Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

Fortinet NSE4-5.4 Online Questions & Answers

• Question 131:

  Examine the following output from the diagnose sys session list command:

  

  Which statements are true regarding the session above? (Choose two.)

  A. Session Time-To-Live (TTL) was configured to 9 seconds.
  B. FortiGate is doing NAT of both the source and destination IP addresses on all packets coming from the 192.168.1.110 address.
  C. The IP address 192.168.1.110 is being translated to 172.17.87.16.
  D. The FortiGate is not translating the TCP port numbers of the packets in this session.
  C. The IP address 192.168.1.110 is being translated to 172.17.87.16.
  D. The FortiGate is not translating the TCP port numbers of the packets in this session.

• Question 132:

  What are the requirements for a HA cluster to maintain TCP connections after device or link failover? (Choose two.)

  A. Enable session pick-up.
  B. Enable override.
  C. Connections must be UDP or ICMP.
  D. Connections must not be handled by a proxy.
  A. Enable session pick-up.
  D. Connections must not be handled by a proxy.

• Question 133:

  Which are valid replies from a RADIUS server to an ACCESS-REQUEST packet from a FortiGate? (Choose two.)

  A. ACCESS-CHALLENGE
  B. ACCESS-RESTRICT
  C. ACCESS-PENDING
  D. ACCESS-REJECT
  A. ACCESS-CHALLENGE
  D. ACCESS-REJECT

• Question 134:

  In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?

  A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server
  B. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server
  C. Request: Internal Host -> Slave FG -> Internet -> Web Server
  D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server
  A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server

• Question 135:

  A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

  

  Which of the following statements are correct regarding these VDOMs? (Select all that apply.)

  A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes.
  B. The FortiGate unit must be a model 1000 or above to support multiple VDOMs.
  C. A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled.
  D. All VDOMs must operate in the same mode.
  E. Changing a VDOM operational mode requires a reboot of the FortiGate unit.
  F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs.
  A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes.
  F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs.

• Question 136:

  Which Fortinet products and features could be considered part of a comprehensive solution to monitor and prevent the leakage of sensitive data? (Select all that apply.)

  A. Archive non-compliant outgoing e-mails using FortiMail.
  B. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate.
  C. Monitor database activity using FortiAnalyzer.
  D. Apply a DLP sensor to a firewall policy.
  E. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk.
  A. Archive non-compliant outgoing e-mails using FortiMail.
  B. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate.
  D. Apply a DLP sensor to a firewall policy.

• Question 137:

  Which of the following statements is correct concerning multiple vdoms configured in a FortiGate device?

  A. FortiGate devices,from the FGT/FWF 60D and above, all support VDOMS.
  B. All FortiGate devices scale to 250 VDOMS.
  C. Each VDOM requires its own FortiGuard license.
  D. FortiGate devices support more NAT/route VDOMs than Transparent Mode VDOMs.
  A. FortiGate devices,from the FGT/FWF 60D and above, all support VDOMS.

• Question 138:

  An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

  A. Enable a web filtering profile on the firewall policy.
  B. Create an application control policy.
  C. Enable logging on the firewall policy.
  D. Enable an application control security profile on the firewall policy.
  C. Enable logging on the firewall policy.
  D. Enable an application control security profile on the firewall policy.

• Question 139:

  Examine the following FortiGate web proxy configuration; then answer the question below:

  

  Assuming that the FortiGate proxy IP address is 10.10.1.1, which URL must an Internet browser use to download the PAC file?

  A. https://10.10.1.1:8080
  B. https://10.10.1.1:8080/wpad.dat
  C. http://10.10.1.1:8080/
  D. http://10.10.1.1:8080/wpad.dat
  D. http://10.10.1.1:8080/wpad.dat

• Question 140:

  Which of the following items represent the minimum configuration steps an administrator must perform to enable Data Leak Prevention for traffic flowing through the FortiGate unit? (Select all that apply.)

  A. Assign a DLP sensor in a firewall policy.
  B. Apply one or more DLP rules to a firewall policy.
  C. Enable DLP globally using the config sys dlp command in the CLI.
  D. Define one or more DLP rules.
  E. Define a DLP sensor.
  F. Apply a DLP sensor to a DoS sensor policy.
  A. Assign a DLP sensor in a firewall policy.
  D. Define one or more DLP rules.
  E. Define a DLP sensor.