1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 31:

    View the exhibit.

    VDOM1 is operating is transparent mode VDOM2 is operating in NAT Route mode. There is an inter-VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1.

    What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

    A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.

    B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.

    C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.

    D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.

  • Question 32:

    An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy.

    What else is required for the CASI profile to work properly?

    A. You must enable logging for security events on the firewall policy.

    B. You must activate a FortiCloud account.

    C. You must apply an application control profile to the firewall policy.

    D. You must enable SSL inspection on the firewall policy.

  • Question 33:

    How does FortiGate look for a matching firewall policy to process traffic?

    A. From top to bottom, based on the sequence numbers.

    B. Based on best match.

    C. From top to bottom, based on the policy ID numbers.

    D. From lower to higher, based on the priority value.

  • Question 34:

    How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

    A. Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.

    B. Enable the shape option in a firewall policy with service set to BitTorrent.

    C. Apply a traffic shaper to a BitTorrent entry in the SSL/SSH inspection profile.

    D. Apply a traffic shaper to a protocol options profile.

  • Question 35:

    Which file names will match the *.tiff file name pattern configured in a data leak prevention filter? (Choose two.)

    A. tiff.tiff

    B. tiff.png

    C. tiff.jpeg

    D. gif.tiff

  • Question 36:

    How can you format the FortiGate flash disk?

    A. Load the hardware test (HQIP) image.

    B. Execute the CLI command execute formatlogdisk.

    C. Load a debug FortiOS image.

    D. Select the format boot device option from the BIOS menu.

  • Question 37:

    How do you configure inline SSL inspection on a firewall policy? (Choose two.)

    A. Enable one or more flow-based security profiles on the firewall policy.

    B. Enable the SSL/SSH Inspection profile on the firewall policy.

    C. Execute the inline ssl inspection CLI command.

    D. Enable one or more proxy-based security profiles on the firewall policy.

  • Question 38:

    Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)

    A. IPv6

    B. RIP

    C. GRE

    D. NAT64

  • Question 39:

    View the exhibit.

    Based on this output, which statements are correct? (Choose two.)

    A. FortiGate generated an event log for system conserve mode.

    B. FortiGate has entered in to system conserve mode.

    C. By default, the FortiGate blocks new sessions.

    D. FortiGate changed the global av-failopen settings to idledrop.

  • Question 40:

    View the Exhibit.

    The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1. What ping option needs to be enabled before running the ping?

    A. Execute ping-options source port1

    B. Execute ping-options source 10.200.1.1.

    C. Execute ping-options source 10.200.1.2

    D. Execute ping-options source 10.0.1.254

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.