Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE4-5.4

Fortinet NSE4-5.4 Exam Practice Questions (P. 5)

  • Full Access (575 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
How does FortiGate verify the login credentials of a remote LDAP user?
  1. A
    FortiGate sends the user entered credentials to the LDAP server for authentication.
  2. B
    FortiGate re-generates the algorithm based on the login credentials and compares it against the algorithm stored on the LDAP server.
  3. C
    FortiGate queries its own database for credentials.
  4. D
    FortiGate queries the LDAP server for credentials.

Correct Answer:
A

Question #42
An administrator has enabled proxy-based antivirus scanning and configured the following settings:

Which statement about the above configuration is true?
  1. A
    Files bigger than 10 MB are not scanned for viruses and will be blocked.
  2. B
    FortiGate scans only the first 10 MB of any file.
  3. C
    Files bigger than 10 MB are sent to the heuristics engine for scanning.
  4. D
    FortiGate scans the files in chunks of 10 MB.

Correct Answer:
A

Question #43
Examine this output from the diagnose sys top command:

Which statements about the output are true? (Choose two.)
  1. A
    sshd is the process consuming most memory
  2. B
    sshd is the process consuming most CPU
  3. C
    All the processes listed are in sleeping state
  4. D
    The sshd process is using 123 pages of memory

Correct Answer:
BC

Question #44
An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?
  1. A
    In an IPS sensor
  2. B
    In an interface.
  3. C
    In a DoS policy.
  4. D
    In an application control profile.

Correct Answer:
A
I create a custom signature then I try to add and appear only in IPS sensor.

Question #45
An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?
  1. A
    Non-recursive
  2. B
    Recursive
  3. C
    Forward to primary and secondary DNS
  4. D
    Forward to system DNS

Correct Answer:
B

Question #46
Which statements about high availability (HA) for FortiGates are true? (Choose two.)
  1. A
    Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
  2. B
    Heartbeat interfaces are not required on the primary device.
  3. C
    HA management interface settings are synchronized between cluster members.
  4. D
    Sessions handled by UTM proxy cannot be synchronized.

Correct Answer:
AC

Question #47
Which of the following statements about central NAT are true? (Choose two.)
  1. A
    IP tool references must be removed from existing firewall policies before enabling central NAT.
  2. B
    Central NAT can be enabled or disabled from the CLI only.
  3. C
    Source NAT, using central NAT, requires at least one central SNAT policy.
  4. D
    Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.

Correct Answer:
AB

Question #48
Which statement about the FortiGuard services for the FortiGate is true?
  1. A
    Antivirus signatures are downloaded locally on the FortiGate.
  2. B
    FortiGate downloads IPS updates using UDP port 53 or 8888.
  3. C
    FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.
  4. D
    The web filtering database is downloaded locally on the FortiGate.

Correct Answer:
A

Question #49
Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)
  1. A
    The antivirus engine starts scanning a file after the last packet arrives.
  2. B
    It does not support FortiSandbox inspection.
  3. C
    FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.
  4. D
    It uses the compact antivirus database.

Correct Answer:
AC

Question #50
An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?
  1. A
    A phase 2 configuration is not required.
  2. B
    This VPN cannot be used as part of a hub and spoke topology.
  3. C
    The IPsec firewall policies must be placed at the top of the list.
  4. D
    A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

Correct Answer:
D

Previous Questions Next Questions

All Pages