HomeFortinetNSE4Real Fortinet FortiOS 5.4 NSE4-5.4 Exam Questions
September 27, 2018

Real Fortinet FortiOS 5.4 NSE4-5.4 Exam Questions

Fortinet FortiOS 5.4 NSE4-5.4 exam, as a hot exam for NSE4 exam, recognizes your ability to install and manage the day-to-day configuration, monitoring, and operation of a FortiGate device to support specific corporate network security policies. However, passing NSE4-5.4 exam is not an easy task, Dumpsbase Real Fortinet FortiOS 5.4 NSE4-5.4 Exam Questions will be your best materials for Fortinet Network Security Expert 4 Written Exam – FortiOS 5.4 exam.

Before taking Dumpsbase Real Fortinet FortiOS 5.4 NSE4-5.4 Exam Questions, checking the free demo questions as showing:

Real Fortinet FortiOS 5.4 NSE4-5.4 Exam Questions

1. A FortiGate interface is configured with the following commands:

What statements about the configuration are correct? (Choose two.)

2. Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.)

3. Under what circumstance would you enable LEARN as the Action on a firewall policy?

4. What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

5. You are tasked to architect a new IPsec deployment with the following criteria:

- There are two HQ sites that all satellite offices must connect to.

- The satellite offices do not need to communicate directly with other satellite offices.

- No dynamic routing will be used.

- The design should minimize the number of tunnels being configured.

Which topology should be used to satisfy all of the requirements?

6. View the exhibit.

Which of the following statements are correct? (Choose two.)

7. Which statements about DNS filter profiles are true? (Choose two.)

8. An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive.

Which statements are true? (Choose two.)

9. Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)

10. An administrator observes that the port1 interface cannot be configured with an IP address.

What can be the reasons for that? (Choose three.)

11. View the example routing table.

Which route will be selected when trying to reach 10.20.30.254?

12. When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

13. What is FortiGate’s behavior when local disk logging is disabled?

14. What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

15. Which statements about One-to-One IP pool are true? (Choose two.)

16. Which statements correctly describe transparent mode operation? (Choose three.)

17. View the exhibit.

What is the effect of the Disconnect Cluster Member operation as shown in the exhibit? (Choose two.)

18. What step is required to configure an SSL VPN to access to an internal server using port forward mode?

19. View the exhibit.

This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1.

In this scenario. FGT1 has the following routing table:

Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?

20. An administrator needs to be able to view logs for application usage on your network.

What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

21. A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.

What is required in the SSL VPN configuration to meet these requirements?

22. Examine the routing database.

Which of the following statements are correct? (Choose two.)

23. View the exhibit.

When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?

24. View the exhibit.

When Role is set to Undefined, which statement is true?

25. Which statement is true regarding the policy ID numbers of firewall policies?

26. An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN.

How can this be achieved?

27. Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)

28. An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface.

However, the DHCP client cannot get a dynamic IP address from the DHCP server.

What is the cause of the problem?

29. View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com(Addicting.Games).

Based on this configuration, which statement is true?

30. What are the purposes of NAT traversal in IPsec? (Choose two.)

31. Which statements about application control are true? (Choose two.)

32. View the exhibit.

The client cannot connect to the HTTP web server.

The administrator run the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

33. Which of the following statements about NTLM authentication are correct? (Choose two.)

34. What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?

35. Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

36. View the exhibit.

Which statements about the exhibit are true? (Choose two.)

37. Which statement about the firewall policy authentication timeout is true?

38. Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

39. If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

40. How can a browser trust a web-server certificate signed by a third party CA?

41. How does FortiGate verify the login credentials of a remote LDAP user?

42. An administrator has enabled proxy-based antivirus scanning and configured the following settings:

Which statement about the above configuration is true?

43. Examine this output from the diagnose sys topcommand:

Which statements about the output are true? (Choose two.)

44. An administrator has created a custom IPS signature.

Where does the custom IPS signature have to be applied?

45. An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server.

Which of the following DNS method must you use?

46. Which statements about high availability (HA) for FortiGates are true? (Choose two.)

47. Which of the following statements about central NAT are true? (Choose two.)

48. Which statement about the FortiGuard services for the FortiGate is true?

49. Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)

50. An administrator has configured a route-based IPsec VPN between two FortiGates.

Which statement about this IPsec VPN configuration is true?

