• Home
• Fortinet
• NSE4-5.4 : Fortinet Network Security Expert - FortiOS 5.4

Top 10 rapidshare NSE4-5.4 for IT examinee (1 to 10)

---

Examcollection offers free demo for NSE4-5.4 exam. "Fortinet Network Security Expert - FortiOS 5.4", also known as NSE4-5.4 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE4-5.4 exam, will help you answer those questions. The NSE4-5.4 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE4-5.4 exams and revised by experts!

Q1. View the exhibit.

 

When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?

A. The user is required to authenticate before accessing sites with untrusted SSL certificates.

B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.

C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.

D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).

Answer: B

Q2. View the exhibit.

 

When Role is set to Undefined, which statement is true?

A. The GUI provides all the configuration options available for the port1 interface.

B. You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.

C. Firewall policies can be created from only the port1 interface to any interface.

D. The port1 interface is reserved for management only.

Answer: A

Q3. Which statements about DNS filter profiles are true? (Choose two.)

A. They can inspect HTTP traffic.

B. They must be applied in firewall policies with SSL inspection enabled.

C. They can block DNS request to known botnet command and control servers.

D. They can redirect blocked requests to a specific portal.

Answer: B,C

Q4. View the exhibit.

 

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?

A. Addicting.Games is allowed based on the Application Overrides configuration.

B. Addicting.Games is blocked based on the Filter Overrides configuration.

C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D. Addicting.Games is allowed based on the Categories configuration.

Answer: D

Q5. View the exhibit.

 

(Choose two.)

A. The HA mode changes to standalone.

B. The firewall policies are deleted on the disconnected member.

C. The system hostname is set to the FortiGate serial number.

D. The port3 is configured with an IP address for management access.

Answer: A,D

Q6. How can a browser trust a web-server certificate signed by a third party CA?

A. The browser must have the CA certificate that signed the web-server certificate installed.

B. The browser must have the web-server certificate installed.

C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.

D. The browser must have the public key of the web-server certificate installed.

Answer: A

Q7. View the exhibit.

 

When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?

A. The user is required to authenticate before accessing sites with untrusted SSL certificates.

B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.

C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.

D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).

Answer: B

Q8. An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A. The interface has been configured for one-arm sniffer.

B. The interface is a member of a virtual wire pair.

C. The operation mode is transparent.

D. The interface is a member of a zone.

E. Captive portal is enabled in the interface.

Answer: B,C,D

Q9. An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

A. A phase 2 configuration is not required.

B. This VPN cannot be used as part of a hub and spoke topology.

C. The IPsec firewall policies must be placed at the top of the list.

D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

Answer: D

Q10. Which statements about DNS filter profiles are true? (Choose two.)

A. They can inspect HTTP traffic.

B. They must be applied in firewall policies with SSL inspection enabled.

C. They can block DNS request to known botnet command and control servers.

D. They can redirect blocked requests to a specific portal.

Answer: B,C