Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 511:

  In a FSSO agentless polling mode solution, where must the collector agent be?

  A. In any Windows server

  B. In any of the AD domain controllers

  C. In the master AD domain controller

  D. The FortiGate device polls the AD domain controllers

  Correct Answer: D

• Question 512:

  What is required in a FortiGate configuration to have more than one dialup IPsec VPN using aggressive mode?

  A. All the aggressive mode dialup VPNs MUST accept connections from the same peer ID.

  B. Each peer ID MUST match the FQDN of each remote peer.

  C. Each aggressive mode dialup MUST accept connections from different peer ID.

  D. The peer ID setting must NOT be used.

  Correct Answer: C

• Question 513:

  Examine the network topology diagram in the exhibit; the workstation with the IP address 212.10.11.110 sends a TCP SYN packet to the workstation with the IP address 212.10.11.20.

  

  Which of the following sentences best describes the result of the reverse path forwarding (RFP) check executed by the FortiGate on the SYN packets? (Choose two).

  A. Packets is allowed if RPF is configured as loose.

  B. Packets is allowed if RPF is configured as strict.

  C. Packets is blocked if RPF is configured as loose.

  D. Packets is blocked if RPF is configured as strict.

  Correct Answer: AD

• Question 514:

  If you enable the option "Generate Logs when Session Starts", what effect does this have on the number of traffic log messages generated for each session?

  A. No traffic log message is generated.

  B. One traffic log message is generated.

  C. Two traffic log messages are generated.

  D. A log message is only generated if there is a security event.

  Correct Answer: C

• Question 515:

  Which of the following actions that can be taken by the Data Leak Prevention scanning? (Choose three.)

  A. Block

  B. Reject

  C. Tag

  D. Log only

  E. Quarantine IP address

  Correct Answer: ADE

• Question 516:

  What configuration objects are automatically added when using the FortiGate's FortiClient VPN Configurations Wizard?(Choose two)

  A. Static route

  B. Phase 1

  C. Users group

  D. Phase 2

  Correct Answer: BD

• Question 517:

  Which protocol can an Internet browser use to download the PAC file with the web proxy configuration?

  A. HTTPS

  B. FTP

  C. TFTP

  D. HTTP

  Correct Answer: D

• Question 518:

  Which of the following statements are correct concerning layer 2 broadcast domains in transparent mode VDOMs?(Choose two)

  A. The whole VDOM is a single broadcast domain even when multiple VLAN are used.

  B. Each VLAN is a separate broadcast domain.

  C. Interfaces configured with the same VLAN ID can belong to different broadcast domains.

  D. All the interfaces in the same broadcast domain must use the same VLAN ID.

  Correct Answer: BC

• Question 519:

  Which action is taken by the FortiGate device when a file matches more than one rule in a Data Leak Prevention sensor?

  A. The actions specified by the rule that most specifically matched the file

  B. The actions specified in the first rule from top to bottom

  C. All actions specified by all the matched rules.

  D. The actions specified in the rule with the higher priority number

  Correct Answer: D

• Question 520:

  A FortiGate device is configured with two VDOMs. The management VDOM is 'root' , and is configured in transparent mode,'vdom1' is configured as NAT/route mode. Which traffic is generated only by 'root' and not 'vdom1'? (Choose three.)

  A. SNMP traps

  B. FortiGaurd

  C. ARP

  D. NTP

  E. ICMP redirect

  Correct Answer: ABD