Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE4-5.4

Fortinet NSE4-5.4 Exam Practice Questions (P. 3)

  • Full Access (575 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.
What is required in the SSL VPN configuration to meet these requirements?
  1. A
    Two separated SSL VPNs in different interfaces of the same VDOM
  2. B
    Different SSL VPN realms for each group
  3. C
    Different virtual SSLVPN IP addresses for each group
  4. D
    Two firewall policies with different captive portals

Correct Answer:
B

Question #22
Examine the routing database.

Which of the following statements are correct? (Choose two.)
  1. A
    The port3 default route has the lowest metric, making it the best route.
  2. B
    There will be eight routes active in the routing table.
  3. C
    The port3 default has a higher distance than the port1 and port2 default routes.
  4. D
    Both port1 and port2 default routers are active in the routing table.

Correct Answer:
CD

Question #23
View the exhibit.

When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?
  1. A
    The user is required to authenticate before accessing sites with untrusted SSL certificates.
  2. B
    The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.
  3. C
    The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.
  4. D
    The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).

Correct Answer:
B

Question #24
View the exhibit.

When Role is set to Undefined, which statement is true?
  1. A
    The GUI provides all the configuration options available for the port1 interface.
  2. B
    You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.
  3. C
    Firewall policies can be created from only the port1 interface to any interface.
  4. D
    The port1 interface is reserved for management only.

Correct Answer:
A

Question #25
Which statement is true regarding the policy ID numbers of firewall policies?
  1. A
    Change when firewall policies are re-ordered.
  2. B
    Defines the order in which rules are processed.
  3. C
    Are required to modify a firewall policy from the CLI.
  4. D
    Represent the number of objects used in the firewall policy.

Correct Answer:
C
The ID no change when re-ordered and the rules are processed to top to bottom not by ID.

Question #26
An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?
  1. A
    Disabling split tunneling
  2. B
    Configuring web bookmarks
  3. C
    Assigning public IP addresses to SSL VPN clients
  4. D
    Using web-only mode

Correct Answer:
A

Question #27
Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)
  1. A
    TCP SYN proxy
  2. B
    SIP session helper
  3. C
    Proxy-based antivirus
  4. D
    Attack signature matching
  5. E
    Flow-based web filtering

Correct Answer:
CDE

Question #28
An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?
  1. A
    Both interfaces must be in different VDOMs
  2. B
    Both interfaces must have the same VLAN ID.
  3. C
    The role of the VLAN10 interface must be set to server.
  4. D
    Both interfaces must belong to the same forward domain.

Correct Answer:
D


Question #29
View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?
  1. A
    Addicting.Games is allowed based on the Application Overrides configuration.
  2. B
    Addicting.Games is blocked based on the Filter Overrides configuration.
  3. C
    Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
  4. D
    Addicting.Games is allowed based on the Categories configuration.

Correct Answer:
A

Question #30
What are the purposes of NAT traversal in IPsec? (Choose two.)
  1. A
    To detect intermediary NAT devices in the tunnel path.
  2. B
    To encapsulate ESP packets in UDP packets using port 4500.
  3. C
    To force a new DH exchange with each phase 2 re-key
  4. D
    To dynamically change phase 1 negotiation mode to Aggressive.

Correct Answer:
AB

Previous Questions Next Questions

All Pages