1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 271:

    How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side?

    A. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface.

    B. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit's kernel routing table.

    C. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit.

    D. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy.

  • Question 272:

    An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has enabled split tunneling.

    Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table.

    A. A route to destination matching the `WIN2K3' address object.

    B. A route to the destination matching the `all' address object.

    C. A default route.

    D. No route is added.

  • Question 273:

    Which of the following antivirus and attack definition update options are supported by FortiGate units? (Select all that apply.)

    A. Manual update by downloading the signatures from the support site.

    B. Pull updates from the FortiGate device

    C. Push updates from the FortiGuard Distribution Network.

    D. "update-AV/AS" command from the CLI

  • Question 274:

    A FortiGate AntiVirus profile can be configured to scan for viruses on SMTP, FTP, POP3, and SMB protocols using which inspection mode?

    A. Proxy

    B. DNS

    C. Flow-based

    D. Man-in-the-middle

  • Question 275:

    A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode. Which one of the following statements is correct regarding the use of web-only mode SSL VPN?

    A. Web-only mode supports SSL version 3 only.

    B. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN.

    C. Web-only mode requires the user to have a web browser that supports 64-bit cipher length.

    D. The JAVA run-time environment must be installed on the client to be able to connect to a web- only mode SSL VPN.

  • Question 276:

    A client can establish a secure connection to a corporate network using SSL VPN in tunnel mode. Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.)

    A. Split tunneling can be enabled when using tunnel mode SSL VPN.

    B. Client software is required to be able to use a tunnel mode SSL VPN.

    C. Users attempting to create a tunnel mode SSL VPN connection must be authenticated by at least one SSL VPN policy.

    D. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit.

  • Question 277:

    When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge. Select all supported protocols from the following:

    A. SMTP

    B. SSH

    C. HTTP

    D. FTP

    E. SCP

  • Question 278:

    Which of the following items is NOT a packet characteristic matched by a firewall service object?

    A. ICMP type and code

    B. TCP/UDP source and destination ports

    C. IP protocol number

    D. TCP sequence number

  • Question 279:

    Which statement regarding the firewall policy authentication timeout is true?

    A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

    B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

    C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

    D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address after this timer has expired.

  • Question 280:

    Which two statements are true regarding firewall policy disclaimers? (Choose two.)

    A. They cannot be used in combination with user authentication.

    B. They can only be applied to wireless interfaces.

    C. Users must accept the disclaimer to continue.

    D. The disclaimer page is customizable.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.