Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 351:

  A FortiGate is configured with the 1.1.1.1/24 address on the wan2 interface and HTTPS Administrative Access, using the default tcp port, is enabled for that interface. Given the SSL VPN settings in the exhibit.

  

  Which of the following SSL VPN login portal URLs are valid? (Choose two.)

  A. http://1.1.1.1:443/Training

  B. https://1.1.1.1:443/STUDENTS

  C. https://1.1.1.1/login

  D. https://1.1.1.1/

  Correct Answer: BD

• Question 352:

  Which of the following fields contained in the IP/TCP/UDP headers can be used to make a routing decision when using policy-based routing? (Choose three)

  A. Source IP address.

  B. TCP flags

  C. Source TCP/UDP ports

  D. Type of service.

  E. Checksum

  Correct Answer: ACD

• Question 353:

  Which of the following protocols are defined in the IPsec Standard? (Choose two)

  A. AH

  B. GRE

  C. SSL/TLS

  D. ESP

  Correct Answer: AD

• Question 354:

  Which action does the FortiGate take when link health monitor times out?

  A. All routes to the destination subnet configured in the link health monitor are removed from the routing table.

  B. The distance values of all routes using interface configured in the link health monitor are increased.

  C. The priority values of all routes using configured in the link health monitor are increased.

  D. All routes using the next-hop gateway configured in the link health monitor are removed from the routing table.

  Correct Answer: D

• Question 355:

  Which of the following FSSO agents are required for a DC agent mode solution? (Choose two.)

  A. FSSO agent

  B. DC agent

  C. Collector agent

  D. Radius server

  Correct Answer: BC

• Question 356:

  A new version of FortiOS firmware has just been released. When you upload new firmware, which is true?

  A. If you upload the firmware image via the boot loader's menu from a TFTP server, it will not preserve the configuration. But if you upload new firmware via the GUI or CLI, as long as you are following a supported upgrade path, FortiOS will attempt to convert the existing configuration to be valid with any new or changed syntax.

  B. No settings are preserved. You must completely reconfigure.

  C. No settings are preserved. After the upgrade, you must upload a configuration backup file. FortiOS will ignore any commands that are not valid in the new OS. In those cases, you must reconfigure settings that are not compatible with the new firmware.

  D. You must use FortiConverter to convert a backup configuration file into the syntax required by the new FortiOS, then upload it to FortiGate.

  Correct Answer: A

• Question 357:

  What is longest length of time allowed on a FortiGate device for the virus scan to complete?

  A. 20 seconds

  B. 30 seconds

  C. 45 seconds

  D. 10 seconds

  Correct Answer: B

• Question 358:

  Your Linux email server runs on a non-standard port number, port 2525. Which statement is true?

  A. IPS cannot scan that traffic for SMTP anomalies because of the non-standard port number. You must reconfigure the server to run on port 2.

  B. To apply IPS to traffic to that server, you must configure FortiGate SMTP proxy to listen on port 2525

  C. IPS will apply all SMTP signatures, regardless of whether they apply to clients or servers.

  D. Protocol decoders automatically detect SMTP and scan for matches with appropriate IPS signature.

  Correct Answer: B

• Question 359:

  What are the ways FortiGate can monitor logs? (Choose three.)

  A. MIB

  B. SMS

  C. Alert Emails

  D. SNMP

  E. FortiAnalyzer

  F. Alert Message Console

  Correct Answer: CDF

• Question 360:

  Which of the following statements are true about PKI users created in a FortiGate device? (Choose two.)

  A. Can be used for token-based authentication

  B. Can be used for two-factor authentication

  C. Are used for certificate-based authentication

  D. Cannot be members of user groups

  Correct Answer: AB