It is impossible to pass Fortinet NSE4-5.4 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Fortinet NSE4-5.4 practice questions. You will get a surprising result by our Renew Fortinet Network Security Expert - FortiOS 5.4 practice guides.

Q17. Which of the following statements about central NAT are true? (Choose two.)

A. IP tool references must be removed from existing firewall policies before enabling central NAT.

B. Central NAT can be enabled or disabled from the CLI only.

C. Source NAT, using central NAT, requires at least one central SNAT policy.

D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.

Answer: A,C


Q18. If traffic matches a DLP filter with the action set to Quarantine IP Address, what action does the FortiGate take?

A. It blocks all future traffic for that IP address for a configured interval.

B. It archives the data for that IP address.

C. It provides a DLP block replacement page with a link to download the file.

D. It notifies the administrator by sending an email.

Answer: A


Q19. An administrator has configured two VLAN interfaces:

 

A DHCP server is connected to the VLAN10 interface. A DHCP client is connected to the VLAN5 interface. However, the DHCP client cannot get a dynamic IP address from the DHCP server. What is the cause of the problem?

A. Both interfaces must be in different VDOMs

B. Both interfaces must have the same VLAN ID.

C. The role of the VLAN10 interface must be set to server.

D. Both interfaces must belong to the same forward domain.

Answer: B


Q20. How can a browser trust a web-server certificate signed by a third party CA?

A. The browser must have the CA certificate that signed the web-server certificate installed.

B. The browser must have the web-server certificate installed.

C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.

D. The browser must have the public key of the web-server certificate installed.

Answer: A


Q21. Which statements about DNS filter profiles are true? (Choose two.)

A. They can inspect HTTP traffic.

B. They must be applied in firewall policies with SSL inspection enabled.

C. They can block DNS request to known botnet command and control servers.

D. They can redirect blocked requests to a specific portal.

Answer: B,C


Q22. Which statements about DNS filter profiles are true? (Choose two.)

A. They can inspect HTTP traffic.

B. They must be applied in firewall policies with SSL inspection enabled.

C. They can block DNS request to known botnet command and control servers.

D. They can redirect blocked requests to a specific portal.

Answer: B,C


Q23. How can a browser trust a web-server certificate signed by a third party CA?

A. The browser must have the CA certificate that signed the web-server certificate installed.

B. The browser must have the web-server certificate installed.

C. The browser must have the private key of CA certificate that signed the web-browser certificate installed.

D. The browser must have the public key of the web-server certificate installed.

Answer: A


Q24. View the exhibit.

 

(Choose two.)

A. The HA mode changes to standalone.

B. The firewall policies are deleted on the disconnected member.

C. The system hostname is set to the FortiGate serial number.

D. The port3 is configured with an IP address for management access.

Answer: A,D