Fortinet NSE4-5.4 Free Practice Questions

New Questions 5

Which statements about DNS filter profiles are true? (Choose two.)

A. They can inspect HTTP traffic.

B. They must be applied in firewall policies with SSL inspection enabled.

C. They can block DNS request to known botnet command and control servers.

D. They can redirect blocked requests to a specific portal.

View Answer

New Questions 6

Which statements correctly describe transparent mode operation? (Choose three.)

A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.

B. The transparent FortiGate is visible to network hosts in an IP traceroute.

C. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.

D. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.

E. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.

View Answer

New Questions 7

Which statements about antivirus scanning using flow-based full scan are true? (Choose two.)

A. The antivirus engine starts scanning a file after the last packet arrives.

B. It does not support FortiSandbox inspection.

C. FortiGate can insert the block replacement page during the first connection attempt only if a virus is detected at the start of the TCP stream.

D. It uses the compact antivirus database.

View Answer

New Questions 8

View the example routing table.

Which route will be selected when trying to reach 10.20.30.254?

A. 10.20.30.0/26 [10/0] via 172.20.168.254, port2

B. The traffic will be dropped because it cannot be routed.

C. 10.20.30.0/24 [10/0] via 172.20.167.254, port3

D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1

View Answer

New Questions 9

Which traffic inspection features can be executed by a security processor (SP)? (Choose three.)

A. TCP SYN proxy

B. SIP session helper

C. Proxy-based antivirus

D. Attack signature matching

E. Flow-based web filtering

View Answer

New Questions 10

How does FortiGate verify the login credentials of a remote LDAP user?

A. FortiGate sends the user entered credentials to the LDAP server for authentication.

B. FortiGate re-generates the algorithm based on the login credentials and compares it against the algorithm stored on the LDAP server.

C. FortiGate queries its own database for credentials.

D. FortiGate queries the LDAP server for credentials.

View Answer

New Questions 11

View the exhibit.

What is the effect of the Disconnect Cluster Member operation as shown in the exhibit? (Choose two.)

A. The HA mode changes to standalone.

B. The firewall policies are deleted on the disconnected member.

C. The system hostname is set to the FortiGate serial number.

D. The port3 is configured with an IP address for management access.

View Answer

New Questions 12

How does FortiGate select the central SNAT policy that is applied to a TCP session?

A. It selects the SNAT policy specified in the configuration of the outgoing interface.

B. It selects the first matching central-SNAT policy from top to bottom.

C. It selects the central-SNAT policy with the lowest priority.

D. It selects the SNAT policy specified in the configuration of the firewall policy that matches the traffic.

View Answer

New Questions 13

Which statements about One-to-One IP pool are true? (Choose two.)

A. It allows configuration of ARP replies.

B. It allows fixed mapping of an internal address range to an external address range.

C. It is used for destination NAT.

D. It does not use port address translation.

View Answer

New Questions 14

How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

A. Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.

B. Enable the shape option in a firewall policy with service set to BitTorrent.

C. Apply a traffic shaper to a BitTorrent entry in the SSL/SSH inspection profile.

D. Apply a traffic shaper to a protocol options profile.

View Answer