1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 291:

    Which IPsec configuration mode can be used for implementing GRE-over-IPsec VPNs?.

    A. Policy-based only.

    B. Route-based only.

    C. Either policy-based or route-based VPN.

    D. GRE-based only.

  • Question 292:

    You are the administrator in charge of a FortiGate acting as an IPsec VPN gateway using route- based mode. Users from either side must be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate already has a

    default route.

    Which two configuration steps are required to achieve these objectives? (Choose two.)

    A. Create one firewall policy.

    B. Create two firewall policies.

    C. Add a route to the remote subnet.

    D. Add two IPsec phases 2.

  • Question 293:

    An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

    A. Create firewall policies to allow and control traffic between the source and destination IP addresses.

    B. Configure the appropriate user groups to allow users access to the tunnel.

    C. Set the operating mode to IPsec VPN mode.

    D. Define the phase 2 parameters.

    E. Define the Phase 1 parameters.

  • Question 294:

    What is IPsec Perfect Forwarding Secrecy (PFS)?

    A. A phase-1 setting that allows the use of symmetric encryption.

    B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.

    C. A `key-agreement' protocol.

    D. A `security-association-agreement' protocol.

  • Question 295:

    In a high availability cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a slave unit?

    A. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.

    B. Request: internal host; slave FortiGate; Internet; web server.

    C. Request: internal host; slave FortiGate; master FortiGate; Internet; web server.

    D. Request: internal host; master FortiGate; slave FortiGate; Internet; web server.

  • Question 296:

    Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device.

    Exhibit A: Exhibit B

    Which one of the following is the most likely reason that the cluster fails to form?

    A. Password

    B. HA mode

    C. Heartbeat

    D. Override

  • Question 297:

    Examine the following spanning tree configuration on a FortiGate in transparent mode: Which statement is correct for the above configuration?

    A. The FortiGate participates in spanning tree.

    B. The FortiGate device forwards received spanning tree messages.

    C. Ethernet layer-2 loops are likely to occur.

    D. The FortiGate generates spanning tree BPDU frames.

  • Question 298:

    Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device.

    Exhibit A:

    Exhibit B:

    Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)

    A. STUDENT is likely to be the master device.

    B. Session-pickup is likely to be enabled.

    C. The cluster mode is active-passive.

    D. There is not enough information to determine the cluster mode.

  • Question 299:

    An administrator has formed a high availability cluster involving two FortiGate units.

    [ Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ]

    The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.

    Which of the following options describes the best step the administrator can take? The administrator should_____________.

    A. Increase the number of FortiGate units in the cluster and configure HA in active-active mode.

    B. Enable monitoring of all active interfaces.

    C. Set up a full-mesh design which uses redundant interfaces.

    D. Configure the HA ping server feature to allow for HA failover in the event that a path is disrupted

  • Question 300:

    What is the purpose of the Policy Lookup feature?

    A. It finds duplicate objects in firewall policies.

    B. It searches the matching policy based on an input criteria.

    C. It creates a new firewall policy based on an input criteria.

    D. It enables hidden security profiles with full logging capabilities and generates Learning Reports based on an input criteria.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.