What Tested NSE4-5.4 exam Is?

Q5. Which statements about FortiGate inspection modes are true? (Choose two.)

A. The default inspection mode is proxy based.

B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.

C. Proxy-based inspection is not available in VDOMs operating in transparent mode.

D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.

View Answer

Q6. In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

A. Client > primary FortiGate> secondary FortiGate> primary FortiGate> web server.

B. Client > secondary FortiGate> web server.

C. Client >secondary FortiGate> primary FortiGate> web server.

D. Client> primary FortiGate> secondary FortiGate> web server.

View Answer

Q7. How does FortiGate look for a matching firewall policy to process traffic?

A. From top to bottom, based on the sequence numbers.

B. Based on best match.

C. From top to bottom, based on the policy ID numbers.

D. From lower to higher, based on the priority value.

View Answer

Q8. View the exhibit.

When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?

A. The user is required to authenticate before accessing sites with untrusted SSL certificates.

B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.

C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.

D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).

View Answer

Q9. Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)

A. The remote gateway IP must be an IPv6 address.

B. The source quick mode selector must be an IPv4 address.

C. The local gateway IP must an IPv4 address.

D. The destination quick mode selector must be an IPv6 address.

View Answer

Q10. Which statements about IP-based explicit proxy authentication are true? (Choose two.)

A. IP-based authentication is best suited to authenticating users behind a NAT device.

B. Sessions from the same source address are treated as a single user.

C. IP-based authentication consumes less FortiGateu2021s memory than session-based authentication.

D. FortiGate remembers authenticated sessions using browser cookies.

View Answer

Q11. An administrator wants to configure a FortiGate as a DNS server. The FortiGate must use its DNS database first, and then relay all irresolvable queries to an external DNS server. Which of the following DNS method must you use?

A. Non-recursive

B. Recursive

C. Forward to primary and secondary DNS

D. Forward to system DNS

View Answer

Q12. View the exhibit.

Based on this output, which statements are correct? (Choose two.)

A. FortiGate generated an event log for system conserve mode.

B. FortiGate has entered in to system conserve mode.

C. By default, the FortiGate blocks new sessions.

D. FortiGate changed the global av-failopen settings to idledrop.

View Answer

Q13. Which statements about One-to-One IP pool are true? (Choose two.)

A. It allows configuration of ARP replies.

B. It allows fixed mapping of an internal address range to an external address range.

C. It is used for destination NAT.

D. It does not use port address translation.

View Answer

Q14. Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

A. FQDN address

B. IP pool

C. User or user group

D. Firewall service

View Answer