Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

Fortinet NSE4-5.4 Online Questions & Answers

• Question 381:

  Which changes to IPS will reduce resource usage and improve performance? (Choose three)

  A. In custom signature, remove unnecessary keywords to reduce how far into the signature tree that FortiGate must compare in order to determine whether the packet matches.
  B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, applications and traffic directions that are not relevant.
  C. In IPS filters, switch from 'Advanced' to 'Basic' to apply only the most essential signatures.
  D. In firewall policies where IPS is not needed, disable IPS.
  E. In firewall policies where IPS is used, enable session start logs.
  A. In custom signature, remove unnecessary keywords to reduce how far into the signature tree that FortiGate must compare in order to determine whether the packet matches.
  B. In IPS sensors, disable signatures and rate based statistics (anomaly detection) for protocols, applications and traffic directions that are not relevant.
  D. In firewall policies where IPS is not needed, disable IPS.

• Question 382:

  Which of the following statements are true regarding application control? (Choose two.)

  A. Application control is based on TCP destination port numbers.
  B. Application control is proxy based.
  C. Encrypted traffic can be identified by application control.
  D. Traffic shaping can be applied to the detected application traffic.
  C. Encrypted traffic can be identified by application control.
  D. Traffic shaping can be applied to the detected application traffic.

• Question 383:

  Which of the following statements describes the method of creating a policy to block access to an FTP site?

  A. Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list.
  B. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny.
  C. Create a firewall policy with a protection profile containing the Block FTP option enabled.
  D. None of the above.
  B. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny.

• Question 384:

  In which of the following report templates would you configure the charts to be included in the report?

  A. Layout Template
  B. Data Filter Template
  C. Output Template
  D. Schedule Template
  A. Layout Template

• Question 385:

  Examine the network topology diagram in the exhibit; the workstation with the IP address 212.10.11.110 sends a TCP SYN packet to the workstation with the IP address 212.10.11.20.

  

  Which of the following sentences best describes the result of the reverse path forwarding (RFP) check executed by the FortiGate on the SYN packets? (Choose two).

  A. Packets is allowed if RPF is configured as loose.
  B. Packets is allowed if RPF is configured as strict.
  C. Packets is blocked if RPF is configured as loose.
  D. Packets is blocked if RPF is configured as strict.
  A. Packets is allowed if RPF is configured as loose.
  D. Packets is blocked if RPF is configured as strict.

• Question 386:

  View the exhibit.

  

  A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?

  A. Addicting.Games is allowed based on the Application Overrides configuration.
  B. Addicting.Games is blocked based on the Filter Overrides configuration.
  C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
  D. Addicting.Games is allowed based on the Categories configuration.
  A. Addicting.Games is allowed based on the Application Overrides configuration.

• Question 387:

  Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)

  A. The collector agent does not need to search any security event logs.
  B. WMI polling can increase bandwidth usage with large networks.
  C. The NetSessionEnum function is used to track user logoffs.
  D. The collector agent uses a Windows API to query DCs for user logins.
  B. WMI polling can increase bandwidth usage with large networks.
  D. The collector agent uses a Windows API to query DCs for user logins.

• Question 388:

  In FortiOS session table output, what are the two possible `proto_state' values for a UDP session? (Choose two.)

  A. 00
  B. 11
  C. 01
  D. 05
  A. 00
  C. 01

• Question 389:

  Which statement describes what the CLI command diagnose debug authd fsso list is used for

  A. Monitors communications between the FSSO collector agent and FortiGate unit.
  B. Displays which users are currently logged on using FSSO.
  C. Displays a listing of all connected FSSO collector agents.
  D. Lists all DC Agents installed on all domain controllers.
  B. Displays which users are currently logged on using FSSO.

• Question 390:

  Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?

  A. Antivirus scanning provides end-to-end virus protection for client workstations.
  B. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols.
  C. Antivirus scanning supports banned word checking.
  D. Antivirus scanning supports grayware protection.
  D. Antivirus scanning supports grayware protection.