1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

NSE4-5.4 Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE4-5.4 Online Questions & Answers

  • Question 461:

    Which of the following traffic shaping functions can be offloaded to a NP processor? (Choose two.)

    A. Que prioritization
    B. Traffic cap (bandwidth limit)
    C. Differentiated services field rewriting
    D. Guarantee bandwidth

  • Question 462:

    Which of the following statements is true regarding the differences between route-based and policy-based IPsec VPNs? (Choose two.)

    A. The firewall policies for policy-based are bidirectional. The firewall policies for route- based are unidirectional.
    B. In policy-based VPNs the traffic crossing the tunnel must be routed to the virtual IPsec interface. In route-based, it does not.
    C. The action for firewall policies for route-based VPNs may be Accept or Deny, for policy- based VPNs it is Encrypt.
    D. Policy-based VPN uses an IPsec interface, route-based does not.

  • Question 463:

    An administrator has configured a FortiGate unit so that end users must authenticate against the firewall using digital certificates before browsing the Internet. What must the user have for a successful authentication? (Select all that apply.)

    A. An entry in a supported LDAP Directory.
    B. A digital certificate issued by any CA server.
    C. A valid username and password.
    D. A digital certificate issued by the FortiGate unit.
    E. Membership in a firewall user group.

  • Question 464:

    Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

    A. It is only supported if DC agents are deployed.
    B. FortiGate can act as an LDAP client configure the group filters.
    C. It supports monitoring of nested groups.
    D. It uses the Windows convention for naming, that is, Domain\Username.

  • Question 465:

    If you enable the option "Generate Logs when Session Starts", what effect does this have on the number of traffic log messages generated for each session?

    A. No traffic log message is generated.
    B. One traffic log message is generated.
    C. Two traffic log messages are generated.
    D. A log message is only generated if there is a security event.

  • Question 466:

    How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

    A. File TypE. Microsoft Office(msoffice)
    B. File TypE. Archive(zip)
    C. File TypE. Unknown Filetype(unknown)
    D. File NamE. "*.ppt", "*.doc", "*.xls"
    E. File NamE. "*.pptx", "*.docx", "*.xlsx"

  • Question 467:

    Which of the following are benefits of using web caching? (Choose three.)

    A. Decrease bandwidth utilization
    B. Reduce server load
    C. Reduce FortiGate CPU usage
    D. Reduce FortiGate memory usage
    E. Decrease traffic delay

  • Question 468:

    Which of the following statements are correct about the HA command diagnose sys ha reset- uptime? (Choose two.)

    A. The device this command is executed on is likely to switch from master to slave status if override is disabled.
    B. The device this command is executed on is likely to switch from master to slave status if override is enabled.
    C. This command has no impact on the HA algorithm.
    D. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

  • Question 469:

    In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?

    A. A lookup is done only when the first packet coming from the client (SYN) arrives
    B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.
    C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).
    D. A lookup is always done each time a packet arrives, from either the server or the client side.

  • Question 470:

    Acme Web Hosting is replacing one of their firewalls with a FortiGate. It must be able to apply port forwarding to their back-end web servers while blocking virus uploads and TCP SYN floods from attackers. Which operation mode is the best choice for these requirements?

    A. NAT/route
    B. NAT mode with an interface in one-arm sniffer mode
    C. Transparent mode
    D. No appropriate operation mode exists

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.