1.D.    Only the route that is using port1 will show up in the routing table. Answer: C QUESTION 23Examine the exhibit below; then answer the question following it.In this scenario, the FortiGate unit in Ottawa has the following routing table:S* [10/0] via, port2C is directly connected, port1C is directly connected, port2Sniffer tests show that packets sent from the source IP address to the destination IP address are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets? A.    The forward policy check.B.    The reverse path forwarding check.C.    The subnet is NOT in the Ottawa FortiGate's routing table.D.    The destination workstation does NOT have the subnet in its routing table. Answer: B QUESTION 24Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.Which two statements are correct regarding this output? (Choose two.) A.    There will be six routes in the routing table.B.    There will be seven routes in the routing table.C.    There will be two default routes in the routing table.D.    There will be two routes for the subnet in the routing table. Answer: AC QUESTION 25Examine the exhibit; then answer the question below.The Vancouver FortiGate initially had the following information in its routing table:S [10/0] via, port2C is directly connected, port2C is directly connected, port1Afterwards, the following static route was added:config router staticedit 6set dst pririoty 0set device port1set gateway this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem? A.    The subnet is overlapped with the subnet of one static route that is already in the routing table (, so, we need to enable allow-subnet-overlap first.B.    The 'gateway' IP address is NOT in the same subnet as the IP address of port1.C.    The priority is 0, which means that the route will remain inactive.D.    The static route configuration is missing the distance setting. Answer: B QUESTION 26A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs? A.    The FortiGate must be a model 1000 or above to support multiple VDOMs.B.    A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled.C.    Changing the operational mode of a VDOM requires a reboot of the FortiGate.D.    The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes. Answer: D QUESTION 27Which statements are correct regarding virtual domains (VDOMs)? (Choose two.) A.    VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs.B.    A management VDOM handles SNMP, logging, alert email, and FDN-based updates.C.    VDOMs share firmware versions, as well as antivirus and IPS databases.D.    Different time zones can be configured in each VDOM. Answer: BC QUESTION 28A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following settings will this administrator be able to configure? (Choose two.) A.    Firewall addresses.B.    DHCP servers.C.    FortiGuard Distribution Network configuration.D.    System hostname. Answer: AB QUESTION 29A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM. What would be a possible cause for this problem? A.    The administrator does not have the proper permissions to reassign the dmz interface.B.    The dmz interface is referenced in the configuration of another VDOM.C.    Non-management VDOMs cannot reference physical interfaces.D.    The dmz interface is in PPPoE or DHCP mode. Answer: B QUESTION 30A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.) A.    The administrator can configure inter-VDOM links to avoid using external interfaces and routers.B.    As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links.C.    This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing.D.    Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.E.    As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs. Answer: ABE QUESTION 31A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface. Which one of the following statements is correct regarding the VLAN IDs in this scenario? A.    The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.B.    The two VLAN sub-interfaces must have different VLAN IDs.C.    The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.D.    The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches. Answer: B QUESTION 32Which statements are correct for port pairing and forwarding domains? (Choose two.) A.    They both create separate broadcast domains.B.    Port Pairing works only for physical interfaces.C.    Forwarding Domain only applies to virtual interfaces.D.    They may contain physical and/or virtual interfaces. Answer: AD QUESTION 33In transparent mode, forward-domain is an CLI setting associate with ______________. A.    a static route.B.    a firewall policy.C.    an interface.D.    a virtual domain. Answer: C QUESTION 34Which statements correctly describe transparent mode operation? (Choose three.) A.    The FortiGate acts as transparent bridge and forwards traffic at Layer-2.B.    Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.C.    The transparent FortiGate is clearly visible to network hosts in an IP trace route.D.    Permits inline traffic inspection and firewalling without changing the IP scheme of the network.E.    All interfaces of the transparent mode FortiGate device must be on different IP subnets. Answer: ABD QUESTION 35Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled? A.    1. port monitor, 2. unit priority, 3. up time, 4. serial number.B.    1. port monitor, 2. up time, 3. unit priority, 4. serial number.C.    1. unit priority, 2. up time, 3. port monitor, 4. serial number.D.    1. up time, 2. unit priority, 3. port monitor, 4. serial number. Answer: B QUESTION 36Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.) A.    The device this command is executed on is likely to switch from master to slave status if override is disabled.B.    The device this command is executed on is likely to switch from master to slave status if override is enabled.C.    This command has no impact on the HA algorithm.D.    This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected. Answer: AD QUESTION 37What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.) A.    Enable session pick-up.B.    Enable override.C.    Connections must be UDP or ICMP.D.    Connections must not be handled by a proxy. Answer: AD QUESTION 38Review the static route configuration for IPsec shown in the exhibit; then answer the question below.Which statements are correct regarding this configuration? (Choose two.) A.    Interface remote is an IPsec interface.B.    A gateway address is not required because the interface is a point-to-point connection.C.    A gateway address is not required because the default route is used.D.    Interface remote is a zone. Answer: AB QUESTION 39Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.Which statements is correct regarding this output? (Select one.) A.    One tunnel is rekeying.B.    Two tunnels are rekeying.C.    Two tunnels are up.D.    One tunnel is up. Answer: C QUESTION 40Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.Which statements are correct regarding this configuration? (Choose two.) A.    The Phase 2 will re-key even if there is no traffic.B.    There will be a DH exchange for each re-key.C.    The sequence number of ESP packets received from the peer will not be checked.D.    Quick mode selectors will default to those used in the firewall policy. Answer: AB --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2016-02-25 07:16:30 Post date GMT: 2016-02-25 07:16:30 Post modified date: 2016-02-25 07:16:30 Post modified date GMT: 2016-02-25 07:16:30 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from