we provide Top Quality Fortinet NSE4-5.4 free exam which are the best for clearing NSE4-5.4 test, and to get certified by Fortinet Fortinet Network Security Expert - FortiOS 5.4. The NSE4-5.4 Questions & Answers covers all the knowledge points of the real NSE4-5.4 exam. Crack your Fortinet NSE4-5.4 Exam with latest dumps, guaranteed!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Fortinet NSE4-5.4 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW NSE4-5.4 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/NSE4-5.4-exam-dumps.html
P.S. Top Quality NSE4-5.4 lab are available on Google Drive, GET MORE: https://drive.google.com/open?id=1qNqkyfzMtD_JBMTiOJF0Q0poKyl3pZ-7
New Fortinet NSE4-5.4 Exam Dumps Collection (Question 7 - Question 16)
Q7. What does the command diagnose debuf fsso-polling refresh-user do?
A. It refreshes user group information form any servers connected to the FortiGate using a collector agent.
B. It refreshes all users learned through agentless polling.
C. It displays status information and some statistics related with the polls done by FortiGate on each DC.
D. It enables agentless polling mode real-time debug.
Answer: C
Q8. Which statements about FortiGate inspection modes are true? (Choose two.)
A. The default inspection mode is proxy based.
B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.
C. Proxy-based inspection is not available in VDOMs operating in transparent mode.
D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.
Answer: A,C
Q9. View the exhibit.
A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?
A. Addicting.Games is allowed based on the Application Overrides configuration.
B. Addicting.Games is blocked based on the Filter Overrides configuration.
C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
D. Addicting.Games is allowed based on the Categories configuration.
Answer: A
Q10. Which configuration steps must be performed on both units to support this scenario? (Choose three.)
A. Define the phase 2 parameters.
B. Set the phase 2 encapsulation method to transport mode.
C. Define at least one firewall policy, with the action set to IPsec.
D. Define a route to the remote network over the IPsec tunnel.
E. Define the phase 1 parameters, without enabling IPsec interface mode.
Answer: A,D,E
Q11. Which of the following statements about NTLM authentication are correct? (Choose two.)
A. It is useful when users log in to DCs that are not monitored by a collector agent.
B. It takes over as the primary authentication method when configured alongside FSSO.
C. Multi-domain environments require DC agents on every domain controller.
D. NTLM-enabled web browsers are required.
Answer: A,C
Q12. View the exhibit.
Which of the following statements are correct? (Choose two.)
A. This is a redundant IPsec setup.
B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
C. This setup requires at least two firewall policies with action set to IPsec.
D. Dead peer detection must be disabled to support this type of IPsec setup.
Answer: A,B
Q13. How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?
A. Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.
B. Enable the shape option in a firewall policy with service set to BitTorrent.
C. Apply a traffic shaper to a BitTorrent entry in the SSL/SSH inspection profile.
D. Apply a traffic shaper to a protocol options profile.
Answer: B
Q14. Examine the routing database.
Which of the following statements are correct? (Choose two.)
A. The port3 default route has the lowest metric, making it the best route.
B. There will be eight routes active in the routing table.
C. The port3 default has a higher distance than the port1 and port2 default routes.
D. Both port1 and port2 default routers are active in the routing table.
Answer: C,D
Explanation: There\'s no metric concept on Fortigate, Only admin distance and priority
Q15. What are the purposes of NAT traversal in IPsec? (Choose two.)
A. To detect intermediary NAT devices in the tunnel path.
B. To encapsulate ESP packets in UDP packets using port 4500.
C. To force a new DH exchange with each phase 2 re-key
D. To dynamically change phase 1 negotiation mode to Aggressive.
Answer: A,B
Q16. Which statements about high availability (HA) for FortiGates are true? (Choose two.)
A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
B. Heartbeat interfaces are not required on the primary device.
C. HA management interface settings are synchronized between cluster members.
D. Sessions handled by UTM proxy cannot be synchronized.
Answer: A,C
100% Latest Fortinet NSE4-5.4 Questions & Answers shared by Certleader, Get HERE: https://www.certleader.com/NSE4-5.4-dumps.html (New Q&As)
