1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 281:

    When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)

    A. SMTP

    B. POP3

    C. HTTP

    D. FTP

  • Question 282:

    For traffic that does match any configured firewall policy, what is the default action taken by the FortiGate?

    A. The traffic is allowed and no log is generated.

    B. The traffic is allowed and logged.

    C. The traffic is blocked and no log is generated.

    D. The traffic is blocked and logged.

  • Question 283:

    What methods can be used to deliver the token code to a user that is configured to use two-factor authentication? (Choose three.)

    A. Browser pop-up window.

    B. FortiToken.

    C. Email.

    D. Code books.

    E. SMS phone message.

  • Question 284:

    The FortiGate port1 is connected to the Internet. The FortiGate port2 is connected to the internal network. Examine the firewall configuration shown in the exhibit; then answer the question below.

    Based on the firewall configuration illustrated in the exhibit, which statement is correct?

    A. A user that has not authenticated can access the Internet using any protocol that does not trigger an authentication challenge.

    B. A user that has not authenticated can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP.

    C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access all Internet services.

    D. DNS Internet access is always allowed, even for users that has not authenticated.

  • Question 285:

    Examine the exhibit; then answer the question below.

    Which statement describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit?

    A. They indicate that the FortiGate has the latest updates available from the FortiGuard Distribution Network.

    B. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit.

    C. They indicate that the FortiGate is in the process of downloading updates from the FortiGuard Distribution Network.

    D. They indicate that the FortiGate is able to connect to the FortiGuard Distribution Network.

  • Question 286:

    Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols?

    A. Proxy-based

    B. DNS-based

    C. Flow-based

    D. Man-in-the-middle.

  • Question 287:

    Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)

    A. Manual update by downloading the signatures from the support site.

    B. Pull updates from the FortiGate.

    C. Push updates from a FortiAnalyzer.

    D. execute fortiguard-AV-AS command from the CLI.

  • Question 288:

    An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct regarding this IPsec VPN configuration?

    A. The IPsec firewall policies must be placed at the top of the list.

    B. This VPN cannot be used as part of a hub and spoke topology.

    C. Routes are automatically created based on the quick mode selectors.

    D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

  • Question 289:

    A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which are two reasons for this problem? (Choose two.)

    A. The FortiGate is connected to multiple ISPs.

    B. There is a NAT device between the FortiGate and the FortiGuard Distribution Network.

    C. The FortiGate is in Transparent mode.

    D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.

  • Question 290:

    Which statement is correct regarding virus scanning on a FortiGate unit?

    A. Virus scanning is enabled by default.

    B. Fortinet customer support enables virus scanning remotely for you.

    C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.

    D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.