NSE4-5.4 | Virtual NSE4-5.4 Exam Questions and Answers 2019
Our pass rate is high to 98.9% and the similarity percentage between our and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE4-5.4 exam in just one try? I am currently studying for the . Latest , Try Fortinet NSE4-5.4 Brain Dumps First.
Check NSE4-5.4 free dumps before getting the full version:
NEW QUESTION 1
What action does an IPsec Gateway take with the user traffic routed to an IPsec VPN when it does not
match any phase 2 quick mode selector?
- A. Traffic is dropped
- B. Traffic is routed across the default phase 2.
- C. Traffic is routed to the next available route in the routing table.
- D. Traffic is routed unencrypted to the interface where the IPsec VPN is terminating.
NEW QUESTION 2
Caching improves performance by reducing FortiGate unit requests to the FortiGuard server. Which
of the following statements are correct regarding the caching of FortiGuard responses? (Select all that apply.)
- A. Caching is available for web filtering, antispam, and IPS requests.
- B. The cache uses a small portion of the FortiGate system memory.
- C. When the cache is full, the least recently used IP address or URL is deleted from the cache.
- D. An administrator can configure the number of seconds to store information in the cache before the FortiGate unit contacts the FortiGuard server again.
- E. The size of the cache will increase to accommodate any number of cached queries.
NEW QUESTION 3
Files that are larger than the oversized limit are subjected to which Antivirus check?
- A. Grayware
- B. Virus
- C. Sandbox
- D. Heuristic
NEW QUESTION 4
Examine the following spanning tree configuration on a FortiGate in transparent mode:
Which statement is correct for the above configuration?
- A. The FortiGate participates in spanning tree.
- B. The FortiGate device forwards received spanning tree messages.
- C. Ethernet layer-2 loops are likely to occur.
- D. The FortiGate generates spanning tree BPDU frames.
NEW QUESTION 5
Which is true of FortiGate's session table?
- A. NAT/PAT is shown in the central NAT table, not the session table.
- B. It shows TCP connection states.
- C. It shows IP, SSL, and HTTP sessions.
- D. It does not show UDP or ICMP connection state codes, because those protocols are connectionless.
NEW QUESTION 6
In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the
Firewall, which of the following statements describes the action taken on traffic?
- A. The traffic is blocked.
- B. The traffic is passed.
- C. The traffic is passed and logged.
- D. The traffic is blocked and logged.
NEW QUESTION 7
Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)
- A. Manual update by downloading the signatures from the support site.
- B. Pull updates from the FortiGate.
- C. Push updates from a FortiAnalyzer.
- D. execute fortiguard-AV-AS command from the CLI.
NEW QUESTION 8
Which of the following Session TTL values will take precedence?
- A. Session TTL specified at the system level for that port number
- B. Session TTL specified in the matching firewall policy
- C. Session TTL dictated by the application control list associated with the matching firewall policy
- D. The default session TTL specified at the system level
NEW QUESTION 9
Which of the following DLP actions will override any other action?
- A. Exempt
- B. Quarantine Interface
- C. Block
- D. None
NEW QUESTION 10
Which traffic can match a firewall policy's "Services" setting? (Choose three.)
- A. HTTP
- B. SSL
- C. DNS
- D. RSS
- E. HTTPS
NEW QUESTION 11
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-
meshed set of IPSec tunnels? (Select all that apply.)
- A. Using a hub and spoke topology is required to achieve full redundancy.
- B. Using a hub and spoke topology simplifies configuration.
- C. Using a hub and spoke topology provides stronger encryption.
- D. Using a hub and spoke topology reduces the number of tunnels.
NEW QUESTION 12
Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.
Which statements are correct regarding this configuration? (Choose two.).
- A. The Phase 2 will re-key even if there is no traffic.
- B. There will be a DH exchange for each re-key.
- C. The sequence number of ESP packets received from the peer will not be checked.
- D. Quick mode selectors will default to those used in the firewall policy.
NEW QUESTION 13
What FortiGate feature can be used to prevent a cross-site scripting (XSS) attack?
- A. Web application firewall (WAF)
- B. DoS policies
- C. Rate based IPS signatures
- D. One-arm sniffer
NEW QUESTION 14
What is the maximum number of different virus databases a FortiGate can have?
- A. 5
- B. 2
- C. 3
- D. 4
NEW QUESTION 15
Examine the following CLI configuration:
config system session-ttl set default 1800
What statement is true about the effect of the above configuration line?
- A. Sessions can be idle for more than 1800 seconds.
- B. The maximum length of time a session can be open is 1800 seconds.
- C. After 1800 seconds, the end user must re-authenticate.
- D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.
NEW QUESTION 16
Which statements about high availability (HA) for FortiGates are true? (Choose two.)
- A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
- B. Heartbeat interfaces are not required on the primary device.
- C. HA management interface settings are synchronized between cluster members.
- D. Sessions handled by UTM proxy cannot be synchronized.
Recommend!! Get the Full NSE4-5.4 dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/NSE4-5.4/ (New 576 Q&As Version)