1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 371:

    What actions are possible with Application Control? (Choose three.)

    A. Warn

    B. Allow

    C. Block

    D. Traffic Shaping

    E. Quarantine

  • Question 372:

    If you have lost your password for the "admin" account on your FortiGate, how should you reset it?

    A. Log in with another administrator account that has "super_admin" profile permissions, then reset the password for the "admin" account.

    B. Reboot the FortiGate. Via the local console, during the boot loader, use the menu to format the flash disk and reinstall the firmware. Then you can log in with the default password.

    C. Power off the FortiGate. After several seconds, restart it. Via the local console, within 30 seconds after booting has completed, log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.

    D. Reboot the FortiGate. Via the local console, during the boot loader, use the menu to log in as "maintainer" and enter the CLI commands to set the password for the "admin" account.

  • Question 373:

    Which of the following statements must be true for a digital certificate to be valid? (Choose two.)

    A. It must be signed by a "trusted" CA

    B. It must be listed as valid in a Certificate Revocation List (CRL)

    C. The CA field must be "TRUE"

    D. It must be still within its validity period

  • Question 374:

    Which of the following authentication methods are supported in an IPsec phase 1? (Choose two.)

    A. Asymmetric Keys

    B. CA root digital certificates

    C. RSA signature

    D. Pre-shared keys

  • Question 375:

    Which of the following statements best describe what a FortiGate does when packets match a black hole route?

    A. Packets are dropped.

    B. Packets are routed based on the information in the policy-based routing table.

    C. An ICMP error message is sent back to the originator.

    D. Packet are routed back to the originator.

  • Question 376:

    The exhibit shoes three static routes.

    Which routes will be used to route the packets to the destination IP address 172.20.168.1?

    A. The route with the ID number 2 and 3.

    B. Only the route with the ID number 3.

    C. Only the route with the ID number 2.

    D. Only the route with the ID number 1.

  • Question 377:

    A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office.

    The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers.

    What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?

    A. Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

    B. Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

    C. Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.

    D. Dynamic routing protocols cannot be used over IPSec VPN tunnels.

  • Question 378:

    The following ban list entry is displayed through the CLI.

    Based on this command output, which of the following statements is correct?

    A. The administrator has specified the Attack and Victim Address method for the quarantine.

    B. This diagnostic entry results from the administrator running the diag ips log test command. This command has no effect on traffic.

    C. A DLP rule has been matched.

    D. An attack has been repeated more than once during the holddown period; the expiry time has been reset to indefinite.

  • Question 379:

    An intermittent connectivity issue is noticed between two devices located behind the FortiGate dmz and internal interfaces. A continuous sniffer trace is run on the FortiGate unit that the administrator will convert into a .cap file for an off-line analysis with a sniffer application.

    Given the high volume of global traffic on the network, which of the following CLI commands will best allow the administrator to perform this troubleshooting operation?

    A. diagnose sniffer packet any

    B. diagnose sniffer packet dmz "" 3

    C. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 3

    D. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 4

  • Question 380:

    Which of the following statements correctly describes the deepscan option for HTTPS?

    A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs.

    B. Enabling deepscan will perform further checks on the server certificate.

    C. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked.

    D. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.