Fortinet NSE4-5.4 Dumps Questions 2021

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE4-5.4 Exam Dumps (PDF & VCE):
Available on:

NSE4-5.4 Product Description:
Exam Number/Code: NSE4-5.4 vce
Exam name: Fortinet Network Security Expert - FortiOS 5.4
n questions with full explanations
Certification: Fortinet Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Fortinet NSE4-5.4 Fortinet Network Security Expert - FortiOS 5.4

NSE4-5.4 examcollection

Cause all that matters here is passing exam with . Cause all that you need is a high score of . The only one thing you need to do is downloading free now. We will not let you down with our money-back guarantee.

Free demo questions for Fortinet NSE4-5.4 Exam Dumps Below:

An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices.
Which configuration steps must be performed on both units to support this scenario? (Choose three.)

  • A. Define the phase 2 parameters.
  • B. Set the phase 2 encapsulation method to transport mode.
  • C. Define at least one firewall policy, with the action set to IPsec.
  • D. Define a route to the remote network over the IPsec tunnel.
  • E. Define the phase 1 parameters, without enabling IPsec interface mode.

Answer: ACE

Which of the following statements about central NAT are true? (Choose two.)

  • A. IP tool references must be removed from existing firewall policies before enabling central NAT.
  • B. Central NAT can be enabled or disabled from the CLI only.
  • C. Source NAT, using central NAT, requires at least one central SNAT policy.
  • D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewallpolicy.

Answer: AB

What determines whether a log message is generated or not?

  • A. Firewall policy setting
  • B. Log Settings in the GUI
  • C. 'config log' command in the CLI
  • D. Syslog
  • E. Webtrends

Answer: A

In FortiOS session table output, what are the two possible `proto_state' values for a UDP session?
(Choose two.)

  • A. 00
  • B. 11
  • C. 01
  • D. 05

Answer: AC

Which statements about IP-based explicit proxy authentication are true? (Choose two.)

  • A. IP-based authentication is best suited to authenticating users behind a NAT device.
  • B. Sessions from the same source address are treated as a single user.
  • C. IP-based authentication consumes less FortiGate’s memory than session-based authentication.
  • D. FortiGate remembers authenticated sessions using browser cookies.

Answer: BC

Which of the following statements regarding the firewall policy authentication timeout is true?

  • A. The authentication timeout is an idle timeout.This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source IP.
  • B. The authentication timeout is a hard timeout.This means that the FortiGate unit will remove the temporary policy for this user's source IP after this timer has expired.
  • C. The authentication timeout is an idle timeout.This means that the FortiGate unit will consider a user to be "idle" if it does not see any packets coming from the user's source MAC.
  • D. The authentication timeout is a hard timeout.This means that the FortiGate unit will remove the temporary policy for this user's source MAC after this timer has expired.

Answer: A

Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.

  • A. Policy-based only.
  • B. Route-based only.
  • C. Either policy-based or route-based VPN.
  • D. GRE-based only.

Answer: B

In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the
Firewall, which of the following statements describes the action taken on traffic?

  • A. The traffic is blocked.
  • B. The traffic is passed.
  • C. The traffic is passed and logged.
  • D. The traffic is blocked and logged.

Answer: A

Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)

  • A. DHCP
  • B. BOOTP
  • C. DNS
  • D. IPv6 auto configuration

Answer: AC

When configuring a server load balanced virtual IP, which of the following is the best distribution
algorithm to be used in applications where the same physical destination server must be maintained between sessions?

  • A. Static
  • B. Round robin
  • C. Weighted round robin
  • D. Least connected

Answer: A

An Internet browser is using the WPAD DNS method to discover the PAC file's URL. The DNS server
replies to the browser's request with the IP address Which URL will the browser use to download the PAC file?

  • A.
  • B.
  • C.
  • D.

Answer: C

A FortiGate is configured with three virtual domains (VDOMs). Which of the following statements is
correct regarding multiple VDOMs?

  • A. The FortiGate must be a model 1000 or above to support multiple VDOMs.
  • B. A license has to be purchased and applied to the FortiGate before VDOM mode could be enabled.
  • C. Changing the operational mode of a VDOM requires a reboot of the FortiGate.
  • D. The FortiGate supports any combination of VDOMs in NAT/Route and transparent modes.

Answer: D

Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the
FortiGate unit?

  • A. Packet encryption
  • B. MIB-based report uploads
  • C. SNMP access limits through access lists
  • D. Running SNMP service on a non-standard port is possible

Answer: A

Which component of FortiOS performs application control inspection?

  • A. Kernel
  • B. Antivirus engine
  • C. IPS engine
  • D. Application control engine

Answer: C

What is the FortiGate password recovery process?

  • A. Interrupt boot sequence, modify the boot registry and reboo
  • B. After changing the password, reset the boot registry.
  • C. Log in through the console port using the ''maintainer'' account within several seconds of physically power cycling the FortiGate.
  • D. Hold down the CTRL + Esc (Escape) keys during reboot, then reset the admin password.
  • E. Interrupt the boot sequence and restore a configuration file for which the password has been modified.

Answer: B

Which of the following Session TTL values will take precedence?

  • A. Session TTL specified at the system level for that port number
  • B. Session TTL specified in the matching firewall policy
  • C. Session TTL dictated by the application control list associated with the matching firewall policy
  • D. The default session TTL specified at the system level

Answer: C

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit.
The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
NSE4-5 dumps exhibit
Based on the output from these commands, which of the following is a possible cause of the problem?

  • A. The FortiGate unit has no route back to the PC.
  • B. The PC has an IP address in the wrong subnet.
  • C. The PC is using an incorrect default gateway IP address.
  • D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.

Answer: D

P.S. Certleader now are offering 100% pass ensure NSE4-5.4 dumps! All NSE4-5.4 exam questions have been updated with correct answers: (576 New Questions)