Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

• Question 551:

  Which statement is correct concerning creating a custom signature?

  A. It must start with the name

  B. It must indicate whether the traffic flow is from the client or the server.

  C. It must specify the protocol. Otherwise, it could accidentally match lower-layer protocols.

  D. It is not supported by Fortinet Technical Support.

  Correct Answer: A

• Question 552:

  Which operating system vulnerability can you protect when selecting signatures to include in an IPS sensor? (Choose three)

  A. Irix

  B. QNIX

  C. Linux

  D. Mac OS

  E. BSD

  Correct Answer: CDE

• Question 553:

  Which of the following statements best describes the role of a DC agents in an FSSO DC?

  A. Captures the login events and forward them to the collector agent.

  B. Captures the user IP address and workstation name and forward that information to the FortiGate devices.

  C. Captures the login and logoff events and forward them to the collector agent.

  D. Captures the login events and forward them to the FortiGate devices.

  Correct Answer: C

• Question 554:

  An Internet browser is using the WPAD DNS method to discover the PAC file's URL. The DNS server replies to the browser's request with the IP address 10.100.1.10. Which URL will the browser use to download the PAC file?

  A. http://10.100.1.10/proxy.pac

  B. https://10.100.1.10/

  C. http://10.100.1.10/wpad.dat

  D. https://10.100.1.10/proxy.pac

  Correct Answer: C

• Question 555:

  Which of the following IPsec configuration modes can be used for implementing L2TP- over- IPSec VPNs?

  A. Policy-based IPsec only.

  B. Route-based IPsec only.

  C. Both policy-based and route-based VPN.

  D. L2TP-over-IPSec is not supported by FortiGate devices.

  Correct Answer: A

• Question 556:

  Which of the following statements describe some of the differences between symmetric and asymmetric cryptography? (Choose two.)

  A. In symmetric cryptography, the keys are publicly available. In asymmetric cryptography, the keys must be kept secret.

  B. Asymmetric cryptography can encrypt data faster than symmetric cryptography

  C. Symmetric cryptography uses one pre-shared key. Asymmetric cryptography uses a pair or keys

  D. Asymmetric keys can be sent to the remote peer via digital certificates. Symmetric keys cannot

  Correct Answer: CD

• Question 557:

  A FortiGate device is configure to perform an AV and IPS scheduled update every hour.

  

  Given the information in the exhibit, when will the next update happen?

  A. 01:00

  B. 02:05

  C. 11:00

  D. 11:08

  Correct Answer: D

• Question 558:

  Which of the following statements are true about the SSL Proxy certificate that must be used for SSL Content Inspection? (Choose two.)

  A. It cannot be signed by a private CA

  B. It must have either the field "CA=True" or the filed "Key Usage=KeyCertSign"

  C. It must be installed in the FortiGate device

  D. The subject filed must contain either the FQDN, or the IP address of the FortiGate device

  Correct Answer: CD

• Question 559:

  A FortiGate is configured to receive push updates from the FortiGuard Distribution Network, however, they are not being received.

  Which is one reason for this problem?

  A. The FortiGate is connected to multiple ISPs.

  B. FortiGuard scheduled updates are enabled in the FortiGate configuration.

  C. The FortiGate is in Transparent mode.

  D. The external facing interface of the FortiGate is configured to get the IP address from a DHCP server.

  Correct Answer: D

• Question 560:

  Which best describe the mechanism of a TCP SYN flood?

  A. The attacker keeps open many connections with slow data transmission so that other clients cannot start new connections.

  B. The attacker sends a packet designed to "sync" with the FortiGate.

  C. The attacker sends a specially crafted malformed packet, intended to crash the target by exploiting its parser.

  D. The attacker starts many connections, but never acknowledges to fully form them.

  Correct Answer: D