A Review Of High quality NSE4-5.4 pdf

NSE4-5.4 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library! Try it Free Today!

https://www.exambible.com/NSE4-5.4-exam/

Product Description:
Exam Number/Code: NSE4-5.4
Exam name: Fortinet Network Security Expert - FortiOS 5.4
n questions with full explanations
Certification: Fortinet Certification
Last updated on Global synchronizing

Free Certification Real IT NSE4-5.4 Exam pdf Collection

Act now and download your Fortinet NSE4-5.4 test today! Do not waste time for the worthless Fortinet NSE4-5.4 tutorials. Download Renew Fortinet Fortinet Network Security Expert - FortiOS 5.4 exam with real questions and answers and begin to learn Fortinet NSE4-5.4 with a classic professional.

Q1. View the example routing table.

 

Which route will be selected when trying to reach 10.20.30.254?

A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2

B. The traffic will be dropped because it cannot be routed.

C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3

D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1

Answer: A


Q2. How can a browser trust a web-server certificate signed by a third party CA?

A. The browser must have the CA certificate that signed the web-server certificate installed.

B. The browser must have the web-server certificate installed.

C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.

D. The browser must have the public key of the web-server certificate installed.

Answer: A


Q3. What are the purposes of NAT traversal in IPsec? (Choose two.)

A. To detect intermediary NAT devices in the tunnel path.

B. To encapsulate ESP packets in UDP packets using port 4500.

C. To force a new DH exchange with each phase 2 re-key

D. To dynamically change phase 1 negotiation mode to Aggressive.

Answer: A,B


Q4. A FortiGate interface is configured with the following commands:

 

What statements about the configuration are correct? (Choose two.)

A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.

B. FortiGate can provide DNS settings to IPv6 clients.

C. FortiGate can send IPv6 router advertisements (RAs.)

D. FortiGate can provide IPv6 addresses to DHCPv6 client.

Answer: C,D


Q5. View the exhibit.

 

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?

A. Addicting.Games is allowed based on the Application Overrides configuration.

B. Addicting.Games is blocked based on the Filter Overrides configuration.

C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D. Addicting.Games is allowed based on the Categories configuration.

Answer: D


Q6. What is FortiGate’s behavior when local disk logging is disabled?

A. Only real-time logs appear on the FortiGate dashboard.

B. No logs are generated.

C. Alert emails are disabled.

D. Remote logging is automatically enabled.

Answer: A


Q7. Which statement about data leak prevention (DLP) on a FortiGate is true?

A. Traffic shaping can be applied to DLP sensors.

B. It can be applied to a firewall policy in a flow-based VDOM.

C. Files can be sent to FortiSandbox for detecting DLP threats.

D. It can archive files and messages.

Answer: D


Q8. View the example routing table.

 

Which route will be selected when trying to reach 10.20.30.254?

A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2

B. The traffic will be dropped because it cannot be routed.

C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3

D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1

Answer: A


Q9. Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

 

The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.

The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.

Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

A. 10.200.1.1

B. 10.0.1.254

C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24

D. 10.200.1.10

Answer: D


Q10. An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

B. Create an application control policy.

C. Enable logging on the firewall policy.

D. Enable an application control security profile on the firewall policy.

Answer: B,D