A Review Of Printable NSE4-5.4 dump

Question No: 4

You are tasked to architect a new IPsec deployment with the following criteria:

- There are two HQ sites that all satellite offices must connect to.

- The satellite offices do not need to communicate directly with other satellite offices.

- No dynamic routing will be used.

- The design should minimize the number of tunnels being configured. Which topology should be used to satisfy all of the requirements?

A. Redundant

B. Hub-and-spoke

C. Partial mesh

D. Fully meshed

Question No: 5

A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.

What is required in the SSL VPN configuration to meet these requirements?

A. Two separated SSL VPNs in different interfaces of the same VDOM

B. Different SSL VPN realms for each group

C. Different virtual SSLVPN IP addresses for each group

D. Two firewall policies with different captive portals

Question No: 6

Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

A. The remote gateway IP must be an IPv6 address.

B. The source quick mode selector must be an IPv4 address.

C. The local gateway IP must an IPv4 address.

D. The destination quick mode selector must be an IPv6 address.

Question No: 7

Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

A. They support GRE-over-IPsec.

B. They can be configured in both NAT/Route and transparent operation modes.

C. They require two firewall policies: one for each direction of traffic flow.

D. They support L2TP-over-IPsec.

Question No: 8

Which statements about the output are correct? (Choose two.)

A. FortiGate received a TCP SYN/ACK packet.

B. The source IP address of the packet was translated to 10.0.1.10.

C. FortiGate routed the packet through port 3.

D. The packet was allowed by the firewall policy with the ID 00007fc0.

Question No: 9

If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

A. It blocks all future traffic for that IP address for a configured interval.

B. It archives the data for that IP address.

C. It provides a DLP block replacement page with a link to download the file.

D. It notifies the administrator by sending an email.

Question No: 10

View the exhibit.

The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

A. Execute another sniffer in the FortiGate, this time with the filter u201chost 10.0.1.10u201d.

B. Run a sniffer in the web server.

C. Capture the traffic using an external sniffer connected to port1.

D. Execute a debug flow.

Question No: 11

An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

A. In an IPS sensor

B. In an interface.

C. In a DoS policy.

D. In an application control profile.

Question No: 12

How can you format the FortiGate flash disk?

A. Load the hardware test (HQIP) image.

B. Execute the CLI command execute formatlogdisk.

C. Load a debug FortiOS image.

D. Select the format boot device option from the BIOS menu.

Question No: 13

An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

A. Both interfaces must be in different VDOMs

B. Both interfaces must have the same VLAN ID.

C. The role of the VLAN10 interface must be set to server.

D. Both interfaces must belong to the same forward domain.