Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE4-5.4

Fortinet NSE4-5.4 Exam Practice Questions (P. 4)

  • Full Access (575 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
Which statements about application control are true? (Choose two.)
  1. A
    Enabling application control profile in a security profile enables application control for all the traffic flowing through the FortiGate.
  2. B
    It cannot take an action on unknown applications.
  3. C
    It can inspect encrypted traffic.
  4. D
    It can identify traffic from known applications, even when they are using non-standard TCP/UDP ports.

Correct Answer:
CD

Question #32
View the exhibit.

The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?
  1. A
    Execute another sniffer in the FortiGate, this time with the filter ג€host 10.0.1.10ג€.
  2. B
    Run a sniffer in the web server.
  3. C
    Capture the traffic using an external sniffer connected to port1.
  4. D
    Execute a debug flow.

Correct Answer:
B

Question #33
Which of the following statements about NTLM authentication are correct? (Choose two.)
  1. A
    It is useful when users log in to DCs that are not monitored by a collector agent.
  2. B
    It takes over as the primary authentication method when configured alongside FSSO.
  3. C
    Multi-domain environments require DC agents on every domain controller.
  4. D
    NTLM-enabled web browsers are required.

Correct Answer:
AD

Question #34
What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?
  1. A
    IPv6-over-IPv4 IPsec
  2. B
    NAT64
  3. C
    IPv4-over-IPv6 IPsec
  4. D
    NAT66

Correct Answer:
B
Reference:
http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Concepts/NAT%2064%20and%20NAT46.htm

Question #35
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
  1. A
    It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  2. B
    ADVPN is only supported with IKEv2.
  3. C
    Tunnels are negotiated dynamically between spokes.
  4. D
    Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Correct Answer:
AC

Question #36
View the exhibit.

Which statements about the exhibit are true? (Choose two.)
  1. A
    port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
  2. B
    port1-VLAN1 is the native VLAN for the port1 physical interface.
  3. C
    Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
  4. D
    Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

Correct Answer:
AD

Question #37
Which statement about the firewall policy authentication timeout is true?
  1. A
    It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this times expires.
  2. B
    It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this times expires.
  3. C
    It is an idle timeout. The FortiGate considers a user to be idle if it does not see any packets coming from the user's source MAC address.
  4. D
    It is an idle timeout. The FortiGate considers a user to be idle if it does not see any packets coming from the user's source IP.

Correct Answer:
D

Question #38
Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)
  1. A
    Trusted host
  2. B
    HTTPS
  3. C
    Trusted authentication
  4. D
    SSH
  5. E
    FortiTelemetry

Correct Answer:
ABD

Question #39
If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?
  1. A
    It blocks all future traffic for that IP address for a configured interval.
  2. B
    It archives the data for that IP address.
  3. C
    It provides a DLP block replacement page with a link to download the file.
  4. D
    It notifies the administrator by sending an email.

Correct Answer:
A

Question #40
How can a browser trust a web-server certificate signed by a third party CA?
  1. A
    The browser must have the CA certificate that signed the web-server certificate installed.
  2. B
    The browser must have the web-server certificate installed.
  3. C
    The browser must have the private key of CA certificate that signed the web-browser certificate installed.
  4. D
    The browser must have the public key of the web-server certificate installed.

Correct Answer:
A

Previous Questions Next Questions

All Pages