Act now and download your Fortinet NSE4-5.4 test today! Do not waste time for the worthless Fortinet NSE4-5.4 tutorials. Download Abreast of the times Fortinet Fortinet Network Security Expert - FortiOS 5.4 exam with real questions and answers and begin to learn Fortinet NSE4-5.4 with a classic professional.
Q31. View the exhibit.
(Choose two.)
A. The HA mode changes to standalone.
B. The firewall policies are deleted on the disconnected member.
C. The system hostname is set to the FortiGate serial number.
D. The port3 is configured with an IP address for management access.
Answer: A,D
Q32. A FortiGate interface is configured with the following commands:
What statements about the configuration are correct? (Choose two.)
A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.
B. FortiGate can provide DNS settings to IPv6 clients.
C. FortiGate can send IPv6 router advertisements (RAs.)
D. FortiGate can provide IPv6 addresses to DHCPv6 client.
Answer: C,D
Q33. View the exhibit.
When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?
A. The user is required to authenticate before accessing sites with untrusted SSL certificates.
B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.
C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.
D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).
Answer: B
Q34. Examine the exhibit, which contains a virtual IP and a firewall policy configuration.
The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.
The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
A. 10.200.1.1
B. 10.0.1.254
C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24
D. 10.200.1.10
Answer: D
Q35. Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)
A. TCP SYN proxy
B. SIP session helper
C. Proxy-based antivirus
D. Attack signature matching
E. Flow-based web filtering
Answer: C,D,E
Q36. Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic.
B. They must be applied in firewall policies with SSL inspection enabled.
C. They can block DNS request to known botnet command and control servers.
D. They can redirect blocked requests to a specific portal.
Answer: B,C
Q37. What are the purposes of NAT traversal in IPsec? (Choose two.)
A. To detect intermediary NAT devices in the tunnel path.
B. To encapsulate ESP packets in UDP packets using port 4500.
C. To force a new DH exchange with each phase 2 re-key
D. To dynamically change phase 1 negotiation mode to Aggressive.
Answer: A,B
Q38. What are the purposes of NAT traversal in IPsec? (Choose two.)
A. To detect intermediary NAT devices in the tunnel path.
B. To encapsulate ESP packets in UDP packets using port 4500.
C. To force a new DH exchange with each phase 2 re-key
D. To dynamically change phase 1 negotiation mode to Aggressive.
Answer: A,B
Q39. View the exhibit.
When Role is set to Undefined, which statement is true?
A. The GUI provides all the configuration options available for the port1 interface.
B. You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.
C. Firewall policies can be created from only the port1 interface to any interface.
D. The port1 interface is reserved for management only.
Answer: A
Q40. Examine the exhibit, which contains a virtual IP and a firewall policy configuration.
The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.
The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
A. 10.200.1.1
B. 10.0.1.254
C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24
D. 10.200.1.10
Answer: D
Q41. View the exhibit.
When Role is set to Undefined, which statement is true?
A. The GUI provides all the configuration options available for the port1 interface.
B. You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.
C. Firewall policies can be created from only the port1 interface to any interface.
D. The port1 interface is reserved for management only.
Answer: A
Q42. Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
B. ADVPN is only supported with IKEv2.
C. Tunnels are negotiated dynamically between spokes.
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
Answer: A,C
Q43. A FortiGate interface is configured with the following commands:
What statements about the configuration are correct? (Choose two.)
A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.
B. FortiGate can provide DNS settings to IPv6 clients.
C. FortiGate can send IPv6 router advertisements (RAs.)
D. FortiGate can provide IPv6 addresses to DHCPv6 client.
Answer: C,D
Q44. An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The interface has been configured for one-arm sniffer.
B. The interface is a member of a virtual wire pair.
C. The operation mode is transparent.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
Answer: B,C,D
Q45. Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)
A. FQDN address
B. IP pool
C. User or user group
D. Firewall service
Answer: B,C