1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet NSE4-5.4 Online Practice Questions and Exam Preparation

NSE4-5.4 Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE4-5.4 Online Questions & Answers

  • Question 511:

    Which of the following settings can be configured per VDOM? (Choose three.)

    A. Operating mode (NAT/route or transparent)
    B. Static routes
    C. Hostname
    D. System time
    E. Firewall Policies

  • Question 512:

    What are examples of correct syntax for the session table diagnostics command? (Choose two.)

    A. diagnose sys session filter clear
    B. diagnose sys session src 10.0.1.254
    C. diagnose sys session filter
    D. diagnose sys session filter list dst.

  • Question 513:

    Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of show system ha for the STUDENT device. Exhibit B shows the command output of show system ha for the REMOTE device.

    Exhibit A:

    Exhibit B

    Which one of the following is the most likely reason that the cluster fails to form?

    A. Password
    B. HA mode
    C. Heartbeat
    D. Override

  • Question 514:

    An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

    A. Create firewall policies to allow and control traffic between the source and destination IP addresses.
    B. Configure the appropriate user groups to allow users access to the tunnel.
    C. Set the operating mode to IPsec VPN mode.
    D. Define the phase 2 parameters.
    E. Define the Phase 1 parameters.

  • Question 515:

    A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the antivirus and email filter profiles applied to this policy. Exhibit A:

    Exhibit B:

    What is the correct behavior when the email attachment is detected as a virus by the FortiGate antivirus engine?

    A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected.
    B. The FortiGate unit will reject the infected email and the sender will receive a failed delivery message.
    C. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed.
    D. The FortiGate unit will reject the infected email and notify the sender.

  • Question 516:

    Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?

    A. TCP connection
    B. File attachments
    C. Message headers
    D. Message body

  • Question 517:

    Which of the following statements best describe what a FortiGate does when packets match a black hole route?

    A. Packets are dropped.
    B. Packets are routed based on the information in the policy-based routing table.
    C. An ICMP error message is sent back to the originator.
    D. Packet are routed back to the originator.

  • Question 518:

    What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

    A. Traffic to inappropriate web sites
    B. SQL injection attacks
    C. Server information disclosure attacks
    D. Credit card data leaks
    E. Traffic to botnet command and control (CandC) servers

  • Question 519:

    An administrator is examining the attack logs and notices the following entry:

    Based on the information displayed in this entry, which of the following statements are correct? (Select all that apply.)

    A. This is an HTTP server attack.
    B. The attack was detected and blocked by the FortiGate unit.
    C. The attack was against a FortiGate unit at the 192.168.1.100 IP address.
    D. The attack was detected and passed by the FortiGate unit.

  • Question 520:

    Which of the following statements must be true for a digital certificate to be valid? (Choose two.)

    A. It must be signed by a "trusted" CA
    B. It must be listed as valid in a Certificate Revocation List (CRL)
    C. The CA field must be "TRUE"
    D. It must be still within its validity period

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.