P.S. Tested NSE4-5.4 item pool are available on Google Drive, GET MORE: https://drive.google.com/open?id=1xSlEaFFo1TkP1Im8lI2_FaBp164pASCS
New Fortinet NSE4-5.4 Exam Dumps Collection (Question 5 - Question 14)
Question No: 5
Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)
A. They support GRE-over-IPsec.
B. They can be configured in both NAT/Route and transparent operation modes.
C. They require two firewall policies: one for each direction of traffic flow.
D. They support L2TP-over-IPsec.
Answer: B,D
Explanation: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Overview/Types_of_VPNs.htm
Question No: 6
Examine the routing database.
Which of the following statements are correct? (Choose two.)
A. The port3 default route has the lowest metric, making it the best route.
B. There will be eight routes active in the routing table.
C. The port3 default has a higher distance than the port1 and port2 default routes.
D. Both port1 and port2 default routers are active in the routing table.
Answer: C,D
Explanation: There\'s no metric concept on Fortigate, Only admin distance and priority
Question No: 7
Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)
A. The antivirus engine starts scanning a file after the last packet arrives.
B. It does not support FortiSandbox inspection.
C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.
D. It uses the compact antivirus database.
Answer: A,C
Question No: 8
An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)
A. Enable a web filtering profile on the firewall policy.
B. Create an application control policy.
C. Enable logging on the firewall policy.
D. Enable an application control security profile on the firewall policy.
Answer: C,D
Question No: 9
An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?
A. Only digital certificates will be accepted as an authentication method in phase 1.
B. Dialup clients must provide a username and password for authentication.
C. Phase 1 negotiations will skip pre-shared key exchange.
D. Dialup clients must provide their local ID during phase 2 negotiations.
Answer: B
Question No: 10
Which statements about high availability (HA) for FortiGates are true? (Choose two.)
A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
B. Heartbeat interfaces are not required on the primary device.
C. HA management interface settings are synchronized between cluster members.
D. Sessions handled by UTM proxy cannot be synchronized.
Answer: A,C
Question No: 11
View the exhibit.
Which statements about the exhibit are true? (Choose two.)
A. port1-VLAN10 and port2-VLAN10 can be assigned to different VDOMs.
B. port1-VLAN1 is the native VLAN for the port1 physical interface.
C. Traffic between port1-VLAN1 and port2-VLAN1 is allowed by default.
D. Broadcast traffic received in port1-VLAN10 will not be forwarded to port2-VLAN10.
Answer: A,D
Question No: 12
What does the configuration do? (Choose two.)
A. Reduces the amount of logs generated by denied traffic.
B. Enforces device detection on all interfaces for 30 minutes.
C. Blocks denied users for 30 minutes.
D. Creates a session for traffic being denied.
Answer: A,D
Question No: 13
Examine the exhibit, which contains a virtual IP and a firewall policy configuration.
The WAN(port1) interface has the IP address 10.200.1.1/24. The LAN(port2) interface has the IP address 10.0.1.254/24.
The top firewall policy has NAT enabled using outgoing interface address. The second firewall policy configured with a virtual IP (VIP) as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
A. 10.200.1.1
B. 10.0.1.254
C. Any available IP address in the WAN(port1) subnet 10.200.1.0/24
D. 10.200.1.10
Answer: A
Question No: 14
Which of the following statements are true? (Choose two.)
A. Browsers can be configured to retrieve this PAC file from the FortiGate.
B. Any web request to the 172.25.120.0/24 subnet is allowed to bypass the proxy.
C. All requests not made to Fortinet.com or the 172.25.120.0/24 subnet, have to go through altproxy.corp.com: 8060.
D. Any web request fortinet.com is allowed to bypass the proxy.
Answer: A
P.S. Easily pass NSE4-5.4 Exam with Allfreedumps Tested Dumps & pdf vce, Try Free: https://www.allfreedumps.com/NSE4-5.4-dumps.html ( New Questions)