Proper study guides for Updated Fortinet Fortinet Network Security Expert - FortiOS 5.4 certified begins with Fortinet NSE4-5.4 preparation products which designed to deliver the Pinpoint NSE4-5.4 questions by making you pass the NSE4-5.4 test at your first time. Try the free NSE4-5.4 demo right now.
P.S. Pinpoint NSE4-5.4 keys are available on Google Drive, GET MORE: https://drive.google.com/open?id=1xSlEaFFo1TkP1Im8lI2_FaBp164pASCS
New Fortinet NSE4-5.4 Exam Dumps Collection (Question 3 - Question 12)
Question No: 3
Which statements about high availability (HA) for FortiGates are true? (Choose two.)
A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.
B. Heartbeat interfaces are not required on the primary device.
C. HA management interface settings are synchronized between cluster members.
D. Sessions handled by UTM proxy cannot be synchronized.
Answer: A,C
Question No: 4
Which statements about an IPv6-over-IPv4 IPsec configuration are correct? (Choose two.)
A. The remote gateway IP must be an IPv6 address.
B. The source quick mode selector must be an IPv4 address.
C. The local gateway IP must an IPv4 address.
D. The destination quick mode selector must be an IPv6 address.
Answer: B,D
Question No: 5
An administrator needs to offload logging to FortiAnalyzer from a FortiGate with an internal hard drive. Which statements are true? (Choose two.)
A. Logs must be stored on FortiGate first, before transmitting to FortiAnalyzer
B. FortiGate uses port 8080 for log transmission
C. Log messages are transmitted as plain text in LZ4 compressed format (store-and-upload method).
D. FortiGate can encrypt communications using SSL encrypted OFTP traffic.
Answer: A,C
Question No: 6
An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy.
What else is required for the CASI profile to work properly?
A. You must enable logging for security events on the firewall policy.
B. You must activate a FortiCloud account.
C. You must apply an application control profile to the firewall policy.
D. You must enable SSL inspection on the firewall policy.
Answer: C
Question No: 7
An administrator has created a custom IPS signature. Where does the custom IPS signature have to be applied?
A. In an IPS sensor
B. In an interface.
C. In a DoS policy.
D. In an application control profile.
Answer: A
Question No: 8
When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?
A. The FortiGate unitu2021s public IP address
B. The FortiGate unitu2021s internal IP address
C. The remote useru2021s virtual IP address
D. The remote useru2021s public IP address
Answer: B
Question No: 9
View the Exhibit.
The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1. What ping option needs to be enabled before running the ping?
A. Execute ping-options source port1
B. Execute ping-options source 10.200.1.1.
C. Execute ping-options source 10.200.1.2
D. Execute ping-options source 10.0.1.254
Answer: D
Question No: 10
Which component of FortiOS performs application control inspection?
A. Kernel
B. Antivirus engine
C. IPS engine
D. Application control engine
Answer: D
Question No: 11
Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)
A. They support GRE-over-IPsec.
B. They can be configured in both NAT/Route and transparent operation modes.
C. They require two firewall policies: one for each direction of traffic flow.
D. They support L2TP-over-IPsec.
Answer: B,D
Explanation: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/IPsec_VPN_Overview/Types_of_VPNs.htm
Question No: 12
Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT, using central NAT, requires at least one central SNAT policy.
D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.
Answer: A,C
P.S. Easily pass NSE4-5.4 Exam with Surepassexam Pinpoint Dumps & pdf vce, Try Free: https://www.surepassexam.com/NSE4-5.4-exam-dumps.html ( New Questions)