We provide real NSE4-5.4 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Fortinet NSE4-5.4 Exam quickly & easily. The NSE4-5.4 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Fortinet NSE4-5.4 dumps pdf and vce product and material, you can easily pass the NSE4-5.4 exam.
Q16. If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?
A. It blocks all future traffic for that IP address for a configured interval.
B. It archives the data for that IP address.
C. It provides a DLP block replacement page with a link to download the file.
D. It notifies the administrator by sending an email.
Answer: A
Q17. Which statements about high availability (HA) for FortiGates are true? (Choose two.)
A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
B. Heartbeat interfaces are not required on the primary device.
C. HA management interface settings are synchronized between cluster members.
D. Sessions handled by UTM proxy cannot be synchronized.
Answer: A,C
Q18. Which statement about data leak prevention (DLP) on a FortiGate is true?
A. Traffic shaping can be applied to DLP sensors.
B. It can be applied to a firewall policy in a flow-based VDOM.
C. Files can be sent to FortiSandbox for detecting DLP threats.
D. It can archive files and messages.
Answer: D
Q19. View the exhibit.
When Role is set to Undefined, which statement is true?
A. The GUI provides all the configuration options available for the port1 interface.
B. You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.
C. Firewall policies can be created from only the port1 interface to any interface.
D. The port1 interface is reserved for management only.
Answer: A
Q20. View the exhibit.
Which statements about the exhibit are true? (Choose two.)
A. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
B. port1-VLAN1 is the native VLAN for the port1 physical interface.
C. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
D. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
Answer: A,D
Q21. How does FortiGate select the central SNAT policy that is applied to a TCP session?
A. It selects the SNAT policy specified in the configuration of the outgoing interface.
B. It selects the first matching central-SNAT policy from top to bottom.
C. It selects the central-SNAT policy with the lowest priority.
D. It selects the SNAT policy specified in the configuration of the firewall policy that
matches the traffic.
Answer: A
Q22. Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT, using central NAT, requires at least one central SNAT policy.
D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.
Answer: A,C
Q23. Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)
A. FQDN address
B. IP pool
C. User or user group
D. Firewall service
Answer: B,C
Q24. What is FortiGate’s behavior when local disk logging is disabled?
A. Only real-time logs appear on the FortiGate dashboard.
B. No logs are generated.
C. Alert emails are disabled.
D. Remote logging is automatically enabled.
Answer: A
Q25. Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)
A. TCP SYN proxy
B. SIP session helper
C. Proxy-based antivirus
D. Attack signature matching
E. Flow-based web filtering
Answer: C,D,E
Q26. View the example routing table.
Which route will be selected when trying to reach 10.20.30.254?
A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2
B. The traffic will be dropped because it cannot be routed.
C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3
D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1
Answer: A
Q27. An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The interface has been configured for one-arm sniffer.
B. The interface is a member of a virtual wire pair.
C. The operation mode is transparent.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
Answer: B,C,D
Q28. Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)
A. FQDN address
B. IP pool
C. User or user group
D. Firewall service
Answer: B,C
Q29. View the exhibit.
(Choose two.)
A. The HA mode changes to standalone.
B. The firewall policies are deleted on the disconnected member.
C. The system hostname is set to the FortiGate serial number.
D. The port3 is configured with an IP address for management access.
Answer: A,D
Q30. How can a browser trust a web-server certificate signed by a third party CA?
A. The browser must have the CA certificate that signed the web-server certificate installed.
B. The browser must have the web-server certificate installed.
C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.
D. The browser must have the public key of the web-server certificate installed.
Answer: A