2017/July New NSE4 Exam Dumps with PDF and VCE Free Updated in www.Braindump2go.com Today!
100% NSE4 Real Exam Questions! 100% NSE4 Exam Pass Guaranteed!
1.|2017 New NSE4 Exam Dumps (PDF & VCE) 360Q&As Download:
https://www.braindump2go.com/nse4.html
2.|2017 New NSE4 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNVi1ISU1vQUxBOTg?usp=sharing
QUESTION 51
With FSSO, a domain user could authenticate either against the domain controller running the collector agent and domain controller agent, or a domain controller running only the domain controller agent.
If you attempt to authenticate with a domain controller running only the domain controller agent, which statements are correct? (Choose two.)
A. The login event is sent to the collector agent.
B. The FortiGate receives the user information directly from the receiving domain controller agent of the secondary domain controller.
C. The domain collector agent may perform a DNS lookup for the authenticated client’s IP address.
D. The user cannot be authenticated with the FortiGate in this manner because each domain controller agent requires a dedicated collector agent.
Answer: AC
QUESTION 52
FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows active directory.
Which of the following statements are correct regarding FSSO in a Windows domain environment when agent mode is used? (Choose two.)
A. An FSSO collector agent must be installed on every domain controller.
B. An FSSO domain controller agent must be installed on every domain controller.
C. The FSSO domain controller agent will regularly update user logon information on the FortiGate unit.
D. The FSSO collector agent will receive user logon information from the domain controller agent and will send it to the FortiGate unit.
Answer: BD
QUESTION 53
Which statement is one disadvantage of using FSSO NetAPI polling mode over FSSO Security Event Log (WinSecLog) polling mode?
A. It requires a DC agent installed in some of the Windows DC.
B. It runs slower.
C. It might miss some logon events.
D. It requires access to a DNS server for workstation name resolution.
Answer: C
QUESTION 54
Which are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment? [Choose two.]
A. DNS server must properly resolve all workstation names.
B. The remote registry service must be running in all workstations.
C. The collector agent must be installed in one of the Windows domain controllers.
D. A same user cannot be logged in into two different workstations at the same time.
Answer: AB
QUESTION 55
Which statement describes what the CLI command diagnose debug authd fsso list is used for?
A. Monitors communications between the FSSO collector agent and FortiGate unit.
B. Displays which users are currently logged on using FSSO.
C. Displays a listing of all connected FSSO collector agents.
D. Lists all DC Agents installed on all domain controllers.
Answer: B
QUESTION 56
When the SSL proxy is NOT doing man-in-the-middle interception of SSL traffic, which certificate field can be used to determine the rating of a website?
A. Organizational Unit.
B. Common Name.
C. Serial Number.
D. Validity.
Answer: B
QUESTION 57
Which tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Choose two.)
A. The web client SSL handshake.
B. The web server SSL handshake.
C. File buffering.
D. Communication with the URL filter process.
Answer: AB
QUESTION 58
Bob wants to send Alice a file that is encrypted using public key cryptography.
Which of the following statements is correct regarding the use of public key cryptography in this scenario?
A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.
B. Bob will use his public key to encrypt the file and Alice will use Bob’s private key to decrypt the file.
C. Bob will use Alice’s public key to encrypt the file and Alice will use her private key to decrypt the file.
D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.
Answer: C
QUESTION 59
Which Fortinet products & features could be considered part of a comprehensive solution to monitor and prevent the leakage of senstive data? (Select all that apply.)
A. Archive non-compliant outgoing e-mails using FortiMail.
B. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate.
C. Monitor database activity using FortiAnalyzer.
D. Apply a DLP sensor to a firewall policy.
E. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk.
Answer: ABD
QUESTION 60
For data leak prevention, which statement describes the difference between the block and quarantine actions?
A. A block action prevents the transaction.
A quarantine action blocks all future transactions, regardless of the protocol.
B. A block action prevents the transaction.
A quarantine action archives the data.
C. A block action has a finite duration.
A quarantine action must be removed by an administrator.
D. A block action is used for known users.
A quarantine action is used for unknown users.
Answer: A
!!!RECOMMEND!!!
1.|2017 New NSE4 Exam Dumps (PDF & VCE) 360Q&As Download:
https://www.braindump2go.com/nse4.html
2.|2017 New NSE4 Study Gudie Video:
https://youtu.be/lcPSEfJYR0M