NSE4-5.4 | Virtual NSE4-5.4 Exam Questions and Answers 2019

Our pass rate is high to 98.9% and the similarity percentage between our and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE4-5.4 exam in just one try? I am currently studying for the . Latest , Try Fortinet NSE4-5.4 Brain Dumps First.

Check NSE4-5.4 free dumps before getting the full version:

What action does an IPsec Gateway take with the user traffic routed to an IPsec VPN when it does not
match any phase 2 quick mode selector?

  • A. Traffic is dropped
  • B. Traffic is routed across the default phase 2.
  • C. Traffic is routed to the next available route in the routing table.
  • D. Traffic is routed unencrypted to the interface where the IPsec VPN is terminating.

Answer: A

Caching improves performance by reducing FortiGate unit requests to the FortiGuard server. Which
of the following statements are correct regarding the caching of FortiGuard responses? (Select all that apply.)

  • A. Caching is available for web filtering, antispam, and IPS requests.
  • B. The cache uses a small portion of the FortiGate system memory.
  • C. When the cache is full, the least recently used IP address or URL is deleted from the cache.
  • D. An administrator can configure the number of seconds to store information in the cache before the FortiGate unit contacts the FortiGuard server again.
  • E. The size of the cache will increase to accommodate any number of cached queries.

Answer: BCD

Files that are larger than the oversized limit are subjected to which Antivirus check?

  • A. Grayware
  • B. Virus
  • C. Sandbox
  • D. Heuristic

Answer: C

Examine the following spanning tree configuration on a FortiGate in transparent mode:
NSE4-5 dumps exhibit
Which statement is correct for the above configuration?

  • A. The FortiGate participates in spanning tree.
  • B. The FortiGate device forwards received spanning tree messages.
  • C. Ethernet layer-2 loops are likely to occur.
  • D. The FortiGate generates spanning tree BPDU frames.

Answer: B

Which is true of FortiGate's session table?

  • A. NAT/PAT is shown in the central NAT table, not the session table.
  • B. It shows TCP connection states.
  • C. It shows IP, SSL, and HTTP sessions.
  • D. It does not show UDP or ICMP connection state codes, because those protocols are connectionless.

Answer: B

In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the
Firewall, which of the following statements describes the action taken on traffic?

  • A. The traffic is blocked.
  • B. The traffic is passed.
  • C. The traffic is passed and logged.
  • D. The traffic is blocked and logged.

Answer: A

Which antivirus and attack definition update options are supported by FortiGate units? (Choose two.)

  • A. Manual update by downloading the signatures from the support site.
  • B. Pull updates from the FortiGate.
  • C. Push updates from a FortiAnalyzer.
  • D. execute fortiguard-AV-AS command from the CLI.

Answer: AB

Which of the following Session TTL values will take precedence?

  • A. Session TTL specified at the system level for that port number
  • B. Session TTL specified in the matching firewall policy
  • C. Session TTL dictated by the application control list associated with the matching firewall policy
  • D. The default session TTL specified at the system level

Answer: C

Which of the following DLP actions will override any other action?

  • A. Exempt
  • B. Quarantine Interface
  • C. Block
  • D. None

Answer: A

Which traffic can match a firewall policy's "Services" setting? (Choose three.)

  • A. HTTP
  • B. SSL
  • C. DNS
  • D. RSS
  • E. HTTPS

Answer: ACE

What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-
meshed set of IPSec tunnels? (Select all that apply.)

  • A. Using a hub and spoke topology is required to achieve full redundancy.
  • B. Using a hub and spoke topology simplifies configuration.
  • C. Using a hub and spoke topology provides stronger encryption.
  • D. Using a hub and spoke topology reduces the number of tunnels.

Answer: BD

Review the IPsec phase 2 configuration shown in the exhibit; then answer the question below.
NSE4-5 dumps exhibit
Which statements are correct regarding this configuration? (Choose two.).

  • A. The Phase 2 will re-key even if there is no traffic.
  • B. There will be a DH exchange for each re-key.
  • C. The sequence number of ESP packets received from the peer will not be checked.
  • D. Quick mode selectors will default to those used in the firewall policy.

Answer: AB

What FortiGate feature can be used to prevent a cross-site scripting (XSS) attack?

  • A. Web application firewall (WAF)
  • B. DoS policies
  • C. Rate based IPS signatures
  • D. One-arm sniffer

Answer: A

What is the maximum number of different virus databases a FortiGate can have?

  • A. 5
  • B. 2
  • C. 3
  • D. 4

Answer: B

Examine the following CLI configuration:
config system session-ttl set default 1800
What statement is true about the effect of the above configuration line?

  • A. Sessions can be idle for more than 1800 seconds.
  • B. The maximum length of time a session can be open is 1800 seconds.
  • C. After 1800 seconds, the end user must re-authenticate.
  • D. After a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both client and server.

Answer: A

Which statements about high availability (HA) for FortiGates are true? (Choose two.)

  • A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
  • B. Heartbeat interfaces are not required on the primary device.
  • C. HA management interface settings are synchronized between cluster members.
  • D. Sessions handled by UTM proxy cannot be synchronized.

Answer: AC

Recommend!! Get the Full NSE4-5.4 dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/NSE4-5.4/ (New 576 Q&As Version)