We provide real NSE4-5.4 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Fortinet NSE4-5.4 Exam quickly & easily. The NSE4-5.4 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Fortinet NSE4-5.4 dumps pdf and vce product and material, you can easily pass the NSE4-5.4 exam.

Q25. An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

B. Create an application control policy.

C. Enable logging on the firewall policy.

D. Enable an application control security profile on the firewall policy.

Answer: B,D


Q26. View the exhibit.

 

The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

 

What should be done next to troubleshoot the problem?

A. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.

B. Run a sniffer in the web server.

C. Capture the traffic using an external sniffer connected to port1.

D. Execute a debug flow.

Answer: C


Q27. View the exhibit.

 

The client cannot connect to the HTTP web server. The administrator run the FortiGate built-in sniffer and got the following output:

 

What should be done next to troubleshoot the problem?

A. Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”.

B. Run a sniffer in the web server.

C. Capture the traffic using an external sniffer connected to port1.

D. Execute a debug flow.

Answer: C


Q28. What are the purposes of NAT traversal in IPsec? (Choose two.)

A. To detect intermediary NAT devices in the tunnel path.

B. To encapsulate ESP packets in UDP packets using port 4500.

C. To force a new DH exchange with each phase 2 re-key

D. To dynamically change phase 1 negotiation mode to Aggressive.

Answer: A,B


Q29. An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A. The interface has been configured for one-arm sniffer.

B. The interface is a member of a virtual wire pair.

C. The operation mode is transparent.

D. The interface is a member of a zone.

E. Captive portal is enabled in the interface.

Answer: B,C,D


Q30. Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B. ADVPN is only supported with IKEv2.

C. Tunnels are negotiated dynamically between spokes.

D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.

Answer: A,C


Q31. An administrator needs to be able to view logs for application usage on your network. What configurations are required to ensure that FortiGate generates logs for application usage activity? (Choose two.)

B. Create an application control policy.

C. Enable logging on the firewall policy.

D. Enable an application control security profile on the firewall policy.

Answer: B,D


Q32. Which statements about high availability (HA) for FortiGates are true? (Choose two.)

A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.

B. Heartbeat interfaces are not required on the primary device.

C. HA management interface settings are synchronized between cluster members.

D. Sessions handled by UTM proxy cannot be synchronized.

Answer: A,C