1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 11:

    Which of the following statements about web caching are true? (Choose two.)

    A. Web caching slows down web browsing due to constant read-write cycles from FortiGate memory.

    B. When a client makes a web request, the proxy checks if the requested URL is already in memory.

    C. Only heavy content is cached, for example, videos, images, audio and so on.

    D. Web caching is supported in both explicit and implicit proxy.

  • Question 12:

    View the Exhibit.

    Which statements are correct based on this output? (Choose two.)

    A. The global configuration is synchronized between the primary and secondary FortiGate.

    B. The all VDOM is not synchronized between the primary and secondary FortiGate.

    C. The root VDOM is not synchronized between the primary and secondary FortiGate.

    D. The FortiGates have three VDOMs.

  • Question 13:

    An administrator has enabled the DHCP Server on the port1 interface and configured the following based on the exhibit.

    Which statement is correct based on this configuration?

    A. The MAC address 00:0c:29:29:38:da belongs to the port1 interface.

    B. Access to the network is blocked for the devices with the MAC address 00:0c:29:29:38:da and the IP address 10.0.1.254.

    C. 00:0c:29:29:38:da is the virtual MAC address assigned to the secondary IP address (10.0.1.254) of the port1 interface.

    D. The IP address 10.0.1.254 is reserves for the device with the MAC address 00:0c:29:29:38:da.

  • Question 14:

    An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices. Which configuration steps must be performed on both units to support this scenario? (Choose three.)

    A. Define the phase 2 parameters.

    B. Set the phase 2 encapsulation method to transport mode.

    C. Define at least one firewall policy, with the action set to IPsec.

    D. Define a route to the remote network over the IPsec tunnel.

    E. Define the phase 1 parameters, without enabling IPsec interface mode.

  • Question 15:

    Examine the exhibit.

    A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router. Port2 and port3 are both configured as a software switch.

    What IP address must be configured in the workstation as the default gateway?

    A. The port2's IP address.

    B. The router's IP address.

    C. The FortiGate's management IP address.

    D. The software switch interface's IP address.

  • Question 16:

    Which of the following statements about the FSSO collector agent timers is true?

    A. The dead entry timeout interval is used to age out entries with an unverified status.

    B. The workstation verify interval is used to periodically check if a workstation is still a domain member.

    C. The user group cache expiry is used to age out the monitored groups.

    D. The IP address change verify interval monitors the server IP address where the collector agent is installed, and updates the collector agent configuration if it changes.

  • Question 17:

    What inspections are executed by the IPS engine? (Choose three.)

    A. Application control

    B. Flow-based data leak prevention

    C. Proxy-based antispam

    D. Flow-based web filtering

    E. Proxy-based antivirus

  • Question 18:

    Which of the following statements are true when using Web Proxy Auto-discovery Protocol (WPAD) with the DHCP discovery method? (Choose two.)

    A. The browser sends a DHCPINFORM request to the DHCP server.

    B. The browser will need to be preconfigured with the DHCP server's IP address.

    C. The DHCP server provides the PAC file for download.

    D. If the DHCP method fails, browsers will try the DNS method.

  • Question 19:

    A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub-interfaces added to the same physical interface.

    Which statement about the VLAN IDs in this scenario is true?

    A. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.

    B. The two VLAN sub-interfaces must have different VLAN IDs.

    C. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in the same subnet.

    D. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.

  • Question 20:

    In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

    A. Client > primary FortiGate> secondary FortiGate> primary FortiGate> web server.

    B. Client > secondary FortiGate> web server.

    C. Client >secondary FortiGate> primary FortiGate> web server.

    D. Client> primary FortiGate> secondary FortiGate> web server.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.