NSE4-5.4 Exam
Avant-garde NSE4-5.4: Examcollection real practice exam from 11 to 20
Proper study guides for Renew Fortinet Fortinet Network Security Expert - FortiOS 5.4 certified begins with Fortinet NSE4-5.4 preparation products which designed to deliver the Simulation NSE4-5.4 questions by making you pass the NSE4-5.4 test at your first time. Try the free NSE4-5.4 demo right now.
Q11. Which statement about data leak prevention (DLP) on a FortiGate is true?
A. Traffic shaping can be applied to DLP sensors.
B. It can be applied to a firewall policy in a flow-based VDOM.
C. Files can be sent to FortiSandbox for detecting DLP threats.
D. It can archive files and messages.
Answer: D
Q12. An administrator has configured two VLAN interfaces:
A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?
A. Both interfaces must be in different VDOMs
B. Both interfaces must have the same VLAN ID.
C. The role of the VLAN10 interface must be set to server.
D. Both interfaces must belong to the same forward domain.
Answer: B
Q13. Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)
A. FQDN address
B. IP pool
C. User or user group
D. Firewall service
Answer: B,C
Q14. Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT, using central NAT, requires at least one central SNAT policy.
D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.
Answer: A,C
Q15. View the example routing table.
Which route will be selected when trying to reach 10.20.30.254?
A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2
B. The traffic will be dropped because it cannot be routed.
C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3
D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1
Answer: A
Q16. An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?
A. A phase 2 configuration is not required.
B. This VPN cannot be used as part of a hub and spoke topology.
C. The IPsec firewall policies must be placed at the top of the list.
D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
Answer: D
Q17. A FortiGate interface is configured with the following commands:
What statements about the configuration are correct? (Choose two.)
A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.
B. FortiGate can provide DNS settings to IPv6 clients.
C. FortiGate can send IPv6 router advertisements (RAs.)
D. FortiGate can provide IPv6 addresses to DHCPv6 client.
Answer: C,D
Q18. View the example routing table.
Which route will be selected when trying to reach 10.20.30.254?
A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2
B. The traffic will be dropped because it cannot be routed.
C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3
D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1
Answer: A
Q19. Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
B. ADVPN is only supported with IKEv2.
C. Tunnels are negotiated dynamically between spokes.
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
Answer: A,C
Q20. View the exhibit.
The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:
What should be done next to troubleshoot the problem?
A. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.
B. Run a sniffer in the web server.
C. Capture the traffic using an external sniffer connected to port1.
D. Execute a debug flow.
Answer: C