Exam Code: NSE4-5.4 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert - FortiOS 5.4
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE4-5.4 Exam.

P.S. Refined NSE4-5.4 free samples are available on Google Drive, GET MORE: https://drive.google.com/open?id=1xSlEaFFo1TkP1Im8lI2_FaBp164pASCS


New Fortinet NSE4-5.4 Exam Dumps Collection (Question 6 - Question 15)

Q6. Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)

A. IPv6

B. RIP

C. GRE

D. NAT64

Answer: A,D


Q7. An administrator has configured two VLAN interfaces:

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

A. Both interfaces must be in different VDOMs

B. Both interfaces must have the same VLAN ID.

C. The role of the VLAN10 interface must be set to server.

D. Both interfaces must belong to the same forward domain.

Answer: D


Q8. How does FortiGate verify the login credentials of a remote LDAP user?

A. FortiGate sends the user entered credentials to the LDAP server for authentication.

B. FortiGate re-generates the algorithm based on the login credentials and compares it against the algorithm stored on the LDAP server.

C. FortiGate queries its own database for credentials.

D. FortiGate queries the LDAP server for credentials.

Answer: D


Q9. Which statements about application control are true? (Choose two.)

A. Enabling application control profile in a security profile enables application control for all the traffic flowing through the FortiGate.

B. It cannot take an action on unknown applications.

C. It can inspect encrypted traffic.

D. It can identify traffic from known applications, even when they are using non-standard TCP/UDP ports.

Answer: A,D


Q10. View the exhibit.

Which statements about the exhibit are true? (Choose two.)

A. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.

B. port1-VLAN1 is the native VLAN for the port1 physical interface.

C. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.

D. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.

Answer: A,D


Q11. Under what circumstance would you enable LEARN as the Action on a firewall policy?

A. You want FortiGate to compile security feature activity from various security-related logs, such as virus and attack logs.

B. You want FortiGate to monitor a specific security profile in a firewall policy, and provide recommendations for that profile.

C. You want to capture data across all traffic and security vectors, and receive learning logs and a report with recommendations.

D. You want FortiGate to automatically modify your firewall policies as it learns your networking behavior.

Answer: B


Q12. Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)

A. The antivirus engine starts scanning a file after the last packet arrives.

B. It does not support FortiSandbox inspection.

C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.

D. It uses the compact antivirus database.

Answer: A,C


Q13. Which statement is true regarding the policy ID numbers of firewall policies?

A. Change when firewall policies are re-ordered.

B. Defines the order in which rules are processed.

C. Are required to modify a firewall policy from the CLI.

D. Represent the number of objects used in the firewall policy.

Answer: C


Q14. How do you configure inline SSL inspection on a firewall policy? (Choose two.)

A. Enable one or more flow-based security profiles on the firewall policy.

B. Enable the SSL/SSH Inspection profile on the firewall policy.

C. Execute the inline ssl inspection CLI command.

D. Enable one or more proxy-based security profiles on the firewall policy.

Answer: A,B


Q15. Which statements about the output are correct? (Choose two.)

A. FortiGate received a TCP SYN/ACK packet.

B. The source IP address of the packet was translated to 10.0.1.10.

C. FortiGate routed the packet through port 3.

D. The packet was allowed by the firewall policy with the ID 00007fc0.

Answer: B,C


P.S. Easily pass NSE4-5.4 Exam with 2passeasy Refined Dumps & pdf vce, Try Free: https://www.2passeasy.com/dumps/NSE4-5.4/ ( New Questions)