Tested NSE4-5.4 Exam Questions and Answers 2021

NEW QUESTION 1
Which of the following options can you use to update the virus definitions on a FortiGate unit? (Select all that apply.)

• A. Push update.
• B. Scheduled update
• C. Manual update
• D. FTP update

Answer: ABC

NEW QUESTION 2
When does a FortiGate load-share traffic between two static routes to the same destination subnet?

• A. When they have the same cost and distance.
• B. When they have the same distance and the same weight.
• C. When they have the same distance and different priority.
• D. When they have the same distance and same priority.

Answer: D

NEW QUESTION 3
Which statements are correct regarding virtual domains (VDOMs)? (Choose two.)

• A. VDOMs divide a single FortiGate unit into two or more virtual units that each have dedicated memory and CPUs.
• B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
• C. VDOMs share firmware versions, as well as antivirus and IPS databases.
• D. Different time zones can be configured in each VDOM.

Answer: BC

NEW QUESTION 4
Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

• A. The remote gateway IP must be an IPv6 address.
• B. The source quick mode selector must be an IPv4 address.
• C. The local gateway IP must an IPv4 address.
• D. The destination quick mode selector must be an IPv6 address.

Answer: CD

NEW QUESTION 5
Which of the following statements are correct regarding Application Control?

• A. Application Control is based on the IPS engine.
• B. Application Control is based on the AV engine.
• C. Application Control can be applied to SSL encrypted traffic.
• D. Application Control cannot be applied to SSL encrypted traffic.

Answer: AC

NEW QUESTION 6
Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup
tunnels?

• A. The FortiGate is able to handle NATed connections only with aggressive mode.
• B. FortiClient only supports aggressive mode.
• C. The remote peers are able to provide their peer IDs in the first message with aggressive mode.
• D. Main mode does not support XAuth for user authentication.

Answer: C

NEW QUESTION 7
What is not true of configuring disclaimers on the FortiGate?

• A. Disclaimers can be used in conjunction with captive portal.
• B. Disclaimers appear before users authenticate.
• C. Disclaimers can be bypassed through security exemption lists.
• D. Disclaimers must be accepted in order to continue to the authentication login or originally intended destination.

Answer: C

NEW QUESTION 8
Which IPsec mode includes the peer id information in the first packet?

• A. Main mode.
• B. Quick mode.
• C. Aggressive mode.
• D. IKEv2 mode.

Answer: C

NEW QUESTION 9
Which of the following statements are correct concerning the FortiGate session life support protocol? (Choose two)

• A. By default, UDP sessions are not synchronized.
• B. Up to four FortiGate devices in standalone mode are supported.
• C. only the master unit handles the traffic.
• D. Allows per-VDOM session synchronization.

Answer: AD

NEW QUESTION 10
View the exhibit.

Which users and user groups are allowed access to the network through captive portal?

• A. Only individual users–not groups–defined in the captive portal configuration.
• B. Groups defined in the captive portal configuration
• C. All users
• D. Users and groups defined in the firewall policy.

Answer: A

NEW QUESTION 11
File blocking rules are applied before which of the following?

• A. Firewall policy processing
• B. Virus scanning
• C. Web URL filtering
• D. White/Black list filtering

Answer: B

NEW QUESTION 12
Which of the following statements describe some of the differences between symmetric and asymmetric cryptography? (Choose two.)

• A. In symmetric cryptography, the keys are publicly availabl
• B. In asymmetric cryptography, the keys must be kept secret.
• C. Asymmetric cryptography can encrypt data faster than symmetric cryptography
• D. Symmetric cryptography uses one pre-shared ke
• E. Asymmetric cryptography uses a pair or keys
• F. Asymmetric keys can be sent to the remote peer via digital certificate
• G. Symmetric keys cannot

Answer: CD

NEW QUESTION 13
Which of the following statements are correct regarding FortiGate virtual domains (VDOMs)?
(Choose two)

• A. VDOMs divide a single FortiGate unit into two or more independent firewall.
• B. A management VDOM handles SNM
• C. logging, alert email and FortiGuard updates.
• D. Each VDOM can run different firmware versions.
• E. Administrative users with a 'super_admin' profile can administrate only one VDOM.

Answer: AB

NEW QUESTION 14
Which of the following statements best describe what a FortiGate does when packets match a black
hole route?

• A. Packets are dropped.
• B. Packets are routed based on the information in the policy-based routing table.
• C. An ICMP error message is sent back to the originator.
• D. Packet are routed back to the originator.

Answer: A

NEW QUESTION 15
Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.

Which of the following statements is correct regarding this output? (Select one answer).

• A. One tunnel is rekeying.
• B. Two tunnels are rekeying.
• C. Two tunnels are up.
• D. One tunnel is up.

Answer: C

NEW QUESTION 16
You are the administrator in charge of a FortiGate unit which acts as a VPN gateway.
You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions.
There is only 1 subnet at either end and the FortiGate unit already has a default route.
Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)

• A. Create one firewall policy.
• B. Create two firewall policies.
• C. Add a route for the remote subnet.
• D. Add a route for incoming traffic.
• E. Create a phase 1 definition.
• F. Create a phase 2 definition.

Answer: BCEF

NEW QUESTION 17
Examine the firewall configuration shown below; then answer the question following it.

Which of the following statements are correct based on the firewall configuration illustrated in the exhibit? (Select all that apply.)

• A. A user can access the Internet using only the protocols that are supported by user authentication.
• B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FT
• C. These require authentication before the user will be allowed access.
• D. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.
• E. A user cannot access the Internet using any protocols unless the user has passed firewall authentication.

Answer: AD

NEW QUESTION 18
Which of the following methods does the FortiGate unit use to determine the availability of a web
cache using Web Cache Communication Protocol (WCCP)?

• A. The FortiGate unit receives periodic "Here I am" messages from the web cache.
• B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.
• C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.
• D. The web cache sends an "I see you" message which is captured by the FortiGate unit.

Answer: C

NEW QUESTION 19
Examine at the output below from the diagnose sys top command:

Which statements are true regarding the output above? (Choose two.)

• A. The sshd process is the one consuming most CPU.
• B. The sshd process is using 123 pages of memory.
• C. The command diagnose sys kill miglogd will restart the miglogd process.
• D. All the processes listed are in sleeping state.

Answer: AD

NEW QUESTION 20
What is the maximum number of different virus databases a FortiGate can have?

• A. 5
• B. 2
• C. 3
• D. 4

Answer: B