NSE4-5.4 | Improve Fortinet NSE4-5.4 exam dumps

Question No: 4

Which statements correctly describe transparent mode operation? (Choose three.)

A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.

B. The transparent FortiGate is visible to network hosts in an IP traceroute.

C. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.

D. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.

E. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

Answer: C,D,E

Question No: 5

Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

A. The remote gateway IP must be an IPv6 address.

B. The source quick mode selector must be an IPv4 address.

C. The local gateway IP must an IPv4 address.

D. The destination quick mode selector must be an IPv6 address.

Answer: B,D

Question No: 6

Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)

A. It is only supported if DC agents are deployed.

B. FortiGate can act as an LDAP client configure the group filters.

C. It supports monitoring of nested groups.

D. It uses the Windows convention for naming, that is, DomainUsername.

Answer: B,D

Question No: 7

View the exhibit.

This is a sniffer output of a telnet connection request from 172.20.120.186 to the port1 interface of FGT1.

In this scenario. FGT1 has the following routing table:

Assuming telnet service is enabled for port1, which of the following statements correctly describes why FGT1 is not responding?

A. The port1 cable is disconnected.

B. The connection is dropped due to reverse path forwarding check.

C. The connection is denied due to forward policy check.

D. FGT1u2021s port1 interface is administratively down.

Answer: B

Question No: 8

How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

A. Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.

B. Enable the shape option in a firewall policy with service set to BitTorrent.

C. Apply a traffic shaper to a BitTorrent entry in the SSL/SSH inspection profile.

D. Apply a traffic shaper to a protocol options profile.

Answer: B

Question No: 9

Which statements about the output are correct? (Choose two.)

A. FortiGate received a TCP SYN/ACK packet.

B. The source IP address of the packet was translated to 10.0.1.10.

C. FortiGate routed the packet through port 3.

D. The packet was allowed by the firewall policy with the ID 00007fc0.

Answer: B,C

Question No: 10

Which of the following settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

A. Trusted host

B. HTTPS

C. Trusted authentication

D. SSH

E. FortiTelemetry

Answer: A,B,D

Question No: 11

Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B. ADVPN is only supported with IKEv2.

C. Tunnels are negotiated dynamically between spokes.

D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: A,C

Question No: 12

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to SSL VPN. How can this be achieved?

A. Disabling split tunneling

B. Configuring web bookmarks

C. Assigning public IP addresses to SSL VPN clients

D. Using web-only mode

Answer: A

Question No: 13

How can a browser trust a web-server certificate signed by a third party CA?

A. The browser must have the CA certificate that signed the web-server certificate installed.

B. The browser must have the web-server certificate installed.

C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.

D. The browser must have the public key of the web-server certificate installed.

Answer: A