Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

Fortinet NSE4-5.4 Online Questions & Answers

• Question 221:

  Which of the following statements are true of the FortiGate unit's factory default configuration?

  A. `Port1' or `Internal' interface will have an IP of 192.168.1.99.
  B. `Port1' or `Internal' interface will have a DHCP server set up and enabled (on devices that support DHCP Servers).
  C. Default login will always be the username: admin (all lowercase) and no password.
  D. The implicit firewall action is ACCEPT.
  A. `Port1' or `Internal' interface will have an IP of 192.168.1.99.
  B. `Port1' or `Internal' interface will have a DHCP server set up and enabled (on devices that support DHCP Servers).
  C. Default login will always be the username: admin (all lowercase) and no password.

• Question 222:

  Two-factor authentication is supported using the following methods? (Select all that apply.)

  A. FortiToken
  B. Email
  C. SMS phone message
  D. Code books
  A. FortiToken
  B. Email
  C. SMS phone message

• Question 223:

  Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)

  A. Domain Local Security Agent.
  B. Collector Agent.
  C. Active Directory Agent.
  D. User Authentication Agent.
  E. Domain Controller Agent.
  B. Collector Agent.
  E. Domain Controller Agent.

• Question 224:

  Examine the exhibit, which shows the output of a web filtering real time debug.

  

  Why is the site www.bing.com being blocked?

  A. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.
  B. The rating for the web site www.bing.com has been locally overridden to a category that is being blocked.
  C. The web site www.bing.com is categorized by FortiGuard as Malicious Websites.
  D. The user has not authenticated with the FortiGate yet.
  A. The web server IP address 204.79.197.200 is categorized by FortiGuard as Malicious Websites.

• Question 225:

  Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

  A. Firewall
  B. Directory Service
  C. Local
  D. LDAP
  E. PKI
  A. Firewall
  B. Directory Service

• Question 226:

  To which remote device can the FortiGate send logs? (Choose three.)

  A. Syslog
  B. FortiAnalyzer C. Hard drive
  D. Memory
  E. FortiCloud
  A. Syslog
  B. FortiAnalyzer C. Hard drive
  E. FortiCloud

• Question 227:

  Which define device identification? (Choose two.)

  A. Device identification is enabled by default on all interfaces.
  B. Enabling a source device in a firewall policy enables device identification on the source interfaces of that policy.
  C. You cannot combine source user and source device in the same firewall policy.
  D. FortiClient can be used as an agent based device identification technique.
  E. Only agentless device identification techniques are supported.
  B. Enabling a source device in a firewall policy enables device identification on the source interfaces of that policy.
  D. FortiClient can be used as an agent based device identification technique.

• Question 228:

  A FortiGate unit has multiple VDOMs in NAT/route mode with multiple VLAN interfaces in each VDOM. Which of the following statements is correct regarding the IP addresses assigned to each VLAN interface?

  A. Different VLANs can share the same IP address as long as they have different VLAN IDs.
  B. Different VLANs can share the same IP address as long as they are in different physical interface.
  C. Different VLANs can share the same IP address as long as they are in different VDOMs.
  D. Different VLANs can never share the same IP addresses.
  C. Different VLANs can share the same IP address as long as they are in different VDOMs.

• Question 229:

  The exhibit shows two static routes to the same destinations subnet 172.20.168.0/24.

  

  Which of the following statements correctly describes this static routing configuration? (choose two)

  A. Both routes will show up in the routing table.
  B. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 between routes.
  C. Only one route will show up in the routing table.
  D. The FortiGate will route the traffic to 172.20.168.0/24 only through one route.
  C. Only one route will show up in the routing table.
  D. The FortiGate will route the traffic to 172.20.168.0/24 only through one route.

• Question 230:

  With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent. If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)

  A. The login event is sent to the Collector Agent.
  B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.
  C. The Collector Agent performs the DNS lookup for the authenticated client's IP address.
  D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.
  A. The login event is sent to the Collector Agent.
  C. The Collector Agent performs the DNS lookup for the authenticated client's IP address.