Fortinet NSE4-5.4 Free Practice Questions

Question No: 6

How can you format the FortiGate flash disk?

A. Load the hardware test (HQIP) image.

B. Execute the CLI command execute formatlogdisk.

C. Load a debug FortiOS image.

D. Select the format boot device option from the BIOS menu.

View Answer

Question No: 7

An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?

A. In an IPS sensor

B. In an interface.

C. In a DoS policy.

D. In an application control profile.

View Answer

Question No: 8

Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

A. They support GRE-over-IPsec.

B. They can be configured in both NAT/Route and transparent operation modes.

C. They require two firewall policies: one for each direction of traffic flow.

D. They support L2TP-over-IPsec.

View Answer

Question No: 9

What statement describes what DNS64 does?

A. Converts DNS A record lookups to AAAA record lookups.

B. Translates the destination IPv6 address of the DNS traffic to an IPv4 address.

C. Synthesizes DNS AAAA records from A records.

D. Translates the destination IPv4 address of the DNS traffic to an IPv6 address.

View Answer

Question No: 10

View the Exhibit.

The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1. What ping option needs to be enabled before running the ping?

A. Execute ping-options source port1

B. Execute ping-options source 10.200.1.1.

C. Execute ping-options source 10.200.1.2

D. Execute ping-options source 10.0.1.254

View Answer

Question No: 11

What does the command diagnose debuf fsso-polling refresh-user do?

A. It refreshes user group information form any servers connected to the FortiGate using a collector agent.

B. It refreshes all users learned through agentless polling.

C. It displays status information and some statistics related with the polls done by FortiGate on each DC.

D. It enables agentless polling mode real-time debug.

View Answer

Question No: 12

Which statements are correct based on this output? (Choose two.)

A. The global configuration is synchronized between the primary and secondary FortiGate.

B. The all VDOM is not synchronized between the primary and secondary FortiGate.

C. The root VDOM is not synchronized between the primary and secondary FortiGate.

D. The FortiGates have three VDOMs.

View Answer

Question No: 13

Which of the following statements about NTLM authentication are correct? (Choose two.)

A. It is useful when users log in to DCs that are not monitored by a collector agent.

B. It takes over as the primary authentication method when configured alongside FSSO.

C. Multi-domain environments require DC agents on every domain controller.

D. NTLM-enabled web browsers are required.

View Answer

Question No: 14

View the exhibit.

A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?

A. Addicting.Games is allowed based on the Application Overrides configuration.

B. Addicting.Games is blocked based on the Filter Overrides configuration.

C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.

D. Addicting.Games is allowed based on the Categories configuration.

View Answer

Question No: 15

View the exhibit.

Based on this output, which statements are correct? (Choose two.)

A. FortiGate generated an event log for system conserve mode.

B. FortiGate has entered in to system conserve mode.

C. By default, the FortiGate blocks new sessions.

D. FortiGate changed the global av-failopen settings to idledrop.

View Answer