1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

NSE4-5.4 Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE4-5.4 Online Questions & Answers

  • Question 331:

    Which of the following statements is correct about how the FortiGate unit verifies username and password during user authentication?

    A. If a remote server is included in a user group, it will be checked before local accounts.
    B. An administrator can define a local account for which the password must be verified by querying a remote server.
    C. If authentication fails with a local password, the FortiGate unit will query the authentication server if the local user is configured with both a local password and an authentication server.
    D. The FortiGate unit will only attempt to authenticate against Active Directory if Fortinet Server Authentication Extensions are installed and configured.

  • Question 332:

    Which statement concerning IPS is false?

    A. IPS packages contain an engine and signatures used by both IPS and other flow-based scans.
    B. One-arm topology with sniffer mode improves performance of IPS blocking.
    C. IPS can detect zero-day attacks.
    D. The status of the last service update attempt from FortiGuard IPS is shown on System>Config>FortiGuard and in output from 'diag autoupdate version'

  • Question 333:

    Review the IPsec diagnostics output of the command diagnose vpn tunnel list shown in the exhibit.

    Which of the following statements is correct regarding this output? (Select one answer).

    A. One tunnel is rekeying.
    B. Two tunnels are rekeying.
    C. Two tunnels are up.
    D. One tunnel is up.

  • Question 334:

    What step is required to configure an SSL VPN to access to an internal server using port forward mode?

    A. Configure the virtual IP addresses to be assigned to the SSL VPN users.
    B. Install FortiClient SSL VPN client
    C. Create a SSL VPN realm reserved for clients using port forward mode.
    D. Configure the client application to forward IP traffic to a Java applet proxy.

  • Question 335:

    What FortiGate configuration is required to actively prompt users for credentials?

    A. You must enable one or more protocols that support active authentication on a firewall policy.
    B. You must assign users to a group for active authentication.
    C. You must place the firewall policy for active authentication before a firewall policy for passive authentication.
    D. You must enable the Authentication setting on the firewall policy.

  • Question 336:

    When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?

    A. Common Name
    B. Organization
    C. Organizational Unit
    D. Serial Number
    E. Validity

  • Question 337:

    Examine the following web filtering log.

    Which statement about the log message is true?

    A. The action for the category Games is set to block.
    B. The usage quota for the IP address 10.0.1.10 has expired.
    C. The name of the applied web filter profile is default.
    D. The web site miniclip.com matches a static URL filter whose action is set to Warning.

  • Question 338:

    Which of the following statements describe some of the differences between symmetric and asymmetric cryptography? (Choose two.)

    A. In symmetric cryptography, the keys are publicly available. In asymmetric cryptography, the keys must be kept secret.
    B. Asymmetric cryptography can encrypt data faster than symmetric cryptography
    C. Symmetric cryptography uses one pre-shared key. Asymmetric cryptography uses a pair or keys
    D. Asymmetric keys can be sent to the remote peer via digital certificates. Symmetric keys cannot

  • Question 339:

    How does FortiGate look for a matching firewall policy to process traffic?

    A. From top to bottom, based on the sequence numbers.
    B. Based on best match.
    C. From top to bottom, based on the policy ID numbers.
    D. From lower to higher, based on the priority value.

  • Question 340:

    A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub- interfaces added to the same physical interface. Which one of the following statements is correct regarding the VLAN IDs in this scenario?

    A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
    B. The two VLAN sub-interfaces must have different VLAN IDs.
    C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
    D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.