Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

Fortinet NSE4-5.4 Online Questions & Answers

• Question 411:

  Which of the following methods can be used to access the CLI? (Select all that apply.)

  A. By using a direct connection to a serial console.
  B. By using the CLI console window in Web Config.
  C. By using an SSH connection.
  D. By using a Telnet connection.
  A. By using a direct connection to a serial console.
  B. By using the CLI console window in Web Config.
  C. By using an SSH connection.
  D. By using a Telnet connection.

• Question 412:

  Which UTM feature sends a UDP query to FortiGuard servers each time FortiGate scans a packet (unless the response is locally cached)?

  A. Antivirus
  B. VPN
  C. IPS
  D. Web Filtering
  D. Web Filtering

• Question 413:

  Examine the following log message attributes and select two correct statements from the list below. (Choose two.)

  hostname=www.youtube.com profiletype="Webfilter_Profile" profile="default" status="passthrough" msg="URL belongs to a category with warnings enabled"

  A. The traffic was blocked.
  B. The user failed authentication.
  C. The category action was set to warning.
  D. The website was allowed
  C. The category action was set to warning.
  D. The website was allowed

• Question 414:

  Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)

  A. They both create separate broadcast domains.
  B. Port Pairing works only for physical interfaces.
  C. Forwarding Domains only apply to virtual interfaces.
  D. They may contain physical and/or virtual interfaces.
  E. They are only available in high-end models.
  A. They both create separate broadcast domains.
  D. They may contain physical and/or virtual interfaces.

• Question 415:

  What does the command diagnose debug fsso-polling refresh-user do?

  A. It refreshes user group information form any servers connected to the FortiGate using a collector agent.
  B. It refreshes all users learned through agentless polling.
  C. It displays status information and some statistics related with the polls done by FortiGate on each DC.
  D. It enables agentless polling mode real-time debug.
  B. It refreshes all users learned through agentless polling.

• Question 416:

  Which statement best describes what SSL.root is?

  A. The name of the virtual network adapter required in each user's PC for SSL VPN Tunnel mode.
  B. The name of a virtual interface in the root VDOM where all the SSL VPN user traffic comes from.
  C. A Firewall Address object that contains the IP addresses assigned to SSL VPN users.
  D. The virtual interface in the root VDOM that the remote SSL VPN tunnels connect to.
  B. The name of a virtual interface in the root VDOM where all the SSL VPN user traffic comes from.

• Question 417:

  Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)

  A. TCP SYN proxy
  B. SIP session helper
  C. Proxy-based antivirus
  D. Attack signature matching
  E. Flow-based web filtering
  C. Proxy-based antivirus
  D. Attack signature matching
  E. Flow-based web filtering

• Question 418:

  FILL BLANK In addition to AntiVirus services, the FortiGuard Subscription Services provide IPS, Web Filtering, and _________ services.

  Correct Answer. antispam
  antispam

• Question 419:

  What are required to be the same for two FortiGate units to form an HA cluster? (Choose two)

  A. Firmware.
  B. Model.
  C. Hostname.
  D. System time zone.
  A. Firmware.
  B. Model.

• Question 420:

  Which of the following authentication methods are supported in an IPsec phase 1? (Choose two.)

  A. Asymmetric Keys
  B. CA root digital certificates
  C. RSA signature
  D. Pre-shared keys
  C. RSA signature
  D. Pre-shared keys