NSE4-5.4 | The Secret of Fortinet NSE4-5.4 exam

Question No: 7

Which statement is true regarding the policy ID numbers of firewall policies?

A. Change when firewall policies are re-ordered.

B. Defines the order in which rules are processed.

C. Are required to modify a firewall policy from the CLI.

D. Represent the number of objects used in the firewall policy.

Answer: C

Question No: 8

Which statement about data leak prevention (DLP) on a FortiGate is true?

A. Traffic shaping can be applied to DLP sensors.

B. It can be applied to a firewall policy in a flow-based VDOM.

C. Files can be sent to FortiSandbox for detecting DLP threats.

D. It can archive files and messages.

Answer: D

Question No: 9

A company needs to provide SSL VPN access to two user groups. The company also needs to display different welcome messages on the SSL VPN login screen for both user groups.

What is required in the SSL VPN configuration to meet these requirements?

A. Two separated SSL VPNs in different interfaces of the same VDOM

B. Different SSL VPN realms for each group

C. Different virtual SSLVPN IP addresses for each group

D. Two firewall policies with different captive portals

Answer: D

Question No: 10

How does FortiGate select the central SNAT policy that is applied to a TCP session?

A. It selects the SNAT policy specified in the configuration of the outgoing interface.

B. It selects the first matching central-SNAT policy from top to bottom.

C. It selects the central-SNAT policy with the lowest priority.

D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

Answer: B

Question No: 11

Which statement about the FortiGuard services for the FortiGate is true?

A. Antivirus signatures are downloaded locally on the FortiGate.

B. FortiGate downloads IPS updates using UDP port 53 or 8888.

C. FortiAnalyzer can be configured as a local FDN to provide antivirus and IPS updates.

D. The web filtering database is downloaded locally on the FortiGate.

Answer: A

Question No: 12

What is FortiGateu2021s behavior when local disk logging is disabled?

A. Only real-time logs appear on the FortiGate dashboard.

B. No logs are generated.

C. Alert emails are disabled.

D. Remote logging is automatically enabled.

Answer: A

Question No: 13

An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

A. Enable a web filtering profile on the firewall policy.

B. Create an application control policy.

C. Enable logging on the firewall policy.

D. Enable an application control security profile on the firewall policy.

Answer: C,D

Question No: 14

An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

A. A phase 2 configuration is not required.

B. This VPN cannot be used as part of a hub and spoke topology.

C. The IPsec firewall policies must be placed at the top of the list.

D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

Answer: D

Question No: 15

A FortiGate interface is configured with the following commands:

What statements about the configuration are correct? (Choose two.)

A. IPv6 clients connected to port1 can use SLAAC to generate their IPv6 addresses.

B. FortiGate can provide DNS settings to IPv6 clients.

C. FortiGate can send IPv6 router advertisements (RAs.)

D. FortiGate can provide IPv6 addresses to DHCPv6 client.

Answer: A,C

Question No: 16

What information is flushed when the chunk-size value is changed in the config dlp settings?

A. The database for DLP document fingerprinting

B. The supported file types in the DLP filters

C. The archived files and messages

D. The file name patterns in the DLP filters

Answer: A