Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE4-5.4

Fortinet NSE4-5.4 Exam Practice Questions (P. 1)

  • Full Access (575 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
A FortiGate interface is configured with the following commands:

What statements about the configuration are correct? (Choose two.)
  1. A
    IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.
  2. B
    FortiGate can provide DNS settings to IPv6 clients.
  3. C
    FortiGate can send IPv6 router advertisements (RAs.)
  4. D
    FortiGate can provide IPv6 addresses to DHCPv6 client.

Correct Answer:
AC

Question #2
Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.)
  1. A
    SP3
  2. B
    CP8
  3. C
    NP4
  4. D
    NP6

Correct Answer:
AB

Question #3
Under what circumstance would you enable LEARN as the Action on a firewall policy?
  1. A
    You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.
  2. B
    You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.
  3. C
    You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.
  4. D
    You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.

Correct Answer:
C

Question #4
What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
  1. A
    Code blocks
  2. B
    SMS phone message
  3. C
    FortiToken
  4. D
    Browser pop-up window
  5. E
    Email

Correct Answer:
BCE

Question #5
You are tasked to architect a new IPsec deployment with the following criteria:
- There are two HQ sites that all satellite offices must connect to.
- The satellite offices do not need to communicate directly with other satellite offices.
- No dynamic routing will be used.
- The design should minimize the number of tunnels being configured.
Which topology should be used to satisfy all of the requirements?
  1. A
    Redundant
  2. B
    Hub-and-spoke
  3. C
    Partial mesh
  4. D
    Fully meshed

Correct Answer:
B

Question #6
View the exhibit.


Which of the following statements are correct? (Choose two.)
  1. A
    This is a redundant IPsec setup.
  2. B
    The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
  3. C
    This setup requires at least two firewall policies with action set to IPsec.
  4. D
    Dead peer detection must be disabled to support this type of IPsec setup.

Correct Answer:
AB

Question #7
Which statements about DNS filter profiles are true? (Choose two.)
  1. A
    They can inspect HTTP traffic.
  2. B
    They must be applied in firewall policies with SSL inspection enabled.
  3. C
    They can block DNS request to known botnet command and control servers.
  4. D
    They can redirect blocked requests to a specific portal.

Correct Answer:
CD

Question #8
An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive. Which statements are true? (Choose two.)
  1. A
    Logs must be stored on FortiGate first, before transmitting to FortiAnalyzer
  2. B
    FortiGate uses port 8080 for log transmission
  3. C
    Log messages are transmitted as plain text in LZ4 compressed format (store-and-upload method).
  4. D
    FortiGate can encrypt communications using SSL encrypted OFTP traffic.

Correct Answer:
AC

Question #9
Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)
  1. A
    The collector agent does not need to search any security event logs.
  2. B
    WMI polling can increase bandwidth usage with large networks.
  3. C
    The NetSessionEnum function is used to track user logoffs.
  4. D
    The collector agent uses a Windows API to query DCs for user logins.

Correct Answer:
BD

Question #10
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
  1. A
    The interface has been configured for one-arm sniffer.
  2. B
    The interface is a member of a virtual wire pair.
  3. C
    The operation mode is transparent.
  4. D
    The interface is a member of a zone.
  5. E
    Captive portal is enabled in the interface.

Correct Answer:
ABC

Next Questions

All Pages