1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 51:

    An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

    A. A phase 2 configuration is not required.

    B. This VPN cannot be used as part of a hub and spoke topology.

    C. The IPsec firewall policies must be placed at the top of the list.

    D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

  • Question 52:

    Which statement about the FortiGuard services for the FortiGate is true?

    A. Antivirus signatures are downloaded locally on the FortiGate.

    B. FortiGate downloads IPS updates using UDP port 53 or 8888.

    C. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.

    D. The web filtering database is downloaded locally on the FortiGate.

  • Question 53:

    Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)

    A. The antivirus engine starts scanning a file after the last packet arrives.

    B. It does not support FortiSandbox inspection.

    C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.

    D. It uses the compact antivirus database.

  • Question 54:

    Which of the following statements about central NAT are true? (Choose two.)

    A. IP tool references must be removed from existing firewall policies before enabling central NAT.

    B. Central NAT can be enabled or disabled from the CLI only.

    C. Source NAT, using central NAT, requires at least one central SNAT policy.

    D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.

  • Question 55:

    An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

    A. In an IPS sensor

    B. In an interface.

    C. In a DoS policy.

    D. In an application control profile.

  • Question 56:

    An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?

    A. Non-recursive

    B. Recursive

    C. Forward to primary and secondary DNS

    D. Forward to system DNS

  • Question 57:

    Which statements about high availability (HA) for FortiGates are true? (Choose two.)

    A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.

    B. Heartbeat interfaces are not required on the primary device.

    C. HA management interface settings are synchronized between cluster members.

    D. Sessions handled by UTM proxy cannot be synchronized.

  • Question 58:

    Examine this output from the diagnose sys top command:

    Which statements about the output are true? (Choose two.)

    A. sshd is the process consuming most memory

    B. sshd is the process consuming most CPU

    C. All the processes listed are in sleeping state

    D. The sshd process is using 123 pages of memory

  • Question 59:

    An administrator has enabled proxy-based antivirus scanning and configured the following settings:

    Which statement about the above configuration is true?

    A. Files bigger than 10 MB are not scanned for viruses and will be blocked.

    B. FortiGate scans only the first 10 MB of any file.

    C. Files bigger than 10 MB are sent to the heuristics engine for scanning.

    D. FortiGate scans the files in chunks of 10 MB.

  • Question 60:

    If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

    A. It blocks all future traffic for that IP address for a configured interval.

    B. It archives the data for that IP address.

    C. It provides a DLP block replacement page with a link to download the file.

    D. It notifies the administrator by sending an email.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.