Buy Verified Fortinet NSE4-5.4 Exam Questions - NSE4-5.4 Dumps PDF Realexamdumps.com
Sunday, August 26, 2018
Saturday, August 25, 2018
Saturday, August 11, 2018
Get Valid Fortinet NSE4-5.4 Exam Question Answers - NSE4-5.4 Dumps Realexamdumps.com
Question No : 1
Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.)
A. SP3
B. CP8
C. NP4
D. NP6
Answer: A B
Question No : 2
Under what circumstance would you enable LEARN as the Action on a firewall policy?
A. You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.
B. You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.
C. You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.
D. You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.
Answer: C
Question No : 3
What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
A. Code blocks
B. SMS phone message
C. FortiToken
D. Browser pop-up window
E. Email
Answer: B,C,E
Question No : 4
Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic.
B. They must be applied in firewall policies with SSL inspection enabled.
C. They can block DNS request to known botnet command and control servers.
D. They can redirect blocked requests to a specific portal.
Answer: C,D
Question No : 5
An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive. Which statements are true? (Choose two.)
A. Logs must be stored on FortiGate first, before transmitting to FortiAnalyzer
B. FortiGate uses port 8080 for log transmission
C. Log messages are transmitted as plain text in LZ4 compressed format (store-and-upload method).
D. FortiGate can encrypt communications using SSL encrypted OFTP traffic.
Answer: C,D
Question No : 6
Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)
A. The collector agent does not need to search any security event logs.
B. WMI polling can increase bandwidth usage with large networks.
C. The NetSessionEnum function is used to track user logoffs.
D. The collector agent uses a Windows API to query DCs for user logins.
Answer: B,D
Question No : 7
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The interface has been configured for one-arm sniffer.
B. The interface is a member of a virtual wire pair.
C. The operation mode is transparent.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
Answer: A,B,C
Question No : 8
View the exhibit
Which of the following statements are correct? (Choose two.)
A. This is a redundant IPsec setup.
B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
C. This setup requires at least two firewall policies with action set to IPsec.
D. Dead peer detection must be disabled to support this type of IPsec setup.
Answer: A,B
Question No : 9
A FortiGate interface is configured with the following commands:
What statements about the configuration are correct? (Choose two.)
A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.
B. FortiGate can provide DNS settings to IPv6 clients.
C. FortiGate can send IPv6 router advertisements (RAs.)
D. FortiGate can provide IPv6 addresses to DHCPv6 client
Answer: A,C
Which of the following Fortinet hardware accelerators can be used to offload flow-based antivirus inspection? (Choose two.)
A. SP3
B. CP8
C. NP4
D. NP6
Answer: A B
Question No : 2
Under what circumstance would you enable LEARN as the Action on a firewall policy?
A. You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.
B. You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.
C. You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.
D. You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.
Answer: C
Question No : 3
What methods can be used to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
A. Code blocks
B. SMS phone message
C. FortiToken
D. Browser pop-up window
E. Email
Answer: B,C,E
Pass 2018 NSE4-5.4
Final Exam - Fortinet NSE4-5.4 Exam Updated Study Material - Realexamdumps.com
Question No : 4
Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic.
B. They must be applied in firewall policies with SSL inspection enabled.
C. They can block DNS request to known botnet command and control servers.
D. They can redirect blocked requests to a specific portal.
Answer: C,D
Question No : 5
An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive. Which statements are true? (Choose two.)
A. Logs must be stored on FortiGate first, before transmitting to FortiAnalyzer
B. FortiGate uses port 8080 for log transmission
C. Log messages are transmitted as plain text in LZ4 compressed format (store-and-upload method).
D. FortiGate can encrypt communications using SSL encrypted OFTP traffic.
Answer: C,D
Which of the following statements describe WMI polling mode for FSSO collector agent? (Choose two.)
A. The collector agent does not need to search any security event logs.
B. WMI polling can increase bandwidth usage with large networks.
C. The NetSessionEnum function is used to track user logoffs.
D. The collector agent uses a Windows API to query DCs for user logins.
Answer: B,D
2018 Fortinet NSE4-5.4
Real Exam Questions - NSE4-5.4 Real Braindumps Realexamdumps.com
Question No : 7
An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)
A. The interface has been configured for one-arm sniffer.
B. The interface is a member of a virtual wire pair.
C. The operation mode is transparent.
D. The interface is a member of a zone.
E. Captive portal is enabled in the interface.
Answer: A,B,C
Question No : 8
View the exhibit
Which of the following statements are correct? (Choose two.)
A. This is a redundant IPsec setup.
B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
C. This setup requires at least two firewall policies with action set to IPsec.
D. Dead peer detection must be disabled to support this type of IPsec setup.
Answer: A,B
Question No : 9
A FortiGate interface is configured with the following commands:
What statements about the configuration are correct? (Choose two.)
A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.
B. FortiGate can provide DNS settings to IPv6 clients.
C. FortiGate can send IPv6 router advertisements (RAs.)
D. FortiGate can provide IPv6 addresses to DHCPv6 client
Answer: A,C
Question No : 10
You are tasked to architect a new IPsec deployment with the following criteria:
- There are two HQ sites that all satellite offices must connect to.
- The satellite offices do not need to communicate directly with other satellite offices.
- No dynamic routing will be used.
- The design should minimize the number of tunnels being configured.
Which topology should be used to satisfy all of the requirements?
A. Redundant
B. Hub-and-spoke
C. Partial mesh
D. Fully meshed
Answer: B
Fortinet NSE4-5.4
Question Answers - Valid Fortinet NSE4-5.4 Dumps PDF Realexamdumps.com
Subscribe to:
Posts (Atom)