P.S. Downloadable NSE4-5.4 secret are available on Google Drive, GET MORE: https://drive.google.com/open?id=1xSlEaFFo1TkP1Im8lI2_FaBp164pASCS
New Fortinet NSE4-5.4 Exam Dumps Collection (Question 3 - Question 12)
New Questions 3
How does FortiGate look for a matching firewall policy to process traffic?
A. From top to bottom, based on the sequence numbers.
B. Based on best match.
C. From top to bottom, based on the policy ID numbers.
D. From lower to higher, based on the priority value.
Answer: A
New Questions 4
Which of the following statements about NTLM authentication are correct? (Choose two.)
A. It is useful when users log in to DCs that are not monitored by a collector agent.
B. It takes over as the primary authentication method when configured alongside FSSO.
C. Multi-domain environments require DC agents on every domain controller.
D. NTLM-enabled web browsers are required.
Answer: A,C
New Questions 5
View the exhibit.
Which of the following statements are correct? (Choose two.)
A. This is a redundant IPsec setup.
B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
C. This setup requires at least two firewall policies with action set to IPsec.
D. Dead peer detection must be disabled to support this type of IPsec setup.
Answer: A,B
New Questions 6
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
B. ADVPN is only supported with IKEv2.
C. Tunnels are negotiated dynamically between spokes.
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
Answer: A,C
New Questions 7
Which statements about FortiGate inspection modes are true? (Choose two.)
A. The default inspection mode is proxy based.
B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.
C. Proxy-based inspection is not available in VDOMs operating in transparent mode.
D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.
Answer: A,C
New Questions 8
Which statements about application control are true? (Choose two.)
A. Enabling application control profile in a security profile enables application control for all the traffic flowing through the FortiGate.
B. It cannot take an action on unknown applications.
C. It can inspect encrypted traffic.
D. It can identify traffic from known applications, even when they are using non-standard TCP/UDP ports.
Answer: A,D
New Questions 9
What step is required to configure an SSL VPN to access to an internal server using port forward mode?
A. Configure the virtual IP addresses to be assigned to the SSL VPN users.
B. Install FortiClient SSL VPN client
C. Create a SSL VPN realm reserved for clients using port forward mode.
D. Configure the client application to forward IP traffic to a Java applet proxy.
Answer: D
New Questions 10
View the exhibit.
When Role is set to Undefined, which statement is true?
A. The GUI provides all the configuration options available for the port1 interface.
B. You cannot configure a static IP address for the port1 interface because it allows only DHCP addressing mode.
C. Firewall policies can be created from only the port1 interface to any interface.
D. The port1 interface is reserved for management only.
Answer: A
New Questions 11
View the exhibit.
The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:
What should be done next to troubleshoot the problem?
A. Execute another sniffer in the FortiGate, this time with the filter u201chost 10.0.1.10u201d.
B. Run a sniffer in the web server.
C. Capture the traffic using an external sniffer connected to port1.
D. Execute a debug flow.
Answer: D
New Questions 12
How can a browser trust a web-server certificate signed by a third party CA?
A. The browser must have the CA certificate that signed the web-server certificate installed.
B. The browser must have the web-server certificate installed.
C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.
D. The browser must have the public key of the web-server certificate installed.
Answer: A
100% Up to the minute Fortinet NSE4-5.4 Questions & Answers shared by Examcollection, Get HERE: http://www.examcollectionuk.com/NSE4-5.4-vce-download.html (New Q&As)