NSE4-5.4 Exam
[Real] NSE4-5.4 Fortinet exam fees 21-30 (Apr 2021)
It is more faster and easier to pass the Fortinet NSE4-5.4 exam by using Accurate Fortinet Fortinet Network Security Expert - FortiOS 5.4 questuins and answers. Immediate access to the Most up-to-date NSE4-5.4 Exam and find the same core area NSE4-5.4 questions with professionally verified answers, then PASS your exam with a high score now.
Q21. How can a browser trust a web-server certificate signed by a third party CA?
A. The browser must have the CA certificate that signed the web-server certificate installed.
B. The browser must have the web-server certificate installed.
C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.
D. The browser must have the public key of the web-server certificate installed.
Answer: A
Q22. Which statement about data leak prevention (DLP) on a FortiGate is true?
A. Traffic shaping can be applied to DLP sensors.
B. It can be applied to a firewall policy in a flow-based VDOM.
C. Files can be sent to FortiSandbox for detecting DLP threats.
D. It can archive files and messages.
Answer: D
Q23. View the exhibit.
Which statements about the exhibit are true? (Choose two.)
A. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
B. port1-VLAN1 is the native VLAN for the port1 physical interface.
C. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
D. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
Answer: A,D
Q24. View the exhibit.
The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:
What should be done next to troubleshoot the problem?
A. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.
B. Run a sniffer in the web server.
C. Capture the traffic using an external sniffer connected to port1.
D. Execute a debug flow.
Answer: C
Q25. Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)
A. TCP SYN proxy
B. SIP session helper
C. Proxy-based antivirus
D. Attack signature matching
E. Flow-based web filtering
Answer: C,D,E
Q26. If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?
A. It blocks all future traffic for that IP address for a configured interval.
B. It archives the data for that IP address.
C. It provides a DLP block replacement page with a link to download the file.
D. It notifies the administrator by sending an email.
Answer: A
Q27. An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)
B. Create an application control policy.
C. Enable logging on the firewall policy.
D. Enable an application control security profile on the firewall policy.
Answer: B,D
Q28. View the exhibit.
A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?
A. Addicting.Games is allowed based on the Application Overrides configuration.
B. Addicting.Games is blocked based on the Filter Overrides configuration.
C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
D. Addicting.Games is allowed based on the Categories configuration.
Answer: D
Q29. View the exhibit.
The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:
What should be done next to troubleshoot the problem?
A. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.
B. Run a sniffer in the web server.
C. Capture the traffic using an external sniffer connected to port1.
D. Execute a debug flow.
Answer: C
Q30. How can a browser trust a web-server certificate signed by a third party CA?
A. The browser must have the CA certificate that signed the web-server certificate installed.
B. The browser must have the web-server certificate installed.
C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.
D. The browser must have the public key of the web-server certificate installed.
Answer: A