Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 441:

  Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)

  A. They both create separate broadcast domains.

  B. Port Pairing works only for physical interfaces.

  C. Forwarding Domains only apply to virtual interfaces.

  D. They may contain physical and/or virtual interfaces.

  E. They are only available in high-end models.

  Correct Answer: AD

• Question 442:

  Examine the Exhibits shown below, then answer the question that follows. Review the following DLP Sensor (Exhibit 1):

  

  Review the following File Filter list for rule #1 (Exhibit 2):

  

  Review the following File Filter list for rule #2 (Exhibit 3):

  

  Review the following File Filter list for rule #3 (Exhibit 4):

  

  An MP3 file is renamed to `workbook.exe' and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4. Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?

  A. The file will be detected by rule #1 as an `Audio (mp3)', a log entry will be created and it will be allowed to pass through.

  B. The file will be detected by rule #2 as a "*.exe", a log entry will be created and the interface that received the traffic will be brought down.

  C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.

  D. Nothing, the file will go undetected.

  Correct Answer: A

• Question 443:

  Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)

  A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.

  B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.

  C. VDOMs share firmware versions, as well as antivirus and IPS databases.

  D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.

  Correct Answer: ABC

• Question 444:

  Examine the static route configuration shown below; then answer the question following it. (Select all that apply.)

  

  Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.)

  A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.

  B. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.

  C. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.

  D. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.

  E. Traffic to 172.20.1.0/24 will be shared through both routes.

  Correct Answer: AC

• Question 445:

  Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.

  

  Which one of the following statements is correct regarding this output?

  A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2.

  B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.

  C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.

  D. OSPF Hello packets are not sent on point-to-point networks.

  Correct Answer: C

• Question 446:

  Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it.

  

  Which of the following statements are correct regarding this configuration? (Select all that apply).

  A. The phase1 is for a route-based VPN configuration.

  B. The phase1 is for a policy-based VPN configuration.

  C. The local gateway IP is the address assigned to port1.

  D. The local gateway IP address is 10.200.3.1.

  Correct Answer: AC

• Question 447:

  Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it.

  

  Which one of the following statements correctly describes this output?

  A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.

  B. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup.

  C. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used.

  D. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.

  Correct Answer: A

• Question 448:

  Shown below is a section of output from the debug command diag ip arp list.

  

  In the output provided, which of the following best describes the IP address 172.20.187.150?

  A. It is the primary IP address of the port1 interface.

  B. It is one of the secondary IP addresses of the port1 interface.

  C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit's port1 interface.

  Correct Answer: C

• Question 449:

  Examine the exhibit shown below then answer the question that follows it.

  

  Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:

  A. FortiGate unit's encryption certificate used by the SSL proxy.

  B. FortiGate unit's signing certificate used by the SSL proxy.

  C. FortiGuard's signing certificate used by the SSL proxy.

  D. FortiGuard's encryption certificate used by the SSL proxy.

  Correct Answer: A

• Question 450:

  Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)

  A. SNMP

  B. IPSec

  C. SMTP

  D. POP3

  E. HTTP

  Correct Answer: CDE