2017/July New NSE4 Exam Dumps with PDF and VCE Free Updated in www.Braindump2go.com  Today!
100% NSE4 Real Exam Questions! 100% NSE4 Exam Pass Guaranteed!

1.|2017 New NSE4 Exam Dumps (PDF & VCE) 360Q&As Download:
https://www.braindump2go.com/nse4.html

2.|2017 New NSE4 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNVi1ISU1vQUxBOTg?usp=sharing

QUESTION 31
A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.
Which one of the following statements is correct regarding the VLAN IDs in this scenario?

A.    The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
B.    The two VLAN sub-interfaces must have different VLAN IDs.
C.    The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
D.    The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

Answer: B

QUESTION 32
Which statements are correct for port pairing and forwarding domains? (Choose two.)

A.    They both create separate broadcast domains.
B.    Port Pairing works only for physical interfaces.
C.    Forwarding Domain only applies to virtual interfaces.
D.    They may contain physical and/or virtual interfaces.

Answer: AD

QUESTION 33
In transparent mode, forward-domain is an CLI setting associate with ______________.

A.    a static route.
B.    a firewall policy.
C.    an interface.
D.    a virtual domain.

Answer: C

QUESTION 34
Which statements correctly describe transparent mode operation? (Choose three.)

A.    The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
B.    Ethernet packets are forwarded based on destination MAC addresses, NOT IP addresses.
C.    The transparent FortiGate is clearly visible to network hosts in an IP trace route.
D.    Permits inline traffic inspection and firewalling without changing the IP scheme of the network.
E.    All interfaces of the transparent mode FortiGate device must be on different IP subnets.

Answer: ABD

QUESTION 35
Which of the following sequences describes the correct order of criteria used for the selection of a master unit within a FortiGate high availability (HA) cluster when override is disabled?

A.    1. port monitor, 2. unit priority, 3. up time, 4. serial number.
B.    1. port monitor, 2. up time, 3. unit priority, 4. serial number.
C.    1. unit priority, 2. up time, 3. port monitor, 4. serial number.
D.    1. up time, 2. unit priority, 3. port monitor, 4. serial number.

Answer: B

QUESTION 36
Which of the following statements are correct about the HA command diagnose sys ha reset-uptime? (Choose two.)

A.    The device this command is executed on is likely to switch from master to slave status if override is disabled.
B.    The device this command is executed on is likely to switch from master to slave status if override is enabled.
C.    This command has no impact on the HA algorithm.
D.    This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

Answer: AD

QUESTION 37
What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.)

A.    Enable session pick-up.
B.    Enable override.
C.    Connections must be UDP or ICMP.
D.    Connections must not be handled by a proxy.

Answer: AD

QUESTION 38
Review the static route configuration for IPsec shown in the exhibit; then answer the question below.
 
Which statements are correct regarding this configuration? (Choose two.)

A.    Interface remote is an IPsec interface.
B.    A gateway address is not required because the interface is a point-to-point connection.
C.    A gateway address is not required because the default route is used.
D.    Interface remote is a zone.

Answer: AB

QUESTION 39
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.
 
Which of the following statements is correct regarding this output? (Select one answer).

A.    One tunnel is rekeying.
B.    Two tunnels are rekeying.
C.    Two tunnels are up.
D.    One tunnel is up.

Answer: C

QUESTION 40
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.
 
Which statements are correct regarding this configuration? (Choose two.).

A.    The Phase 2 will re-key even if there is no traffic.
B.    There will be a DH exchange for each re-key.
C.    The sequence number of ESP packets received from the peer will not be checked.
D.    Quick mode selectors will default to those used in the firewall policy.

Answer: AB


!!!RECOMMEND!!!
1.|2017 New NSE4 Exam Dumps (PDF & VCE) 360Q&As Download:
https://www.braindump2go.com/nse4.html

2.|2017 New NSE4 Study Gudie Video:
https://youtu.be/lcPSEfJYR0M