1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

NSE4-5.4 Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE4-5.4 Online Questions & Answers

  • Question 121:

    Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?

    A. The FortiGate unit receives periodic "Here I am" messages from the web cache.
    B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.
    C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.
    D. The web cache sends an "I see you" message which is captured by the FortiGate unit.

  • Question 122:

    Which of the following statements is true regarding a FortiGate device operating in transparent mode? (Choose three.)

    A. It acts as a layer 2 bridge
    B. It acts as a layer 3 router
    C. It forwards frames using the destination MAC address.
    D. It forwards packets using the destination IP address.
    E. It can perform content inspection (antivirus, web filtering, etc)

  • Question 123:

    An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel. Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet?

  • Question 124:

    How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side?

    A. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface.
    B. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit's kernel routing table.
    C. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit.
    D. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy.

  • Question 125:

    In "diag debug flow" output, you see the message "Allowed by Policy-1: SNAT". Which is true?

    A. The packet matched the topmost policy in the list of firewall policies.
    B. The packet matched the firewall policy whose policy ID is 1.
    C. The packet matched a firewall policy, which allows the packet and skips UTM checks
    D. The policy allowed the packet and applied session NAT.

  • Question 126:

    An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

    A. In an IPS sensor
    B. In an interface.
    C. In a DoS policy.
    D. In an application control profile.

  • Question 127:

    Which is true of FortiGate's session table?

    A. NAT/PAT is shown in the central NAT table, not the session table.
    B. It shows TCP connection states.
    C. It shows IP, SSL, and HTTP sessions.
    D. It does not show UDP or ICMP connection state codes, because those protocols are connectionless.

  • Question 128:

    A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

    Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Choose three.)

    A. The administrator can configure inter-VDOM links to avoid using external interfaces and routers.
    B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links.
    C. This configuration requires a router to be positioned between the FortiGate unit and the Internet for proper routing.
    D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.
    E. As each VDOM has an independent routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.

  • Question 129:

    An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?

    A. Disabling split tunneling
    B. Configuring web bookmarks
    C. Assigning public IP addresses to SSL VPN clients
    D. Using web-only mode

  • Question 130:

    Which statement is not correct regarding SSL VPN Tunnel mode?

    A. IP traffic is encapsulated over HTTPS.
    B. The standalone FortiClient SSL VPN client can be used to establish a Tunnel mode SSL VPN.
    C. A limited amount of IP applications are supported.
    D. The FortiGate device will dynamically assign an IP address to the SSL VPN network adapter.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.