51. What information is flushed when the chunk-sizevalue is changed in the config dlp settings?

52. How does FortiGate select the central SNAT policy that is applied to a TCP session?

53. When using WPAD DNS method, what is the FQDN format that browsers use to query the DNS server?

54. An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections.

Why?

55. Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

56. Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

57. Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.

The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.

Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

58. Which statement about data leak prevention (DLP) on a FortiGate is true?

59. Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

60. Which statements about IP-based explicit proxy authentication are true? (Choose two.)

61. View the Exhibit.

The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1.

What ping option needs to be enabled before running the ping?

62. How can you format the FortiGate flash disk?

63. How do you configure inline SSL inspection on a firewall policy? (Choose two.)

64. Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)

65. View the exhibit.

Based on this output, which statements are correct? (Choose two.)

66. An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy.

What else is required for the CASI profile to work properly?

67. How does FortiGate look for a matching firewall policy to process traffic?

68. How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

69. Which file names will match the *.tiff file name pattern configured in a data leak prevention filter? (Choose two.)

70. An administrator has configured a dialup IPsec VPN with XAuth.

Which method statement best describes this scenario?

71. View the exhibit.

VDOM1 is operating is transparent mode VDOM2 is operating in NAT Route mode. There is an inter-VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1.

What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

72. Which component of FortiOS performs application control inspection?

73. Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

74. What statement describes what DNS64 does?

75. What does the command diagnose debug fsso-polling refresh-user do?

76. Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?

77. An administrator has configured the following settings:

What does the configuration do? (Choose two.)

78. Which statements about FortiGate inspection modes are true? (Choose two.)

79. Examine the following interface configuration on a FortiGate in transparent mode:

Which statement about this configuration is correct?

80. Examine this PAC file configuration.

Which of the following statements are true? (Choose two.)

81. In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

82. A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.

Which statement about the VLAN IDs in this scenario is true?

83. Which of the following statements are true when using Web Proxy Auto-discovery Protocol (WPAD) with the DHCP discovery method? (Choose two.)

84. What inspections are executed by the IPS engine? (Choose three.)

85. Examine the exhibit.

A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router. Port2 and port3 are both configured as a software switch.

What IP address must be configured in the workstation as the default gateway?

86. Which of the following statements about the FSSO collector agent timers is true?

87. An administrator has enabled the DHCP Server on the port1 interface and configured the following based on the exhibit.

Which statement is correct based on this configuration?

88. An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices.

Which configuration steps must be performed on both units to support this scenario? (Choose three.)

89. View the Exhibit.

Which statements are correct based on this output? (Choose two.)

90. Which of the following statements about web caching are true? (Choose two.)

91. What FortiGate configuration is required to actively prompt users for credentials?

92. View the exhibit.

In this scenario, FGT1 has the following routing table:

S* 0. 0. 0. 0/0 [10/0] via 10. 40. 72. 2, port1

C 172. 16. 32. 0/24 is directly connected, port2

C 10. 40. 72. 0/30 is directly connected, port1

A user at 192.168.32.15 is trying to access the web server at 172.16.32.254.

Which of the following statements best describe how the FortiGate will perform reverse path forwarding checks on this traffic? (Choose two.)

93. View the exhibit.

What does the log message indicate? (Choose two.)

94. Which election criterion is used to elect the primary FortiGate in a high availability (HA) cluster when override is enabled?

95. View the exhibit.

What does this exhibit represent?

96. Which condition must be met to offload the encryption and decryption of IPsec traffic to an NP6 processor?

97. What FortiGate feature can be used to prevent a cross-site scripting (XSS) attack?

98. What is the purpose of the Policy Lookup feature?

99. View the exhibit.

Which of the following statements are correct? (Choose two.)

100. Examine the following web filtering log.

Which statement about the log message is true?


 

 

New FortiWeb 5.6.0 Specialist NSE6_FWB-5.6.0 Exam Questions
Latest FortiADC Fortinet Application Delivery Controllers (ADC) Exam Dumps Online
Tags:, , , , , , , , ,

Related Posts

About The Author

dumps

From our dumpsbase platform you could search what exams you need then test or practice online by yourself. Download the PDF file if you need directly. Any other questions you can mail [email protected]

Add a Comment

Your email address will not be published. Required fields are marked *