1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 191:

    What FortiGate feature can be used to block a ping sweep scan from an attacker?

    A. Web application firewall (WAF)

    B. Rate based IPS signatures

    C. One-arm sniffer

    D. DoS policies

  • Question 192:

    Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true? (Choose two.)

    A. The firmware image must be manually uploaded to each FortiGate.

    B. Only secondary FortiGate devices are rebooted.

    C. Uninterruptable upgrade is enabled by default.

    D. Traffic load balancing is temporally disabled while upgrading the firmware.

  • Question 193:

    Examine the exhibit, which shows the output of a web filtering real time debug.

    Why is the site www.bing.com being blocked?

    A. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.

    B. The rating for the web site www.bing.com has been locally overridden to a category that is being blocked.

    C. The web site www.bing.com is categorized by FortiGuard as Malicious Websites.

    D. The user has not authenticated with the FortiGate yet.

  • Question 194:

    View the exhibit.

    Why is the administrator getting the error shown in the exhibit?

    A. The administrator admin does not have the privileges required to configure global settings.

    B. The global settings cannot be configured from the root VDOM context.

    C. The command config system global does not exist in FortiGate.

    D. The administrator must first enter the command edit global.

  • Question 195:

    An administrator has disabled Accept push updates under Antivirus and IPS Updates. Which statements is true when this setting is disabled?

    A. The extreme database is disabled.

    B. New AV definitions are not added to FortiGate as soon as they are releases by FortiGuard.

    C. Administrators cannot manually upload new AV definitions to the FortiGate.

    D. FortiGate does not send files to FortiSandbox for inspection.

  • Question 196:

    An administrator needs to create a tunnel mode SSLVPN to access an internal web server from the Internet. The web server is connected to port1. The Internet is connected to port2. Both interfaces belong to the VDOM named Corporation. What interface must be used as the source for the firewall policy that will allow this traffic?

    A. ssl.root

    B. ssl.Corporation

    C. port2

    D. port1

  • Question 197:

    Which statement about the IP authentication header (AH) used by IPsec is true?

    A. AH does not provide any data integrity or encryption.

    B. AH does not support perfect forward secrecy.

    C. AH provides data integrity but no encryption.

    D. AH provides strong data integrity but weak encryption.

  • Question 198:

    Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

    A. To remove the NAT operation.

    B. To generate logs

    C. To finish any inspection operations.

    D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.

  • Question 199:

    Examine this output from a debug flow:

    Which statements about the output are correct? (Choose two.)

    A. The packet was allowed by the firewall policy with the ID 00007fc0.

    B. FortiGate routed the packet through port3.

    C. FortiGate received a TCP SYN/ACK packet.

    D. The source IP address of the packet was translated to 10.0.1.10.

  • Question 200:

    View the exhibit.

    Which users and user groups are allowed access to the network through captive portal?

    A. Only individual users璶ot groups璬efined in the captive portal configuration.

    B. Groups defined in the captive portal configuration

    C. All users

    D. Users and groups defined in the firewall policy.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.