1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 21:

    An administrator has configured the following settings:

    What does the configuration do? (Choose two.)

    A. Reduces the amount of logs generated by denied traffic.

    B. Enforces device detection on all interfaces for 30 minutes.

    C. Blocks denied users for 30 minutes.

    D. Creates a session for traffic being denied.

  • Question 22:

    Which statements about FortiGate inspection modes are true? (Choose two.)

    A. The default inspection mode is proxy based.

    B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.

    C. Proxy-based inspection is not available in VDOMs operating in transparent mode.

    D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.

  • Question 23:

    Examine the following interface configuration on a FortiGate in transparent mode:

    Which statement about this configuration is correct?

    A. The FortiGate generates spanning tree BPDU frames.

    B. The FortiGate device forwards received spanning tree BPDU frames.

    C. The FortiGate can block an interface if a layer-2 loop is detected.

    D. Ethernet layer-2 loops are likely to occur.

  • Question 24:

    Examine this PAC file configuration.

    Which of the following statements are true? (Choose two.)

    A. Browsers can be configured to retrieve this PAC file from the FortiGate.

    B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.

    C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.

    D. Any web request fortinet.com is allowed to bypass the proxy.

  • Question 25:

    What does the command diagnose debug fsso-polling refresh-user do?

    A. It refreshes user group information form any servers connected to the FortiGate using a collector agent.

    B. It refreshes all users learned through agentless polling.

    C. It displays status information and some statistics related with the polls done by FortiGate on each DC.

    D. It enables agentless polling mode real-time debug.

  • Question 26:

    Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?

    A. The FortiGate is able to handle NATed connections only with aggressive mode.

    B. FortiClient supports aggressive mode.

    C. The remote peers are able to provide their peer IDs in the first message with aggressive mode.

    D. Main mode does not support XAuth for user authentication.

  • Question 27:

    What statement describes what DNS64 does?

    A. Converts DNS A record lookups to AAAA record lookups.

    B. Translates the destination IPv6 address of the DNS traffic to an IPv4 address.

    C. Synthesizes DNS AAAA records from A records.

    D. Translates the destination IPv4 address of the DNS traffic to an IPv6 address.

  • Question 28:

    Which component of FortiOS performs application control inspection?

    A. Kernel

    B. Antivirus engine

    C. IPS engine

    D. Application control engine

  • Question 29:

    Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

    A. They support GRE-over-IPsec.

    B. They can be configured in both NAT/Route and transparent operation modes.

    C. They require two firewall policies: one for each direction of traffic flow.

    D. They support L2TP-over-IPsec.

  • Question 30:

    An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?

    A. Only digital certificates will be accepted as an authentication method in phase 1.

    B. Dialup clients must provide a username and password for authentication.

    C. Phase 1 negotiations will skip pre-shared key exchange.

    D. Dialup clients must provide their local ID during phase 2 negotiations.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.