1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 221:

    Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

    A. Firewall

    B. Directory Service

    C. Local

    D. LDAP

    E. PKI

  • Question 222:

    Users may require access to a web site that is blocked by a policy. Administrators can give users the ability to override the block. Which of the following statements regarding overrides are correct? (Select all that apply.)

    A. A protection profile may have only one user group defined as an override group.

    B. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering.

    C. Authentication to allow the override is based on a user's membership in a user group.

    D. Overrides can be allowed by the administrator for a specific period of time.

  • Question 223:

    Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?

    A. Packet encryption

    B. MIB-based report uploads

    C. SNMP access limits through access lists

    D. Running SNMP service on a non-standard port is possible

  • Question 224:

    Which email filter is NOT available on a FortiGate device?

    A. Sender IP reputation database.

    B. URLs included in the body of known SPAM messages.

    C. Email addresses included in the body of known SPAM messages.

    D. Spam object checksums.

    E. Spam grey listing.

  • Question 225:

    A firewall policy has been configured such that traffic logging is disabled and a UTM function is enabled.

    In addition, the system setting `utm-incident-traffic-log' has been enabled. In which log will a UTM event message be stored?

    A. Traffic

    B. UTM

    C. System D. None

  • Question 226:

    Which one of the following statements is correct about raw log messages?

    A. Logs have a header and a body section. The header will have the same layout for every log message. The body section will change layout from one type of log message to another.

    B. Logs have a header and a body section. The header and body will change layout from one type of log message to another.

    C. Logs have a header and a body section. The header and body will have the same layout for every log message.

  • Question 227:

    You are the administrator in charge of a FortiGate unit which acts as a VPN gateway.

    You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions.

    There is only 1 subnet at either end and the FortiGate unit already has a default route.

    Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)

    A. Create one firewall policy.

    B. Create two firewall policies.

    C. Add a route for the remote subnet.

    D. Add a route for incoming traffic.

    E. Create a phase 1 definition.

    F. Create a phase 2 definition.

  • Question 228:

    An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down. Which of the following statements best describes how to resolve this issue?

    A. This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user's web portal.

    B. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface.

    C. Check the SSL adaptor on the host machine. If necessary, uninstall and reinstall the adaptor from the tunnel mode portal.

    D. Make sure that only Internet Explorer is used. All other browsers are unsupported.

  • Question 229:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, from which of the following source IP addresses would the web server consider the HTTP request to be initiated?

    A. The remote user's virtual IP address.

    B. The FortiGate unit's internal IP address.

    C. The remote user's public IP address.

    D. The FortiGate unit's external IP address.

  • Question 230:

    Two-factor authentication is supported using the following methods? (Select all that apply.)

    A. FortiToken

    B. Email

    C. SMS phone message

    D. Code books

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.