Breathing NSE4-5.4 Exam Questions 2021

Act now and download your today! Do not waste time for the worthless tutorials. Download with real questions and answers and begin to learn with a classic professional.

Free NSE4-5.4 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
Which correctly define "Section View" and "Global View" for firewall policies? (Choose two.)

  • A. Section View lists firewall policies primarily by their interface pairs.
  • B. Section View lists firewall policies primarily by their sequence number.
  • C. Global View lists firewall policies primarily by their interface pairs.
  • D. Global View lists firewall policies primarily by their policy sequence number.
  • E. The 'any' interface may be used with Section View.

Answer: AD

NEW QUESTION 2
FortiGate units are preconfigured with four default protection profiles. These protection profiles are
used to control the type of content inspection to be performed.
What action must be taken for one of these profiles to become active?

  • A. The protection profile must be assigned to a firewall policy.
  • B. The "Use Protection Profile" option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam.
  • C. The protection profile must be set as the Active Protection Profile.
  • D. All of the above.

Answer: A

NEW QUESTION 3
An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

  • A. In an IPS sensor
  • B. In an interface.
  • C. In a DoS policy.
  • D. In an application control profile.

Answer: A

Explanation: I create a custom signature then I try to add and appear only in IPS sensor.
NSE4-5 dumps exhibit

NEW QUESTION 4
Review to the network topology in the exhibit. The workstation, 172.16.1.1/24, connects to port2 of
the FortiGate device, and the ISP router, 172.16.1.2, connects to port1. Without changing IP addressing, which configuration changes are required to properly forward users traffic to the Internet? (Choose two)
NSE4-5 dumps exhibit

  • A. At least one firewall policy from port2 to port1 to allow outgoing traffic.
  • B. A default route configured in the FortiGuard devices pointing to the ISP's router.
  • C. Static or dynamic IP addresses in both ForitGate interfaces port1 and port2.
  • D. The FortiGate devices configured in transparent mode.

Answer: AD

NEW QUESTION 5
When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit.
NSE4-5 dumps exhibit
Which of the following statements is correct regarding this entry?

  • A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.
  • B. The entry displays a ban that was triggered by HTTP traffic matching an IPS signatur
  • C. This client is banned from receiving or sending any traffic through the FortiGate.
  • D. The entry displays a quarantine, which could have been added by either IPS or DLP.
  • E. This entry displays a ban entry that was added manually by the administrator on June11th.

Answer: A

NEW QUESTION 6
In Transparent Mode, forward-domain is an attribute of .

  • A. an interface
  • B. a firewall policy
  • C. a static route
  • D. a virtual domain

Answer: A

NEW QUESTION 7
Which of the following statements best describes what a Certificate Signing Request (CSR) is?

  • A. A message sent by the Certificate Authority (CA) that contains a signed digital certificate.
  • B. An enquiry submitted to a Certificate Authority (CA) to request a root CA certificate
  • C. An enquiry submitted to a Certificate Authority (CA) to request a signed digital certificate
  • D. An enquiry submitted to a Certificate Authority (CA) to request a Certificate Revocation List (CRL)

Answer: B

NEW QUESTION 8
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

  • A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
  • B. ADVPN is only supported with IKEv2.
  • C. Tunnels are negotiated dynamically between spokes.
  • D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: AC

NEW QUESTION 9
UTM features can be applied to which of the following items?

  • A. Firewall policies
  • B. User groups
  • C. Policy routes
  • D. Address groups

Answer: A

NEW QUESTION 10
Which statements are true about offloading antivirus inspection to a Security Processor (SP)? (Choose two.)

  • A. Both proxy-based and flow-based inspection are supported.
  • B. A replacement message cannot be presented to users when a virus has been detected.
  • C. It saves CPU resources.
  • D. The ingress and egress interfaces can be in different SPs.

Answer: BC

NEW QUESTION 11
What is the default criteria for selecting the HA master unit in a HA cluster?

  • A. port monitor, priority, uptime, serial number
  • B. Port monitor, uptime, priority, serial number
  • C. Priority, uptime, port monitor, serial number
  • D. uptime, priority, port monitor, serial number

Answer: B

NEW QUESTION 12
Which statement best describes what the FortiGate hardware acceleration processors main task is?

  • A. Offload traffic processing tasks from the main CPU.
  • B. Offload management tasks from the main CPU.
  • C. Compress and optimize the network traffic.
  • D. Increase maximum bandwidth available in a FortiGate interface.

Answer: A

NEW QUESTION 13
Which statement is correct regarding virus scanning on a FortiGate unit?

  • A. Virus scanning is enabled by default.
  • B. Fortinet customer support enables virus scanning remotely for you.
  • C. Virus scanning must be enabled in a security profile, which must be applied to a firewall policy.
  • D. Enabling virus scanning in a security profile enables virus protection for all traffic flowing through the FortiGate.

Answer: C

NEW QUESTION 14
A FortiGate unit can create a secure connection to a client using SSL VPN in tunnel mode. Which of
the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.)

  • A. Split tunneling can be enabled when using tunnel mode SSL VPN.
  • B. Software must be downloaded to the web client to be able to use a tunnel mode SSL VPN.
  • C. Users attempting to create a tunnel mode SSL VPN connection must be members of a configured user group on the FortiGate unit.
  • D. Tunnel mode SSL VPN requires the FortiClient software to be installed on the user's computer.
  • E. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit.

Answer: ABCE

NEW QUESTION 15
A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?

  • A. SSL
  • B. IPSec
  • C. direct serial connection
  • D. S/MIME

Answer: B

NEW QUESTION 16
Which traffic can match a firewall policy's "Services" setting? (Choose three.)

  • A. HTTP
  • B. SSL
  • C. DNS
  • D. RSS
  • E. HTTPS

Answer: ACE

NEW QUESTION 17
When firewall policy authentication is enabled, which protocols can trigger an authentication challenge? (Choose two.)

  • A. SMTP
  • B. POP3
  • C. HTTP
  • D. FTP

Answer: CD

Thanks for reading the newest NSE4-5.4 exam dumps! We recommend you to try the PREMIUM Dumpscollection NSE4-5.4 dumps in VCE and PDF here: http://www.dumpscollection.net/dumps/NSE4-5.4/ (576 Q&As Dumps)