NSE4-5.4 Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE4-5.4 Online Questions & Answers

  • Question 1:

    Which of the following statements is correct based on the firewall configuration illustrated in the exhibit?

    A. A user can access the Internet using only the protocols that are supported by user authentication.
    B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access.
    C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.
    D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication.

  • Question 2:

    SSL content inspection is enabled on the FortiGate unit. Which of the following steps is required to prevent a user from being presented with a web browser warning when accessing an SSL- encrypted website?

    A. The root certificate of the FortiGate SSL proxy must be imported into the local certificate store on the user's workstation.
    B. Disable the strict server certificate check in the web browser under Internet Options.
    C. Enable transparent proxy mode on the FortiGate unit.
    D. Enable NTLM authentication on the FortiGate unit. NTLM authentication suppresses the certificate warning messages in the web browser.

  • Question 3:

    Which of the following cannot be used in conjunction with the endpoint compliance check?

    A. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.
    B. Any form of firewall policy authentication.
    C. WAN optimization.
    D. Traffic shaping.

  • Question 4:

    An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?

    A. Non-recursive
    B. Recursive
    C. Forward to primary and secondary DNS
    D. Forward to system DNS

  • Question 5:

    What FortiGate feature can be used to block a ping sweep scan from an attacker?

    A. Web application firewall (WAF)
    B. Rate based IPS signatures
    C. One-arm sniffer
    D. DoS policies

  • Question 6:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

    A. The FortiGate unit's public IP address
    B. The FortiGate unit's internal IP address
    C. The remote user's virtual IP address
    D. The remote user's public IP address

  • Question 7:

    Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

    The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.

    The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

    A. 10.200.1.1
    B. 10.0.1.254
    C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24
    D. 10.200.1.10

  • Question 8:

    Which of the following statements about NTLM authentication are correct? (Choose two.)

    A. It is useful when users log in to DCs that are not monitored by a collector agent.
    B. It takes over as the primary authentication method when configured alongside FSSO.
    C. Multi-domain environments require DC agents on every domain controller.
    D. NTLM-enabled web browsers are required.

  • Question 9:

    On your FortiGate 60D, you've configured firewall policies. They port forward traffic to your Linux Apache web server. Select the best way to protect your web server by using the IPS engine.

    A. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications. Configured DLP to block HTTP GET request with credit card numbers.
    B. Enable IPS signatures for Linux servers with HTTP, TCP and SSL protocols and Apache applications. Configure DLP to block HTTP GET with credit card numbers. Also configure a DoS policy to prevent TCP SYn floods and port scans.
    C. None. FortiGate 60D is a desktop model, which does not support IPS.
    D. Enable IPS signatures for Linux and windows servers with FTP, HTTP, TCP, and SSL protocols and Apache and PHP applications.

  • Question 10:

    You have created a new administrator account, and assign it the prof_admin profile. Which is false about that account's permissions?

    A. It cannot upgrade or downgrade firmware.
    B. It can create and assign administrator accounts to parts of its own VDOM.
    C. It can reset forgotten passwords for other administrator accounts such as "admin".
    D. It has a smaller permissions scope than accounts with the "super_admin" profile.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.