Cause all that matters here is passing the Fortinet NSE4-5.4 exam. Cause all that you need is a high score of NSE4-5.4 Fortinet Network Security Expert - FortiOS 5.4 exam. The only one thing you need to do is downloading Passleader NSE4-5.4 exam study guides now. We will not let you down with our money-back guarantee.

P.S. Virtual NSE4-5.4 dumps are available on Google Drive, GET MORE: https://drive.google.com/open?id=1YR5fY-VinwDTR3q70wpdEN_O3N_EUu6U


New Fortinet NSE4-5.4 Exam Dumps Collection (Question 6 - Question 15)

Question No: 6

How do you configure inline SSL inspection on a firewall policy? (Choose two.)

A. Enable one or more flow-based security profiles on the firewall policy.

B. Enable the SSL/SSH Inspection profile on the firewall policy.

C. Execute the inline ssl inspection CLI command.

D. Enable one or more proxy-based security profiles on the firewall policy.

Answer: A,B



Question No: 7

Which statements about application control are true? (Choose two.)

A. Enabling application control profile in a security profile enables application control for all the traffic flowing through the FortiGate.

B. It cannot take an action on unknown applications.

C. It can inspect encrypted traffic.

D. It can identify traffic from known applications, even when they are using non-standard TCP/UDP ports.

Answer: A,D



Question No: 8

Which statements about One-to-One IP pool are true? (Choose two.)

A. It allows configuration of ARP replies.

B. It allows fixed mapping of an internal address range to an external address range.

C. It is used for destination NAT.

D. It does not use port address translation.

Answer: B,D



Question No: 9

Which statement about this configuration is correct?

A. The FortiGate generates spanning tree BPDU frames.

B. The FortiGate device forwards received spanning tree BPDU frames.

C. The FortiGate can block an interface if a layer-2 loop is detected.

D. Ethernet layer-2 loops are likely to occur.

Answer: B



Question No: 10

Examine the exhibit, which contains a virtual IP and a firewall policy configuration.

The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.

The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.

Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

A. 10.200.1.1

B. 10.0.1.254

C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24

D. 10.200.1.10

Answer: A



Question No: 11

Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

A. FQDN address

B. IP pool

C. User or user group

D. Firewall service

Answer: B,C



Question No: 12

A FortiGate interface is configured with the following commands:

What statements about the configuration are correct? (Choose two.)

A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.

B. FortiGate can provide DNS settings to IPv6 clients.

C. FortiGate can send IPv6 router advertisements (RAs.)

D. FortiGate can provide IPv6 addresses to DHCPv6 client.

Answer: A,C



Question No: 13

Which statement is true regarding the policy ID numbers of firewall policies?

A. Change when firewall policies are re-ordered.

B. Defines the order in which rules are processed.

C. Are required to modify a firewall policy from the CLI.

D. Represent the number of objects used in the firewall policy.

Answer: C



Question No: 14

How can a browser trust a web-server certificate signed by a third party CA?

A. The browser must have the CA certificate that signed the web-server certificate installed.

B. The browser must have the web-server certificate installed.

C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.

D. The browser must have the public key of the web-server certificate installed.

Answer: A



Question No: 15

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B. ADVPN is only supported with IKEv2.

C. Tunnels are negotiated dynamically between spokes.

D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: A,C



P.S. Easily pass NSE4-5.4 Exam with Certifytools Virtual Dumps & pdf vce, Try Free: https://www.certifytools.com/NSE4-5.4-exam.html ( New Questions)