★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
NSE4-5.4 Product Description:
Exam Number/Code: NSE4-5.4 vce
Exam name: Fortinet Network Security Expert - FortiOS 5.4
n questions with full explanations
Certification: Fortinet Certification
Last updated on Global synchronizing
Cause all that matters here is passing exam with . Cause all that you need is a high score of . The only one thing you need to do is downloading free now. We will not let you down with our money-back guarantee.
Free demo questions for Fortinet NSE4-5.4 Exam Dumps Below:
NEW QUESTION 1
An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices.
Which configuration steps must be performed on both units to support this scenario? (Choose three.)
- A. Define the phase 2 parameters.
- B. Set the phase 2 encapsulation method to transport mode.
- C. Define at least one firewall policy, with the action set to IPsec.
- D. Define a route to the remote network over the IPsec tunnel.
- E. Define the phase 1 parameters, without enabling IPsec interface mode.
NEW QUESTION 2
Which of the following statements about central NAT are true? (Choose two.)
- A. IP tool references must be removed from existing firewall policies before enabling central NAT.
- B. Central NAT can be enabled or disabled from the CLI only.
- C. Source NAT, using central NAT, requires at least one central SNAT policy.
- D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewallpolicy.
NEW QUESTION 3
What determines whether a log message is generated or not?
- A. Firewall policy setting
- B. Log Settings in the GUI
- C. 'config log' command in the CLI
- D. Syslog
- E. Webtrends
NEW QUESTION 4
In FortiOS session table output, what are the two possible `proto_state' values for a UDP session?
- A. 00
- B. 11
- C. 01
- D. 05
NEW QUESTION 5
Which statements about IP-based explicit proxy authentication are true? (Choose two.)
- A. IP-based authentication is best suited to authenticating users behind a NAT device.
- B. Sessions from the same source address are treated as a single user.
- C. IP-based authentication consumes less FortiGate’s memory than session-based authentication.
- D. FortiGate remembers authenticated sessions using browser cookies.
NEW QUESTION 6
Which of the following statements regarding the firewall policy authentication timeout is true?
- A. The authentication timeout is an idle timeout.This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source IP.
- B. The authentication timeout is a hard timeout.This means that the FortiGate unit will remove the temporary policy for this user's source IP after this timer has expired.
- C. The authentication timeout is an idle timeout.This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source MAC.
- D. The authentication timeout is a hard timeout.This means that the FortiGate unit will remove the temporary policy for this user's source MAC after this timer has expired.
NEW QUESTION 7
Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.
- A. Policy-based only.
- B. Route-based only.
- C. Either policy-based or route-based VPN.
- D. GRE-based only.
NEW QUESTION 8
In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the
Firewall, which of the following statements describes the action taken on traffic?
- A. The traffic is blocked.
- B. The traffic is passed.
- C. The traffic is passed and logged.
- D. The traffic is blocked and logged.
NEW QUESTION 9
Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)
- A. DHCP
- B. BOOTP
- C. DNS
- D. IPv6 auto configuration
NEW QUESTION 10
When configuring a server load balanced virtual IP, which of the following is the best distribution
algorithm to be used in applications where the same physical destination server must be maintained between sessions?
- A. Static
- B. Round robin
- C. Weighted round robin
- D. Least connected
NEW QUESTION 11
An Internet browser is using the WPAD DNS method to discover the PAC file's URL. The DNS server
replies to the browser's request with the IP address 10.100.1.10. Which URL will the browser use to download the PAC file?
- A. http://10.100.1.10/proxy.pac
- B. https://10.100.1.10/
- C. http://10.100.1.10/wpad.dat
- D. https://10.100.1.10/proxy.pac
NEW QUESTION 12
A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is
correct regarding multiple VDOMs?
- A. The FortiGate must be a model 1000 or above to support multiple VDOMs.
- B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled.
- C. Changing the operational mode of a VDOM requires a reboot of the FortiGate.
- D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes.
NEW QUESTION 13
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the
- A. Packet encryption
- B. MIB-based report uploads
- C. SNMP access limits through access lists
- D. Running SNMP service on a non-standard port is possible
NEW QUESTION 14
Which component of FortiOS performs application control inspection?
- A. Kernel
- B. Antivirus engine
- C. IPS engine
- D. Application control engine
NEW QUESTION 15
What is the FortiGate password recovery process?
- A. Interrupt boot sequence, modify the boot registry and reboo
- B. After changing the password, reset the boot registry.
- C. Log in through the console port using the ''maintainer'' account within several seconds of physically power cycling the FortiGate.
- D. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password.
- E. Interrupt the boot sequence and restore a configuration file for which the password has been modified.
NEW QUESTION 16
Which of the following Session TTL values will take precedence?
- A. Session TTL specified at the system level for that port number
- B. Session TTL specified in the matching firewall policy
- C. Session TTL dictated by the application control list associated with the matching firewall policy
- D. The default session TTL specified at the system level
NEW QUESTION 17
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit.
The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
Based on the output from these commands, which of the following is a possible cause of the problem?
- A. The FortiGate unit has no route back to the PC.
- B. The PC has an IP address in the wrong subnet.
- C. The PC is using an incorrect default gateway IP address.
- D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.
P.S. Certleader now are offering 100% pass ensure NSE4-5.4 dumps! All NSE4-5.4 exam questions have been updated with correct answers: https://www.certleader.com/NSE4-5.4-dumps.html (576 New Questions)