Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 361:

  Which of the following options best defines what Diffie-Hellman is?

  A. A symmetric encryption algorithm.

  B. A "key-agreement" protocol.

  C. A "Security-association-agreement" protocol.

  D. An authentication algorithm.

  Correct Answer: B

• Question 362:

  To which remote device can the FortiGate send logs? (Choose three.)

  A. Syslog

  B. FortiAnalyzer

  C. Hard drive

  D. Memory

  E. FortiCloud

  Correct Answer: ABE

• Question 363:

  What are required to be the same for two FortiGate units to form an HA cluster? (Choose two)

  A. Firmware.

  B. Model.

  C. Hostname.

  D. System time zone.

  Correct Answer: AB

• Question 364:

  The exhibit shows two static routes to the same destinations subnet 172.20.168.0/24.

  

  Which of the following statements correctly describes this static routing configuration? (choose two)

  A. Both routes will show up in the routing table.

  B. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 between routes.

  C. Only one route will show up in the routing table.

  D. The FortiGate will route the traffic to 172.20.168.0/24 only through one route.

  Correct Answer: CD

• Question 365:

  Which correctly define "Section View" and "Global View" for firewall policies? (Choose two.)

  A. Section View lists firewall policies primarily by their interface pairs.

  B. Section View lists firewall policies primarily by their sequence number.

  C. Global View lists firewall policies primarily by their interface pairs.

  D. Global View lists firewall policies primarily by their policy sequence number.

  E. The 'any' interface may be used with Section View.

  Correct Answer: AD

• Question 366:

  Which of the following statements is true regarding the differences between route-based and policy-based IPsec VPNs? (Choose two.)

  A. The firewall policies for policy-based are bidirectional. The firewall policies for route- based are unidirectional.

  B. In policy-based VPNs the traffic crossing the tunnel must be routed to the virtual IPsec interface. In route-based, it does not.

  C. The action for firewall policies for route-based VPNs may be Accept or Deny, for policy- based VPNs it is Encrypt.

  D. Policy-based VPN uses an IPsec interface, route-based does not.

  Correct Answer: AC

• Question 367:

  What are the advantages of FSSO DC mode over polling mode?

  A. Redundancy in the collector agent.

  B. Allows transparent authentication.

  C. DC agents are not required in the AD domain controllers.

  D. Scalability

  Correct Answer: C

• Question 368:

  In the debug command output shown in the exhibit, which of the following best described the MAC address 00:09:0f:69:03:7e?

  

  A. It is one of the secondary MAC addresses of the port1 interface.

  B. It is the primary MAC address of the port interface.

  C. It is the MAC address of another network devices located in the same LAN segment as the FortiGate unit's port1 interface.

  D. It is the HA virtual MAC address.

  Correct Answer: C

• Question 369:

  Which answer best describes what an "Unknown Application" is?

  A. All traffic that matches the internal signature for unknown applications.

  B. Traffic that does not match the RFC pattern for its protocol.

  C. Any traffic that does not match an application control signature

  D. A packet that fails the CRC check.

  Correct Answer: C

• Question 370:

  Which of the following statements are true about Man-in-the-middle SSL Content Inspection? (Choose three.)

  A. The FortiGate device "re-signs" all the certificates coming from the HTTPS servers

  B. The FortiGate device acts as a sub-CA

  C. The local service certificate of the web server must be installed in the FortiGate device

  D. The FortiGate device does man-in-the-middle inspection.

  E. The required SSL Proxy certificate must first be requested to a public certificate authority (CA).

  Correct Answer: BCE