Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

Fortinet NSE4-5.4 Online Questions & Answers

• Question 391:

  Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true? (Choose two.)

  A. The firmware image must be manually uploaded to each FortiGate.
  B. Only secondary FortiGate devices are rebooted.
  C. Uninterruptable upgrade is enabled by default.
  D. Traffic load balancing is temporally disabled while upgrading the firmware.
  B. Only secondary FortiGate devices are rebooted.
  D. Traffic load balancing is temporally disabled while upgrading the firmware.

• Question 392:

  What must be configured in order to keep two static routes to the same destination in the routing table?

  A. The same priority.
  B. The same distance and same priority.
  C. The same distance.
  D. The same metric.
  B. The same distance and same priority.

• Question 393:

  Which of the following statements best describes how the collector agent learns that a user has logged off from the network?

  A. The workstation fails to reply to the polls frequently done by the collector agent.
  B. The DC agent captures the log off event from the event logs, which it forwards to the collector agent.
  C. The work station notifies the DC agent that the user has logged off.
  D. The collector agent gets the logoff events when polling the respective domain controller.
  D. The collector agent gets the logoff events when polling the respective domain controller.

• Question 394:

  When using WPAD DNS method, what is the FQDN format that browsers use to query the DNS server?

  A. wpad.
  B. srv_tcp.wpad.
  C. srv_proxy./wpad.dat
  D. proxy..wpad
  A. wpad.

• Question 395:

  View the example routing table.

  

  Which route will be selected when trying to reach 10.20.30.254?

  A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2
  B. The traffic will be dropped because it cannot be routed.
  C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3
  D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1
  C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3

• Question 396:

  Which IP packets can be hardware-accelerated by a NP6 processor? (Choose two.)

  A. Fragmented packet.
  B. Multicast packet.
  C. SCTP packet
  D. GRE packet.
  B. Multicast packet.
  C. SCTP packet

• Question 397:

  Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of diagnose sys session stat for the STUDENT device. Exhibit B shows the command output of diagnose sys session stat for the REMOTE device.

  Exhibit A:

  

  Exhibit B:

  

  Given the information provided in the exhibits, which of the following statements are correct? (Choose two.)

  A. STUDENT is likely to be the master device.
  B. Session-pickup is likely to be enabled.
  C. The cluster mode is active-passive.
  D. There is not enough information to determine the cluster mode.
  A. STUDENT is likely to be the master device.
  D. There is not enough information to determine the cluster mode.

• Question 398:

  What is the maximum number of different virus databases a FortiGate can have?

  A. 5
  B. 2
  C. 3
  D. 4
  B. 2

• Question 399:

  Which methods can FortiGate use to send a One Time Password (OTP) to Two-Factor Authentication users? (Choose three.)

  A. Hardware FortiToken
  B. Web Portal
  C. Email
  D. USB Token
  E. Software FortiToken (FortiToken mobile)
  A. Hardware FortiToken
  C. Email
  E. Software FortiToken (FortiToken mobile)

• Question 400:

  Which FSSO agents are required for a FSSO agent-based polling mode solution?

  A. Collector agent and DC agents
  B. Polling agent only
  C. Collector agent only
  D. DC agents only
  A. Collector agent and DC agents