1. Home
  2. Fortinet
  3. NSE4-5.4

Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4

Exam Details

  • Exam Code
    :NSE4-5.4
  • Exam Name
    :Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :576 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE4-5.4 Questions & Answers

  • Question 81:

    An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

    A. Enable a web filtering profile on the firewall policy.

    B. Create an application control policy.

    C. Enable logging on the firewall policy.

    D. Enable an application control security profile on the firewall policy.

  • Question 82:

    View the exhibit.

    This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1.

    In this scenario. FGT1 has the following routing table:

    Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?

    A. The port1 cable is disconnected.

    B. The connection is dropped due to reverse path forwarding check.

    C. The connection is denied due to forward policy check.

    D. FGT1's port1 interface is administratively down.

  • Question 83:

    What step is required to configure an SSL VPN to access to an internal server using port forward mode?

    A. Configure the virtual IP addresses to be assigned to the SSL VPN users.

    B. Install FortiClient SSL VPN client

    C. Create a SSL VPN realm reserved for clients using port forward mode.

    D. Configure the client application to forward IP traffic to a Java applet proxy.

  • Question 84:

    View the exhibit.

    What is the effect of the Disconnect Cluster Member operation as shown in the exhibit? (Choose two.)

    A. The HA mode changes to standalone.

    B. The firewall policies are deleted on the disconnected member.

    C. The system hostname is set to the FortiGate serial number.

    D. The port3 is configured with an IP address for management access.

  • Question 85:

    Which statements correctly describe transparent mode operation? (Choose three.)

    A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.

    B. The transparent FortiGate is visible to network hosts in an IP traceroute.

    C. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.

    D. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.

    E. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

  • Question 86:

    Which statements about One-to-One IP pool are true? (Choose two.)

    A. It allows configuration of ARP replies.

    B. It allows fixed mapping of an internal address range to an external address range.

    C. It is used for destination NAT.

    D. It does not use port address translation.

  • Question 87:

    What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

    A. Traffic to inappropriate web sites

    B. SQL injection attacks

    C. Server information disclosure attacks

    D. Credit card data leaks

    E. Traffic to botnet command and control (CandC) servers

  • Question 88:

    What is FortiGate's behavior when local disk logging is disabled?

    A. Only real-time logs appear on the FortiGate dashboard.

    B. No logs are generated.

    C. Alert emails are disabled.

    D. Remote logging is automatically enabled.

  • Question 89:

    When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

    A. The FortiGate unit's public IP address

    B. The FortiGate unit's internal IP address

    C. The remote user's virtual IP address

    D. The remote user's public IP address

  • Question 90:

    An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

    A. The interface has been configured for one-arm sniffer.

    B. The interface is a member of a virtual wire pair.

    C. The operation mode is transparent.

    D. The interface is a member of a zone.

    E. Captive portal is enabled in the interface.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE4-5.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.