1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

NSE4-5.4 Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE4-5.4 Online Questions & Answers

  • Question 501:

    Examine the following CLI configuration:

    config system session-ttl set default 1800 end

    What statement is true about the effect of the above configuration line?

    A. Sessions can be idle for more than 1800 seconds.
    B. The maximum length of time a session can be open is 1800 seconds.
    C. After 1800 seconds, the end user must re-authenticate.
    D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

  • Question 502:

    An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?

    A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured.
    B. Enable Traffic Shaping for the appropriate SIP firewall policy.
    C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command.
    D. Run the set udp-idle-timer CLI command and set a lower time value.

  • Question 503:

    A FortiGate device is configure to perform an AV and IPS scheduled update every hour.

    Given the information in the exhibit, when will the next update happen?

    A. 01:00
    B. 02:05
    C. 11:00
    D. 11:08

  • Question 504:

    The exhibit shows the Disconnect Cluster Member command in a FortiGate unit that is part of a HA cluster with two HA members.

    What is the effect of the Disconnect Cluster Member command as given in the exhibit. (Choose two.)

    A. Port3 is configured with an IP address for management access.
    B. The firewall rules are purged on the disconnected unit.
    C. The HA mode changes to standalone.
    D. The system hostname is set to the unit serial number.

  • Question 505:

    When configuring LDAP on the FortiGate as a remote database for users, what is not a part of the configuration?

    A. The name of the attribute that identifies each user (Common Name Identifier).
    B. The user account or group element names (user DN).
    C. The server secret to allow for remote queries (Primary server secret).
    D. The credentials for an LDAP administrator (password).

  • Question 506:

    Which of the following statements is correct about configuring web filtering overrides?

    A. The Override option for FortiGuard Web Filtering is available for any user group type.
    B. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor.
    C. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.
    D. Using Web Filtering Overrides requires the use of Firewall Policy Authentication.

  • Question 507:

    Which of the following statements about the FSSO collector agent timers is true?

    A. The dead entry timeout interval is used to age out entries with an unverified status.
    B. The workstation verify interval is used to periodically check if a workstation is still a domain member.
    C. The user group cache expiry is used to age out the monitored groups.
    D. The IP address change verify interval monitors the server IP address where the collector agent is installed, and updates the collector agent configuration if it changes.

  • Question 508:

    Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

    A. FQDN address
    B. IP pool
    C. User or user group
    D. Firewall service

  • Question 509:

    What is the purpose of the Policy Lookup feature?

    A. It finds duplicate objects in firewall policies.
    B. It searches the matching policy based on an input criteria.
    C. It creates a new firewall policy based on an input criteria.
    D. It enables hidden security profiles with full logging capabilities and generates Learning Reports based on an input criteria.

  • Question 510:

    Which election criterion is used to elect the primary FortiGate in a high availability (HA) cluster when override is enabled?

    A. uptime > priority > port monitor > serial number
    B. port monitor > uptime > priority >serial number
    C. priority > port monitor >uptime >serial number
    D. port monitor > priority > uptime >serial number

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.