Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 41:

  Which statements about IP-based explicit proxy authentication are true? (Choose two.)

  A. IP-based authentication is best suited to authenticating users behind a NAT device.

  B. Sessions from the same source address are treated as a single user.

  C. IP-based authentication consumes less FortiGate's memory than session-based authentication.

  D. FortiGate remembers authenticated sessions using browser cookies.

  Correct Answer: BC

• Question 42:

  Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

  A. The remote gateway IP must be an IPv6 address.

  B. The source quick mode selector must be an IPv4 address.

  C. The local gateway IP must an IPv4 address.

  D. The destination quick mode selector must be an IPv6 address.

  Correct Answer: CD

• Question 43:

  Which statement about data leak prevention (DLP) on a FortiGate is true?

  A. Traffic shaping can be applied to DLP sensors.

  B. It can be applied to a firewall policy in a flow-based VDOM.

  C. Files can be sent to FortiSandbox for detecting DLP threats.

  D. It can archive files and messages.

  Correct Answer: D

• Question 44:

  Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

  

  The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.

  The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.

  Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

  A. 10.200.1.1

  B. 10.0.1.254

  C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24

  D. 10.200.1.10

  Correct Answer: D

• Question 45:

  Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

  A. It is only supported if DC agents are deployed.

  B. FortiGate can act as an LDAP client configure the group filters.

  C. It supports monitoring of nested groups.

  D. It uses the Windows convention for naming, that is, Domain\Username.

  Correct Answer: BC

• Question 46:

  Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

  A. FQDN address

  B. IP pool

  C. User or user group

  D. Firewall service

  Correct Answer: AC

• Question 47:

  An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?

  A. The administrator is running the sniffer on the internal interface only.

  B. The filter used in the sniffer matches the traffic only in one direction.

  C. The FortiGate is doing content inspection.

  D. TCP traffic is being offloaded to an NP6.

  Correct Answer: D

• Question 48:

  When using WPAD DNS method, what is the FQDN format that browsers use to query the DNS server?

  A. wpad.

  B. srv_tcp.wpad.

  C. srv_proxy./wpad.dat

  D. proxy..wpad

  Correct Answer: A

• Question 49:

  What information is flushed when the chunk-size value is changed in the config dlp settings?

  A. The database for DLP document fingerprinting

  B. The supported file types in the DLP filters

  C. The archived files and messages

  D. The file name patterns in the DLP filters

  Correct Answer: A

• Question 50:

  How does FortiGate select the central SNAT policy that is applied to a TCP session?

  A. It selects the SNAT policy specified in the configuration of the outgoing interface.

  B. It selects the first matching central-SNAT policy from top to bottom.

  C. It selects the central-SNAT policy with the lowest priority.

  D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

  Correct Answer: B