Examcollection offers free demo for NSE4-5.4 exam. "Fortinet Network Security Expert - FortiOS 5.4", also known as NSE4-5.4 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE4-5.4 exam, will help you answer those questions. The NSE4-5.4 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE4-5.4 exams and revised by experts!
P.S. Guaranteed NSE4-5.4 study guides are available on Google Drive, GET MORE: https://drive.google.com/open?id=1qNqkyfzMtD_JBMTiOJF0Q0poKyl3pZ-7
New Fortinet NSE4-5.4 Exam Dumps Collection (Question 1 - Question 10)
Question No: 1
What FortiGate feature can be used to allow IPv6 clients to connect to IPv4 servers?
A. IPv6-over-IPv4 IPsec
B. NAT64
C. IPv4-over-IPv6 IPsec
D. NAT66
Answer: B
Explanation:
since IPv6-over-IPv4 IPsec is used for IPV6 clients to communicate over IPV4 network
Question No: 2
What inspections are executed by the IPS engine? (Choose three.)
A. Application control
B. Flow-based data leak prevention
C. Proxy-based antispam
D. Flow-based web filtering
E. Proxy-based antivirus
Answer: A,B,D
Question No: 3
Which statements about IP-based explicit proxy authentication are true? (Choose two.)
A. IP-based authentication is best suited to authenticating users behind a NAT device.
B. Sessions from the same source address are treated as a single user.
C. IP-based authentication consumes less FortiGateu2021s memory than session-based authentication.
D. FortiGate remembers authenticated sessions using browser cookies.
Answer: B,C
Question No: 4
Which configuration steps must be performed on both units to support this scenario? (Choose three.)
A. Define the phase 2 parameters.
B. Set the phase 2 encapsulation method to transport mode.
C. Define at least one firewall policy, with the action set to IPsec.
D. Define a route to the remote network over the IPsec tunnel.
E. Define the phase 1 parameters, without enabling IPsec interface mode.
Answer: A,D,E
Question No: 5
An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?
A. Only digital certificates will be accepted as an authentication method in phase 1.
B. Dialup clients must provide a username and password for authentication.
C. Phase 1 negotiations will skip pre-shared key exchange.
D. Dialup clients must provide their local ID during phase 2 negotiations.
Answer: B
Question No: 6
Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)
A. The collector agent does not need to search any security event logs.
B. WMI polling can increase bandwidth usage with large networks.
C. The NetSessionEnum function is used to track user logoffs.
D. The collector agent uses a Windows API to query DCs for user logins.
Answer: B,D
Question No: 7
What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
A. Code blocks
B. SMS phone message
C. FortiToken
D. Browser pop-up window
E. Email
Answer: B,C,E
Question No: 8
View the exhibit.
When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?
A. The user is required to authenticate before accessing sites with untrusted SSL certificates.
B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.
C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.
D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).
Answer: B
Question No: 9
Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)
A. TCP SYN proxy
B. SIP session helper
C. Proxy-based antivirus
D. Attack signature matching
E. Flow-based web filtering
Answer: C,D,E
Question No: 10
An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy.
What else is required for the CASI profile to work properly?
A. You must enable logging for security events on the firewall policy.
B. You must activate a FortiCloud account.
C. You must apply an application control profile to the firewall policy.
D. You must enable SSL inspection on the firewall policy.
Answer: C
100% Update Fortinet NSE4-5.4 Questions & Answers shared by 2passeasy, Get HERE: https://www.2passeasy.com/dumps/NSE4-5.4/ (New Q&As)