1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

NSE4-5.4 Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE4-5.4 Online Questions & Answers

  • Question 371:

    Which of the following IPsec configuration modes can be used when the FortiGate is running in NAT mode?

    A. Policy-based VPN only
    B. Both policy-based and route-based VPN.
    C. Route-based VPN only.
    D. IPSec VPNs are not supported when the FortiGate is running in NAT mode.

  • Question 372:

    Identify the statement which correctly describes the output of the following command:

    diagnose ips anomaly list

    A. Lists the configured DoS policy.
    B. List the real-time counters for the configured DoS policy.
    C. Lists the errors captured when compiling the DoS policy.
    D. Lists the IPS signature matches.

  • Question 373:

    The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit's GUI and also using the CLI. The command used in the CLI to perform this function is _________.

    A. set order
    B. edit policy
    C. reorder
    D. move

  • Question 374:

    What is the default criteria for selecting the HA master unit in a HA cluster?

    A. port monitor, priority, uptime, serial number
    B. Port monitor, uptime, priority, serial number
    C. Priority, uptime, port monitor, serial number
    D. uptime, priority, port monitor, serial number

  • Question 375:

    Which statements are true regarding the factory default configuration? (Choose three.)

    A. The default web filtering profile is applied to the first firewall policy.
    B. The `Port1' or `Internal' interface has the IP address 192.168.1.99.
    C. The implicit firewall policy action is ACCEPT.
    D. The `Port1' or `Internal' interface has a DHCP server set up and enabled (on device models that support DHCP servers).
    E. Default login uses the username: admin (all lowercase) and no password.

  • Question 376:

    Which of the following statements are correct concerning the IPsec phase 1 and phase 2, shown in the exhibit? (choose two) A. The quick mode selector in the remote site must also be 0.0.0.0/0 for the source and destination addresses.

    B. Only remote peers with the peer ID 'fortinet' will be able to establish a VPN.
    C. The FortiGate device will automatically add a static route to the source quick mode selector address received from each remote VPN peer.
    D. The configuration will work only to establish FortiClient-to-FortiGate tunnels. A FortiGate tunnel requires a different configuration.

  • Question 377:

    WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?

    A. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule.
    B. The attempt will be accepted when there is a matching WAN optimization passive rule.
    C. The attempt will be accepted when the request comes from a known peer.
    D. The attempt will be accepted when a user on the remote peer accepts the connection request.

  • Question 378:

    An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices. Which configuration steps must be performed on both units to support this scenario? (Choose three.)

    A. Define the phase 2 parameters.
    B. Set the phase 2 encapsulation method to transport mode.
    C. Define at least one firewall policy, with the action set to IPsec.
    D. Define a route to the remote network over the IPsec tunnel.
    E. Define the phase 1 parameters, without enabling IPsec interface mode.

  • Question 379:

    View the exhibit.

    The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

    What should be done next to troubleshoot the problem?

    A. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
    B. Run a sniffer in the web server.
    C. Capture the traffic using an external sniffer connected to port1.
    D. Execute a debug flow.

  • Question 380:

    Which two methods are supported by the web proxy auto-discovery protocol (WPAD) to automatically learn the URL where a PAC file is located? (Choose two.)

    A. DHCP
    B. BOOTP
    C. DNS
    D. IPv6 auto configuration

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.