The Secret of NSE4-5.4 practice question
Examcollection offers free demo for NSE4-5.4 exam. "Fortinet Network Security Expert - FortiOS 5.4", also known as NSE4-5.4 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE4-5.4 exam, will help you answer those questions. The NSE4-5.4 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE4-5.4 exams and revised by experts!
P.S. Top Quality NSE4-5.4 Q&A are available on Google Drive, GET MORE: https://drive.google.com/open?id=1qNqkyfzMtD_JBMTiOJF0Q0poKyl3pZ-7
New Fortinet NSE4-5.4 Exam Dumps Collection (Question 3 - Question 12)
Q3. How do you configure inline SSL inspection on a firewall policy? (Choose two.)
A. Enable one or more flow-based security profiles on the firewall policy.
B. Enable the SSL/SSH Inspection profile on the firewall policy.
C. Execute the inline ssl inspection CLI command.
D. Enable one or more proxy-based security profiles on the firewall policy.
Answer: A,B
Q4. Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)
A. It is only supported if DC agents are deployed.
B. FortiGate can act as an LDAP client configure the group filters.
C. It supports monitoring of nested groups.
D. It uses the Windows convention for naming, that is, DomainUsername.
Answer: B,D
Q5. Which statement is true regarding the policy ID numbers of firewall policies?
A. Change when firewall policies are re-ordered.
B. Defines the order in which rules are processed.
C. Are required to modify a firewall policy from the CLI.
D. Represent the number of objects used in the firewall policy.
Answer: C
Q6. How can you format the FortiGate flash disk?
A. Load the hardware test (HQIP) image.
B. Execute the CLI command execute formatlogdisk.
C. Load a debug FortiOS image.
D. Select the format boot device option from the BIOS menu.
Answer: D
Q7. Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)
A. The antivirus engine starts scanning a file after the last packet arrives.
B. It does not support FortiSandbox inspection.
C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.
D. It uses the compact antivirus database.
Answer: A,C
Q8. View the exhibit.
This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1.
In this scenario. FGT1 has the following routing table:
Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?
A. The port1 cable is disconnected.
B. The connection is dropped due to reverse path forwarding check.
C. The connection is denied due to forward policy check.
D. FGT1u2021s port1 interface is administratively down.
Answer: B
Q9. An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?
A. A phase 2 configuration is not required.
B. This VPN cannot be used as part of a hub and spoke topology.
C. The IPsec firewall policies must be placed at the top of the list.
D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
Answer: D
Q10. How does FortiGate verify the login credentials of a remote LDAP user?
A. FortiGate sends the user entered credentials to the LDAP server for authentication.
B. FortiGate re-generates the algorithm based on the login credentials and compares it against the algorithm stored on the LDAP server.
C. FortiGate queries its own database for credentials.
D. FortiGate queries the LDAP server for credentials.
Answer: D
Q11. A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router. Port2 and port3 are both configured as a software switch.
What IP address must be configured in the workstation as the default gateway?
A. The port2u2021s IP address.
B. The routeru2021s IP address.
C. The FortiGateu2021s management IP address.
D. The software switch interfaceu2021s IP address.
Answer: A
Q12. Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)
A. TCP SYN proxy
B. SIP session helper
C. Proxy-based antivirus
D. Attack signature matching
E. Flow-based web filtering
Answer: C,D,E
P.S. Easily pass NSE4-5.4 Exam with Examcollection Top Quality Dumps & pdf vce, Try Free: http://www.examcollectionuk.com/NSE4-5.4-vce-download.html ( New Questions)