[2017 New]100% Real Exam Questions-Braindump2go NSE4 PDF Dumps 360Q Download[Q21-Q30]

Jul 20, 2017

2017/July New NSE4 Exam Dumps with PDF and VCE Free Updated in www.Braindump2go.com Today!
100% NSE4 Real Exam Questions! 100% NSE4 Exam Pass Guaranteed!

1.|2017 New NSE4 Exam Dumps (PDF & VCE) 360Q&As Download:
https://www.braindump2go.com/nse4.html

2.|2017 New NSE4 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNVi1ISU1vQUxBOTg?usp=sharing

QUESTION 21
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?

A.    A lookup is done only when the first packet coming from the client (SYN) arrives.
B.    A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.
C.    Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).
D.    A lookup is always done each time a packet arrives, from either the server or the client side.

Answer: B

QUESTION 22
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 10
set device port1
next
edit 2
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 20
set device port2
next
end
Which of the following statements correctly describes the static routing configuration provided above?

A.    The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.
B.    The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
C.    The FortiGate sends all the traffic to 172.20.168.0/24 through port1.
D.    Only the route that is using port1 will show up in the routing table.

Answer: C

QUESTION 23
Examine the exhibit below; then answer the question following it.

In this scenario, the FortiGate unit in Ottawa has the following routing table:
S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2
C 172.20.167.0/24 is directly connected, port1
C 172.20.170.0/24 is directly connected, port2
Sniffer tests show that packets sent from the source IP address 172.20.168.2 to the destination IP address 172.20.169.2 are being dropped by the FortiGate located in Ottawa. Which of the following correctly describes the cause for the dropped packets?

A.    The forward policy check.
B.    The reverse path forwarding check.
C.    The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate’s routing table.
D.    The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.

Answer: B

QUESTION 24
Review the output of the command get router info routing-table database shown in the exhibit below; then answer the question following it.

Which two statements are correct regarding this output? (Choose two.)

A.    There will be six routes in the routing table.
B.    There will be seven routes in the routing table.
C.    There will be two default routes in the routing table.
D.    There will be two routes for the 10.0.2.0/24 subnet in the routing table.

Answer: AC

QUESTION 25
Examine the exhibit; then answer the question below.

The Vancouver FortiGate initially had the following information in its routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2
C 172.11.11.0/24 is directly connected, port1
Afterwards, the following static route was added:
config router static
edit 6
set dst 172.20.1.0 255.255.255.0
set pririoty 0
set device port1
set gateway 172.11.12.1
next
end
Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

A.    The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.
B.    The ‘gateway’ IP address is NOT in the same subnet as the IP address of port1.
C.    The priority is 0, which means that the route will remain inactive.
D.    The static route configuration is missing the distance setting.

Answer: B

QUESTION 26
A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is correct regarding multiple VDOMs?

A.    The FortiGate must be a model 1000 or above to support multiple VDOMs.
B.    A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled.
C.    Changing the operational mode of a VDOM requires a reboot of the FortiGate.
D.    The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes.

Answer: D

QUESTION 27
Which statements are correct regarding virtual domains (VDOMs)? (Choose two.)

A.    VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs.
B.    A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C.    VDOMs share firmware versions, as well as antivirus and IPS databases.
D.    Different time zones can be configured in each VDOM.

Answer: BC

QUESTION 28
A FortiGate is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.
Which of the following settings will this administrator be able to configure? (Choose two.)

A.    Firewall addresses.
B.    DHCP servers.
C.    FortiGuard Distribution Network configuration.
D.    System hostname.

Answer: AB

QUESTION 29
A FortiGate administrator with the super_admin profile configures a virtual domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in the GUI in the management VDOM.
What would be a possible cause for this problem?

A.    The administrator does not have the proper permissions to reassign the dmz interface.
B.    The dmz interface is referenced in the configuration of another VDOM.
C.    Non-management VDOMs cannot reference physical interfaces.
D.    The dmz interface is in PPPoE or DHCP mode.

Answer: B

QUESTION 30
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.)

A.    The administrator can configure inter-VDOM links to avoid using external interfaces and routers.
B.    As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links.
C.    This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing.
D.    Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.
E.    As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.

Answer: ABE

!!!RECOMMEND!!!
1.|2017 New NSE4 Exam Dumps (PDF & VCE) 360Q&As Download:
https://www.braindump2go.com/nse4.html

2.|2017 New NSE4 Study Gudie Video:
https://youtu.be/lcPSEfJYR0M