In a FSSO agent mode solution, how does the FSSO collector agent learn each IP address?
A. The DC agents get each user IP address from the event logs and forward that information to the collector agent
B. The collector agent does not know, and does not need, each user IP address. Only workstation names are known by the collector agent.
C. The collector agent frequently polls the AD domain controllers to get each user IP address.
D. The DC agent learns the workstation name from the event logs and DNS is then used to translate those names to the respective IP addresses.
Which of the following statements are correct concerning IKE mode config? (Choose two)
A. It can dynamically assign IP addresses to IPsec VPN clients.
B. It can dynamically assign DNS settings to IPsec VPN clients.
C. It uses the ESP protocol.
D. It can be enabled in the phase 2 configuration.
For FortiGate devices equipped with Network Processor (NP) chips, which are true? (Choose three.)
A. For each new IP session, the first packet always goes to the CPU.
B. The kernel does not need to program the NPU. When the NPU sees the traffic, it determines by itself whether it can process the traffic
C. Once offloaded, unless there are errors, the NP forwards all subsequent packets. The CPU does not process them.
D. When the last packet is sent or received, such as a TCP FIN or TCP RST signal, the NP returns this session to the CPU for tear down.
E. Sessions for policies that have a security profile enabled can be NP offloaded.
Which of the following statements are correct concerning IPsec dialup VPN configurations for FortiGate devices? (Choose two)
A. Main mode mist be used when there is no more than one IPsec dialup VPN configured on the same FortiGate device.
B. A FortiGate device with an IPsec VPN configured as dialup can initiate the tunnel connection to any remote IP address.
C. Peer ID must be used when there is more than one aggressive-mode IPsec dialup VPN on the same FortiGate device.
D. The FortiGate will automatically add a static route to the source quick mode selector address received from each remote peer.
Which of the following statements best describe the main requirements for a traffic session to be offload eligible to an NP6 processor? (Choose three.)
A. Session packets do NOT have an 802.1Q VLAN tag.
B. It is NOT multicast traffic.
C. It does NOT require proxy-based inspection.
D. Layer 4 protocol must be UDP, TCP, SCTP or ICMP.
E. It does NOT require flow-based inspection.
There are eight (8) log severity levels that indicate the importance of an event. Not including Debug, which is only needed to log diagnostic data, what are both the lowest AND highest severity levels?
A. Notification, Emergency
B. Information, Critical
C. Error, Critical
D. Information, Emergency
E. Information, Alert
Which of the following statements are correct concerning the FortiGate session life support protocol? (Choose two)
A. By default, UDP sessions are not synchronized.
B. Up to four FortiGate devices in standalone mode are supported.
C. only the master unit handles the traffic.
D. Allows per-VDOM session synchronization.
Which FSSO agents are required for a FSSO agent-based polling mode solution?
A. Collector agent and DC agents
B. Polling agent only
C. Collector agent only
D. DC agents only
Which are outputs for the command `diagnose hardware deviceinfo nic'? (Choose two.)
A. ARP cache
B. Physical MAC address
C. Errors and collisions
D. Listening TCP ports
Which is true of FortiGate's session table?
A. NAT/PAT is shown in the central NAT table, not the session table.
B. It shows TCP connection states.
C. It shows IP, SSL, and HTTP sessions.
D. It does not show UDP or ICMP connection state codes, because those protocols are connectionless.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.