Fortinet NSE4 Exam Dump

Question No : 1 - (Topic 1)
With FSSO, a domain user could authenticate either against the domain controller running
the Collector Agent and Domain Controller Agent, or a domain controller running only the
Domain Controller Agent.
If you attempt to authenticate with the Secondary Domain Controller running only the
Domain Controller Agent, which of the following statements are correct? (Select all that
A. The login event is sent to the Collector Agent.
B. The FortiGate unit receives the user information from the Domain Controller Agent of the
Secondary Controller.
C. The Collector Agent performs the DNS lookup for the authenticated client’s IP address.
D. The user cannot be authenticated with the FortiGate device in this manner because
each Domain Controller Agent requires a dedicated Collector Agent.
Answer: A,C

Question No : 2 - (Topic 1)
What are the requirements for a cluster to maintain TCP connections after device or link
failover? (Select all that apply.)
A. Enable session pick-up.
B. Only applies to connections handled by a proxy.
C. Only applies to UDP and ICMP connections.
D. Connections must not be handled by a proxy.
Answer: A,D

Question No : 3 - (Topic 1)
For Data Leak Prevention, which of the following describes the difference between the
block and quarantine actions?
A. A block action prevents the transaction. A quarantine action blocks all future
transactions, regardless of the protocol.
B. A block action prevents the transaction. A quarantine action archives the data.
C. A block action has a finite duration. A quarantine action must be removed by an
D. A block action is used for known users. A quarantine action is used for unknown users.
Answer: A

Question No : 4 - (Topic 1)
Select the answer that describes what the CLI command diag debug authd fsso list is used
A. Monitors communications between the FSSO Collector Agent and FortiGate unit.
B. Displays which users are currently logged on using FSSO.
C. Displays a listing of all connected FSSO Collector Agents.
D. Lists all DC Agents installed on all Domain Controllers.
Answer: B

Question No : 05 - (Topic 1)
Examine the following log message for IPS and identify the valid responses below. (Select
all that apply.)
2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root
severity="critical" src="" dst="" src_int="port2" serial=0
status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood"
icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1"
ref="" msg="anomaly: icmp_flood, 51 > threshold
A. The target is
B. The target is
C. The attack was detected and blocked.
D. The attack was detected only.
E. The attack was TCP based.
Answer: B,D

Question No : 06 - (Topic 1)
In the case of TCP traffic, which of the following correctly describes the routing table
lookups performed by a FortiGate unit when searching for a suitable gateway?
A. A look-up is done only when the first packet coming from the client (SYN) arrives.
B. A look-up is done when the first packet coming from the client (SYN) arrives, and a
second is performed when the first packet coming from the server (SYNC/ACK) arrives.
C. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK).
D. A look-up is always done each time a packet arrives, from either the server or the client
Answer: B

Question No : 07 - (Topic 1)
Which of the following statements correctly describe Transparent Mode operation? (Select
all that apply.)
A. The FortiGate unit acts as transparent bridge and routes traffic using Layer-2
B. Ethernet packets are forwarded based on destination MAC addresses NOT IPs.
C. The device is transparent to network hosts.
D. Permits inline traffic inspection and firewalling without changing the IP scheme of the
E. All interfaces must be on different IP subnets.
Answer: A,B,C,D

Question No : 08 - (Topic 1)
How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)
A. File TypE. Microsoft Office(msoffice)
B. File TypE. Archive(zip)
C. File TypE. Unknown Filetype(unknown)
D. File NamE. "*.ppt", "*.doc", "*.xls"
E. File NamE. "*.pptx", "*.docx", "*.xlsx"
Answer: B,E

Question No : 09 - (Topic 1)
Identify the statement which correctly describes the output of the following command:
diagnose ips anomaly list
A. Lists the configured DoS policy.
B. List the real-time counters for the configured DoS policy.
C. Lists the errors captured when compiling the DoS policy.
Answer: B

Question No : 10 - (Topic 1)
Data Leak Prevention archiving gives the ability to store files and message data onto a
FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)
B. IPSec
Answer: C,D,E