Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 91:

  View the example routing table.

  

  Which route will be selected when trying to reach 10.20.30.254?

  A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2

  B. The traffic will be dropped because it cannot be routed.

  C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3

  D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1

  Correct Answer: C

• Question 92:

  Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)

  A. The collector agent does not need to search any security event logs.

  B. WMI polling can increase bandwidth usage with large networks.

  C. The NetSessionEnum function is used to track user logoffs.

  D. The collector agent uses a Windows API to query DCs for user logins.

  Correct Answer: BD

• Question 93:

  An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive. Which statements are true? (Choose two.)

  A. Logs must be stored on FortiGate first, before transmitting to FortiAnalyzer

  B. FortiGate uses port 8080 for log transmission

  C. Log messages are transmitted as plain text in LZ4 compressed format (store-and-upload method).

  D. FortiGate can encrypt communications using SSL encrypted OFTP traffic.

  Correct Answer: AC

• Question 94:

  View the exhibit.

  

  

  Which of the following statements are correct? (Choose two.)

  A. This is a redundant IPsec setup.

  B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

  C. This setup requires at least two firewall policies with action set to IPsec.

  D. Dead peer detection must be disabled to support this type of IPsec setup.

  Correct Answer: AB

• Question 95:

  Which statements about DNS filter profiles are true? (Choose two.)

  A. They can inspect HTTP traffic.

  B. They must be applied in firewall policies with SSL inspection enabled.

  C. They can block DNS request to known botnet command and control servers.

  D. They can redirect blocked requests to a specific portal.

  Correct Answer: CD

• Question 96:

  The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members.

  

  What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.)

  A. Port3 is configured with an IP address for management access.

  B. The firewall rules are purged on the disconnected unit.

  C. The HA mode changes to standalone.

  D. The system hostname is set to the unit serial number.

  Correct Answer: AC

• Question 97:

  Which firewall objects can be included in the Destination Address field of a firewall policy? (Choose three.)

  A. IP address pool.

  B. Virtual IP address.

  C. IP address.

  D. IP address group.

  E. MAC address

  Correct Answer: BCD

• Question 98:

  Which header field can be used in a firewall policy for traffic matching?

  A. ICMP type and code.

  B. DSCP.

  C. TCP window size.

  D. TCP sequence number.

  Correct Answer: A

• Question 99:

  The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?

  A. set order

  B. edit policy

  C. reorder

  D. move

  Correct Answer: D

• Question 100:

  Examine the following CLI configuration:

  config system session-ttl set default 1800 end

  What statement is true about the effect of the above configuration line?

  A. Sessions can be idle for more than 1800 seconds.

  B. The maximum length of time a session can be open is 1800 seconds.

  C. After 1800 seconds, the end user must re-authenticate.

  D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

  Correct Answer: A