we provide Pinpoint Fortinet NSE4-5.4 exam guide which are the best for clearing NSE4-5.4 test, and to get certified by Fortinet Fortinet Network Security Expert - FortiOS 5.4. The NSE4-5.4 Questions & Answers covers all the knowledge points of the real NSE4-5.4 exam. Crack your Fortinet NSE4-5.4 Exam with latest dumps, guaranteed!
P.S. Pinpoint NSE4-5.4 pack are available on Google Drive, GET MORE: https://drive.google.com/open?id=1qNqkyfzMtD_JBMTiOJF0Q0poKyl3pZ-7
New Fortinet NSE4-5.4 Exam Dumps Collection (Question 1 - Question 10)
Question No: 1
View the exhibit.
Which of the following statements are correct? (Choose two.)
A. This is a redundant IPsec setup.
B. The TunnelB route is the primary one for searching the remote site. The TunnelA route is used only if the TunnelB VPN is down.
C. This setup requires at least two firewall policies with action set to IPsec.
D. Dead peer detection must be disabled to support this type of IPsec setup.
Answer: A,B
Question No: 2
View the exhibit.
A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting.Games). Based on this configuration, which statement is true?
A. Addicting.Games is allowed based on the Application Overrides configuration.
B. Addicting.Games is blocked based on the Filter Overrides configuration.
C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
D. Addicting.Games is allowed based on the Categories configuration.
Answer: A
Question No: 3
View the exhibit.
Based on this output, which statements are correct? (Choose two.)
A. FortiGate generated an event log for system conserve mode.
B. FortiGate has entered in to system conserve mode.
C. By default, the FortiGate blocks new sessions.
D. FortiGate changed the global av-failopen settings to idledrop.
Answer: B,C
Question No: 4
An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?
A. Only digital certificates will be accepted as an authentication method in phase 1.
B. Dialup clients must provide a username and password for authentication.
C. Phase 1 negotiations will skip pre-shared key exchange.
D. Dialup clients must provide their local ID during phase 2 negotiations.
Answer: B
Question No: 5
Which statements best describe auto discovery VPN (ADVPN). (Choose two.)
A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.
B. ADVPN is only supported with IKEv2.
C. Tunnels are negotiated dynamically between spokes.
D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2 proposals are defined in advance.
Answer: A,C
Question No: 6
Which of the following statements about advanced AD access mode for FSSO collector agent are true? (Choose two.)
A. It is only supported if DC agents are deployed.
B. FortiGate can act as an LDAP client configure the group filters.
C. It supports monitoring of nested groups.
D. It uses the Windows convention for naming, that is, Domain\Username.
Answer: B,D
Question No: 7
Which statements about FortiGate inspection modes are true? (Choose two.)
A. The default inspection mode is proxy based.
B. Switching from proxy-based mode to flow-based, then back to proxy-based mode, will not result in the original configuration.
C. Proxy-based inspection is not available in VDOMs operating in transparent mode.
D. Flow-based profiles must be manually converted to proxy-based profiles before changing the inspection mode from flow based to proxy based.
Answer: A,C
Question No: 8
Which statements correctly describe transparent mode operation? (Choose three.)
A. All interfaces of the transparent mode FortiGate device must be on different IP subnets.
B. The transparent FortiGate is visible to network hosts in an IP traceroute.
C. It permits inline traffic inspection and firewalling without changing the IP scheme of the network.
D. Ethernet packets are forwarded based on destination MAC addresses, not IP addresses.
E. The FortiGate acts as transparent bridge and forwards traffic at Layer-2.
Answer: C,D,E
Question No: 9
Which statements about DNS filter profiles are true? (Choose two.)
A. They can inspect HTTP traffic.
B. They must be applied in firewall policies with SSL inspection enabled.
C. They can block DNS request to known botnet command and control servers.
D. They can redirect blocked requests to a specific portal.
Answer: C,D
Question No: 10
What are the purposes of NAT traversal in IPsec? (Choose two.)
A. To detect intermediary NAT devices in the tunnel path.
B. To encapsulate ESP packets in UDP packets using port 4500.
C. To force a new DH exchange with each phase 2 re-key
D. To dynamically change phase 1 negotiation mode to Aggressive.
Answer: A,B
P.S. Easily pass NSE4-5.4 Exam with Allfreedumps Pinpoint Dumps & pdf vce, Try Free: https://www.allfreedumps.com/NSE4-5.4-dumps.html ( New Questions)