Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 261:

  A FortiGate unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which of the following statements are possible reasons for this? (Select all that apply.)

  A. The external facing interface of the FortiGate unit is configured to use DHCP.

  B. The FortiGate unit has not been registered.

  C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured.

  D. The FortiGate unit is in Transparent mode which does not support push updates.

  Correct Answer: ABC

• Question 262:

  A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the antivirus and email filter profiles applied to this policy.

  Exhibit A:

  

  Exhibit B: What is the correct behavior when the email attachment is detected as a virus by the FortiGate antivirus engine?

  

  A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected.

  B. The FortiGate unit will reject the infected email and the sender will receive a failed delivery message.

  C. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed.

  D. The FortiGate unit will reject the infected email and notify the sender.

  Correct Answer: A

• Question 263:

  Which of the following statements are correct regarding logging to memory on a FortiGate unit? (Select all that apply.)

  A. When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory.

  B. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages.

  C. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost.

  D. None of the above.

  Correct Answer: BC

• Question 264:

  Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.)

  A. IP Address Check

  B. Open Relay Database List (ORDBL)

  C. Black/White List

  D. Return Email DNS Check

  E. Email Checksum Check

  Correct Answer: ABCDE

• Question 265:

  Which of the following email spam filtering features is NOT supported on a FortiGate unit?

  A. Multipurpose Internet Mail Extensions (MIME) Header Check

  B. HELO DNS Lookup

  C. Greylisting

  D. Banned Word

  Correct Answer: C

• Question 266:

  Examine the exhibit shown below; then answer the question following it.

  

  Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

  A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network.

  B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network.

  C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.

  D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network.

  Correct Answer: A

• Question 267:

  Which of the following items does NOT support the Logging feature?

  A. File Filter

  B. Application control

  C. Session timeouts

  D. Administrator activities

  E. Web URL filtering

  Correct Answer: C

• Question 268:

  Which of the following is true regarding Switch Port Mode?

  A. Allows all internal ports to share the same subnet.

  B. Provides separate routable interfaces for each internal port.

  C. An administrator can select ports to be used as a switch.

  D. Configures ports to be part of the same broadcast domain.

  Correct Answer: A

• Question 269:

  An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network. Which of the following FortiAnalyzers will be detected? (Select all that apply.)

  A. 192.168.11.100

  B. 192.168.11.251

  C. 192.168.10.100

  D. 192.168.10.251

  Correct Answer: AB

• Question 270:

  In an IPSec gateway-to-gateway configuration, two FortiGate units create a VPN tunnel between two separate private networks. Which of the following configuration steps must be performed on both FortiGate units to support this configuration? (Select all that apply.)

  A. Create firewall policies to control traffic between the IP source and destination address.

  B. Configure the appropriate user groups on the FortiGate units to allow users access to the IPSec VPN connection.

  C. Set the operating mode of the FortiGate unit to IPSec VPN mode.

  D. Define the Phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with the remote peer.

  E. Define the Phase 1 parameters that the FortiGate unit needs to authenticate the remote peers.

  Correct Answer: ADE