Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
P.S. Precise NSE4-5.4 interactive bootcamp are available on Google Drive, GET MORE: https://drive.google.com/open?id=1xSlEaFFo1TkP1Im8lI2_FaBp164pASCS
Question No: 1
An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)
A. Enable a web filtering profile on the firewall policy.
B. Create an application control policy.
C. Enable logging on the firewall policy.
D. Enable an application control security profile on the firewall policy.
Answer: C,D
Question No: 2
An administrator is using the FortiGate built-in sniffer to capture HTTP traffic between a client and a server, however, the sniffer output shows only the packets related with TCP session setups and disconnections. Why?
A. The administrator is running the sniffer on the internal interface only.
B. The filter used in the sniffer matches the traffic only in one direction.
C. The FortiGate is doing content inspection.
D. TCP traffic is being offloaded to an NP6.
Answer: D
Question No: 3
Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)
A. The remote gateway IP must be an IPv6 address.
B. The source quick mode selector must be an IPv4 address.
C. The local gateway IP must an IPv4 address.
D. The destination quick mode selector must be an IPv6 address.
Answer: B,D
Question No: 4
Which statements about FortiGate inspection modes are true? (Choose two.)
A. The default inspection mode is proxy based.
B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.
C. Proxy-based inspection is not available in VDOMs operating in transparent mode.
D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.
Answer: A,C
Question No: 5
How does FortiGate look for a matching firewall policy to process traffic?
A. From top to bottom, based on the sequence numbers.
B. Based on best match.
C. From top to bottom, based on the policy ID numbers.
D. From lower to higher, based on the priority value.
Answer: A
Question No: 6
What information is flushed when the chunk-size value is changed in the config dlp settings?
A. The database for DLP document fingerprinting
B. The supported file types in the DLP filters
C. The archived files and messages
D. The file name patterns in the DLP filters
Answer: A
Question No: 7
What inspections are executed by the IPS engine? (Choose three.)
A. Application control
B. Flow-based data leak prevention
C. Proxy-based antispam
D. Flow-based web filtering
E. Proxy-based antivirus
Answer: A,B,D
Question No: 8
A client workstation is connected to FortiGate port2. The Fortigate port1 is connected to an ISP router. Port2 and port3 are both configured as a software switch.
What IP address must be configured in the workstation as the default gateway?
A. The port2u2021s IP address.
B. The routeru2021s IP address.
C. The FortiGateu2021s management IP address.
D. The software switch interfaceu2021s IP address.
Answer: A
Question No: 9
Which statement about data leak prevention (DLP) on a FortiGate is true?
A. Traffic shaping can be applied to DLP sensors.
B. It can be applied to a firewall policy in a flow-based VDOM.
C. Files can be sent to FortiSandbox for detecting DLP threats.
D. It can archive files and messages.
Answer: D
Question No: 10
What is FortiGateu2021s behavior when local disk logging is disabled?
A. Only real-time logs appear on the FortiGate dashboard.
B. No logs are generated.
C. Alert emails are disabled.
D. Remote logging is automatically enabled.
Answer: A
100% Avant-garde Fortinet NSE4-5.4 Questions & Answers shared by Certifytools, Get HERE: https://www.certifytools.com/NSE4-5.4-exam.html (New Q&As)