Download NSE4-5.4 Exam Questions and Answers 2021

Proper study guides for NSE4-5.4 Fortinet Network Security Expert - FortiOS 5.4 certified begins with preparation products which designed to deliver the by making you pass the NSE4-5.4 test at your first time. Try the free right now.

Online NSE4-5.4 free questions and answers of New Version:

NEW QUESTION 1
Which are two requirements for DC-agent mode FSSO to work properly in a Windows AD environment? (Choose two.)

  • A. DNS server must properly resolve all workstation names.
  • B. The remote registry service must be running in all workstations.
  • C. The collector agent must be installed in one of the Windows domain controllers.
  • D. A same user cannot be logged in into two different workstations at the same time.

Answer: AB

NEW QUESTION 2
Which of the following statements is not correct regarding virtual domains (VDOMs)?

  • A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
  • B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
  • C. A backup management VDOM will synchronize the configuration from an active management VDOM.
  • D. VDOMs share firmware versions, as well as antivirus and IPS databases.
  • E. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.

Answer: C

NEW QUESTION 3
Which statements about DNS filter profiles are true? (Choose two.)

  • A. They can inspect HTTP traffic.
  • B. They must be applied in firewall policies with SSL inspection enabled.
  • C. They can block DNS request to known botnet command and control servers.
  • D. They can redirect blocked requests to a specific portal.

Answer: CD

NEW QUESTION 4
Which of the following statements must be true for a digital certificate to be valid? (Choose two.)

  • A. It must be signed by a "trusted" CA
  • B. It must be listed as valid in a Certificate Revocation List (CRL)
  • C. The CA field must be "TRUE"
  • D. It must be still within its validity period

Answer: AD

NEW QUESTION 5
Which of the following statements are correct regarding FortiGate virtual domains (VDOMs)?
(Choose two)

  • A. VDOMs divide a single FortiGate unit into two or more independent firewall.
  • B. A management VDOM handles SNM
  • C. logging, alert email and FortiGuard updates.
  • D. Each VDOM can run different firmware versions.
  • E. Administrative users with a 'super_admin' profile can administrate only one VDOM.

Answer: AB

NEW QUESTION 6
In which order are firewall policies processed on a FortiGate unit?

  • A. From top to down, according with their sequence number.
  • B. From top to down, according with their policy ID number.
  • C. Based on best match.
  • D. Based on the priority value.

Answer: A

NEW QUESTION 7
A firewall policy has been configured such that traffic logging is disabled and a UTM function is enabled.
In addition, the system setting `utm-incident-traffic-log' has been enabled. In which log will a UTM event message be stored?

  • A. Traffic
  • B. UTM
  • C. System
  • D. None

Answer: A

NEW QUESTION 8
The order of the firewall policies is important. Policies can be re-ordered from either the GUI or the CLI. Which CLI command is used to perform this function?

  • A. set order
  • B. edit policy
  • C. reorder
  • D. move

Answer: D

NEW QUESTION 9
Which of the following actions that can be taken by the Data Leak Prevention scanning? (Choose
three.)

  • A. Block
  • B. Reject
  • C. Tag
  • D. Log only
  • E. Quarantine IP address

Answer: ADE

NEW QUESTION 10
A FortiGate unit has multiple VDOMs in NAT/route mode with multiple VLAN interfaces in each VDOM. Which of the following statements is correct regarding the IP addresses assigned to each VLAN interface?

  • A. Different VLANs can share the same IP address as long as they have different VLAN IDs.
  • B. Different VLANs can share the same IP address as long as they are in different physical interface.
  • C. Different VLANs can share the same IP address as long as they are in different VDOMs.
  • D. Different VLANs can never share the same IP addresses.

Answer: C

NEW QUESTION 11
Which of the following FSSO modes must be used for Novell eDirectory networks?

  • A. Agentless polling
  • B. LDAP agent
  • C. eDirectory agent
  • D. DC agent

Answer: C

NEW QUESTION 12
What is FortiGate’s behavior when local disk logging is disabled?

  • A. Only real-time logs appear on the FortiGate dashboard.
  • B. No logs are generated.
  • C. Alert emails are disabled.
  • D. Remote logging is automatically enabled.

Answer: A

NEW QUESTION 13
A FortiGate devices has two VDOMs in NAT/route mode. Which of the following solutions can be implemented by a network administrator to route traffic between the two VDOMs. (Choose two.)

  • A. Use the inter-VDOMs links automatically created between all VDOMS.
  • B. Manually create and configured an inter-VDOM link between yours.
  • C. Interconnect and configure an external physical interface in one VDOM to another physical interface in the second VDOM.
  • D. Configure both VDOMs to share the same table.

Answer: BC

NEW QUESTION 14
Which statements are true regarding the use of a PAC file to configure the web proxy settings in an
Internet browser? (Choose two.)

  • A. Only one proxy is supported.
  • B. Can be manually imported to the browser.
  • C. The browser can automatically download it from a web server.
  • D. Can include a list of destination IP subnets where the browser can connect directly to without using a proxy.

Answer: CD

NEW QUESTION 15
An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking
on the "Connect" button. The administrator has enabled split tunneling.
NSE4-5 dumps exhibit
Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table.

  • A. A route to destination matching the `WIN2K3' address object.
  • B. A route to the destination matching the `all' address object.
  • C. A default route.
  • D. No route is added.

Answer: A

NEW QUESTION 16
An administrator has configured a route-based site-to-site IPsec VPN. Which statement is correct
regarding this IPsec VPN configuration?

  • A. The IPsec firewall policies must be placed at the top of the list.
  • B. This VPN cannot be used as part of a hub and spoke topology.
  • C. Routes are automatically created based on the quick mode selectors.
  • D. A virtual IPsec interface is automatically created after the Phase 1 configuration is completed.

Answer: D

NEW QUESTION 17
Which of the following products is designed to manage multiple FortiGate devices?

  • A. FortiGate device
  • B. FortiAnalyzer device
  • C. FortiClient device
  • D. FortiManager device
  • E. FortiMail device
  • F. FortiBridge device

Answer: D

Recommend!! Get the Full NSE4-5.4 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/NSE4-5.4-exam-dumps.html (New 576 Q&As Version)