NSE4-5.4 Guide

Home »

A PHP Error was encountered

Severity: Notice

Message: Undefined index: factory_url

Filename: 2passeasy.com/%%cpl%%wp_id.php

Line Number: 33

Backtrace:

File: /home/dumpskey/public_html/2passeasy.com/template/cache/compile/default/2passeasy.com/%%cpl%%wp_id.php
Line: 33
Function: _error_handler

File: /home/dumpskey/public_html/2passeasy.com/catalog/controllers/Wparticle.php
Line: 150
Function: display

File: /home/dumpskey/public_html/2passeasy.com/index.php
Line: 281
Function: require_once

/">Fortinet » NSE4-5.4

Fortinet NSE4-5.4 Exam Questions and Answers 2021

Aimersoft Editor

Posted by to Fortinet NSE4-5.4
Follow @2passeasy

for Fortinet certification, Real Success Guaranteed with Updated . 100% PASS NSE4-5.4 Fortinet Network Security Expert - FortiOS 5.4 exam Today!

Online NSE4-5.4 free questions and answers of New Version:

NEW QUESTION 1
Which is one of the conditions that must be met for offloading the encryption and decryption of
IPsec traffic to an NP6 processor?

  • A. No protection profile can be applied over the IPsec traffic.
  • B. Phase-2 anti-replay must be disabled.
  • C. Both the phase 1 and phases 2 must use encryption algorithms supported by the NP6.
  • D. IPsec traffic must not be inspected by any FortiGate session helper.

Answer: C

NEW QUESTION 2
An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?

  • A. The administrator is running the sniffer on the internal interface only.
  • B. The filter used in the sniffer matches the traffic only in one direction.
  • C. The FortiGate is doing content inspection.
  • D. TCP traffic is being offloaded to an NP6.

Answer: D

NEW QUESTION 3
Which of the following statements correctly describes the deepscan option for HTTPS?

  • A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs.
  • B. Enabling deepscan will perform further checks on the server certificate.
  • C. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked.
  • D. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection.

Answer: A

NEW QUESTION 4
Examine the following CLI configuration:
config system session-ttl set default 1800
end
What statement is true about the effect of the above configuration line?

  • A. Sessions can be idle for more than 1800 seconds.
  • B. The maximum length of time a session can be open is 1800 seconds.
  • C. After 1800 seconds, the end user must re-authenticate.
  • D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

Answer: A

NEW QUESTION 5
View the exhibit.
NSE4-5 dumps exhibit
Which of the following statements are correct? (Choose two.)

  • A. This is a redundant IPsec setup.
  • B. The TunnelB route is the primary one for searching the remote sit
  • C. The TunnelA route is used only if the TunnelB VPN is down.
  • D. This setup requires at least two firewall policies with action set to IPsec.
  • E. Dead peer detection must be disabled to support this type of IPsec setup.

Answer: AB

NEW QUESTION 6
View the exhibit.
NSE4-5 dumps exhibit
VDOM1 is operating is transparent mode VDOM2 is operating in NAT Route mode. There is an inter- VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1.
What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

  • A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.
  • B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.
  • C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.
  • D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

Answer: AC

NEW QUESTION 7
By default, the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action?

  • A. Block all network attacks.
  • B. Block the most common network attacks.
  • C. Allows all traffic
  • D. Allow and log all traffic

Answer: C

NEW QUESTION 8
Examine this output from a debug flow:
NSE4-5 dumps exhibit
Which statements about the output are correct? (Choose two.)

  • A. The packet was allowed by the firewall policy with the ID 00007fc0.
  • B. FortiGate routed the packet through port3.
  • C. FortiGate received a TCP SYN/ACK packet.
  • D. The source IP address of the packet was translated to 10.0.1.10.

