Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

Fortinet NSE4-5.4 Online Questions & Answers

• Question 351:

  A FortiGate unit can act as which of the following? (Select all that apply.)

  A. Antispam filter
  B. Firewall
  C. VPN gateway
  D. Mail relay
  E. Mail server
  A. Antispam filter
  B. Firewall
  C. VPN gateway

• Question 352:

  Which is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying a FortiGate unit?

  A. MIB-based report uploads.
  B. SNMP access limited by access lists.
  C. Packet encryption.
  D. Running SNMP service on a non-standard port is possible.
  C. Packet encryption.

• Question 353:

  Which of the following are operating mode supported in FortiGate devices? (Choose two)

  A. Proxy
  B. Transparent
  C. NAT/route
  D. Offline inspection
  B. Transparent
  C. NAT/route

• Question 354:

  What FortiGate feature can be used to prevent a cross-site scripting (XSS) attack?

  A. Web application firewall (WAF)
  B. DoS policies
  C. Rate based IPS signatures
  D. One-arm sniffer
  A. Web application firewall (WAF)

• Question 355:

  An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform?

  A. They can delete logged-in users who are also assigned the super_admin access profile.
  B. They can make changes to the super_admin profile.
  C. They can delete the admin account if the default admin user is not logged in.
  D. They can view all the system configuration settings but can not make changes.
  E. They can access configuration options for only the VDOMs to which they have been assigned.
  C. They can delete the admin account if the default admin user is not logged in.

• Question 356:

  Which action does the FortiGate take when link health monitor times out?

  A. All routes to the destination subnet configured in the link health monitor are removed from the routing table.
  B. The distance values of all routes using interface configured in the link health monitor are increased.
  C. The priority values of all routes using configured in the link health monitor are increased.
  D. All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.
  D. All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.

• Question 357:

  Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols?

  A. Proxy-based
  B. DNS-based
  C. Flow-based
  D. Man-in-the-middle.
  C. Flow-based

• Question 358:

  What are the advantages of FSSO DC mode over polling mode?

  A. Redundancy in the collector agent.
  B. Allows transparent authentication.
  C. DC agents are not required in the AD domain controllers.
  D. Scalability
  C. DC agents are not required in the AD domain controllers.

• Question 359:

  Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)

  A. Manual update by downloading the signatures from the support site.
  B. Pull updates from the FortiGate.
  C. Push updates from a FortiAnalyzer.
  D. execute fortiguard-AV-AS command from the CLI.
  A. Manual update by downloading the signatures from the support site.
  B. Pull updates from the FortiGate.

• Question 360:

  Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it.

  

  Which of the following statements are correct regarding this configuration? (Select all that apply).

  A. The phase1 is for a route-based VPN configuration.
  B. The phase1 is for a policy-based VPN configuration.
  C. The local gateway IP is the address assigned to port1.
  D. The local gateway IP address is 10.200.3.1.
  A. The phase1 is for a route-based VPN configuration.
  C. The local gateway IP is the address assigned to port1.