Answer: BD

NEW QUESTION 9
Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.)
NSE4-5 dumps exhibit

  • A. The sensor will log all server attacks for all operating systems.
  • B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature.
  • C. The sensor will match all traffic from the address object `LINUX_SERVER'.
  • D. The sensor will reset all connections that match these signatures.
  • E. The sensor only filters which IPS signatures to apply to the selected firewall policy.

Answer: BE

NEW QUESTION 10
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then
answer the question following it.
NSE4-5 dumps exhibit
Which of the following statements correctly describes the static routing configuration provided above?

  • A. The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.
  • B. The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
  • C. The FortiGate sends all the traffic to 172.20.168.0/24 through port1.
  • D. Only the route that is using port1 will show up in the routing table.

Answer: C

NEW QUESTION 11
A FortiGate unit can scan for viruses on which types of network traffic? (Select all that apply.)

  • A. POP3
  • B. FTP
  • C. SMTP
  • D. SNMP
  • E. NetBios

Answer: ABC

NEW QUESTION 12
How can you format the FortiGate flash disk?

  • A. Load the hardware test (HQIP) image.
  • B. Execute the CLI command execute formatlogdisk.
  • C. Load a debug FortiOS image.
  • D. Select the format boot device option from the BIOS menu.

Answer: D

NEW QUESTION 13
An administrator has formed a high availability cluster involving two FortiGate units.
[ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ]
The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.
Which of the following options describes the best step the administrator can take? The administrator should .

  • A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode.
  • B. Enable monitoring of all active interfaces.
  • C. Set up a full-mesh design which uses redundant interfaces.
  • D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted

Answer: C

NEW QUESTION 14
Which statement is correct concerning creating a custom signature?

  • A. It must start with the name
  • B. It must indicate whether the traffic flow is from the client or the server.
  • C. It must specify the protoco
  • D. Otherwise, it could accidentally match lower-layer protocols.
  • E. It is not supported by Fortinet Technical Support.

Answer: A

NEW QUESTION 15
Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing
decision when using policy-based routing? (Choose three)

  • A. Source IP address.
  • B. TCP flags
  • C. Source TCP/UDP ports
  • D. Type of service.
  • E. Checksum

Answer: ACD

NEW QUESTION 16
Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose
three.)

  • A. IP address pool.
  • B. Virtual IP address.
  • C. IP address.
  • D. IP address group.
  • E. MAC address

Answer: BCD

NEW QUESTION 17
A FortiClient fails to establish a VPN tunnel with a FortiGate unit. The following information is displayed in the FortiGate unit logs:
NSE4-5 dumps exhibit
Which of the following statements is a possible cause for the failure to establish the VPN tunnel?

  • A. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.
  • B. There is no IPSec firewall policy configured for the policy-based VPN.
  • C. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.
  • D. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.

Answer: A

NEW QUESTION 18
What attributes are always included in a log header? (Choose three.)

  • A. policyid
  • B. level
  • C. user
  • D. time
  • E. subtype
  • F. duration

Answer: BDE

NEW QUESTION 19
Which of the following statements are correct concerning IKE mode config? (Choose two)

  • A. It can dynamically assign IP addresses to IPsec VPN clients.
  • B. It can dynamically assign DNS settings to IPsec VPN clients.
  • C. It uses the ESP protocol.
  • D. It can be enabled in the phase 2 configuration.

Answer: AB

NEW QUESTION 20
Which of the following are possible actions for FortiGuard web category filtering? (Choose three.)

  • A. Allow
  • B. Block
  • C. Exempt
  • D. Warning
  • E. Shape

Answer: ABD

P.S. Certleader now are offering 100% pass ensure NSE4-5.4 dumps! All NSE4-5.4 exam questions have been updated with correct answers: https://www.certleader.com/NSE4-5.4-dumps.html (576 New Questions)


To know more about the NSE4-5.4, click here.

Tagged as : Fortinet NSE4-5.4 Dumps, Download NSE4-5.4 pdf, NSE4-5.4 VCE, NSE4-5.4 pass4sure, examcollection NSE4-5.4