Fortinet Network Security Expert - FortiOS 5.4 v1.0 (NSE4-5.4)

Page:    1 / 39   
Total 575 questions

View the Exhibit.


The administrator needs to confirm that FortiGate 2 is properly routing that traffic to the 10.0.1.0/24 subnet. The administrator needs to confirm it by sending ICMP pings to FortiGate 2 from the CLI of FortiGate 1. What ping option needs to be enabled before running the ping?

  • A. Execute ping-options source port1
  • B. Execute ping-options source 10.200.1.1.
  • C. Execute ping-options source 10.200.1.2
  • D. Execute ping-options source 10.0.1.254


Answer : D

How can you format the FortiGate flash disk?

  • A. Load the hardware test (HQIP) image.
  • B. Execute the CLI command execute formatlogdisk.
  • C. Load a debug FortiOS image.
  • D. Select the format boot device option from the BIOS menu.


Answer : D

How do you configure inline SSL inspection on a firewall policy? (Choose two.)

  • A. Enable one or more flow-based security profiles on the firewall policy.
  • B. Enable the SSL/SSH Inspection profile on the firewall policy.
  • C. Execute the inline ssl inspection CLI command.
  • D. Enable one or more proxy-based security profiles on the firewall policy.


Answer : AB

Which traffic sessions can be offloaded to a NP6 processor? (Choose two.)

  • A. IPv6
  • B. RIP
  • C. GRE
  • D. NAT64


Answer : AD

View the exhibit.


Based on this output, which statements are correct? (Choose two.)

  • A. FortiGate generated an event log for system conserve mode.
  • B. FortiGate has entered in to system conserve mode.
  • C. By default, the FortiGate blocks new sessions.
  • D. FortiGate changed the global av-failopen settings to idledrop.


Answer : BC

An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy.
What else is required for the CASI profile to work properly?

  • A. You must enable logging for security events on the firewall policy.
  • B. You must activate a FortiCloud account.
  • C. You must apply an application control profile to the firewall policy.
  • D. You must enable SSL inspection on the firewall policy.


Answer : D

How does FortiGate look for a matching firewall policy to process traffic?

  • A. From top to bottom, based on the sequence numbers.
  • B. Based on best match.
  • C. From top to bottom, based on the policy ID numbers.
  • D. From lower to higher, based on the priority value.


Answer : A

How do you configure a FortiGate to do traffic shaping of P2P traffic, such as BitTorrent?

  • A. Apply an application control profile allowing BitTorrent to a firewall policy and configure a traffic shaping policy.
  • B. Enable the shape option in a firewall policy with service set to BitTorrent.
  • C. Apply a traffic shaper to a BitTorrent entry in the SSL/SSH inspection profile.
  • D. Apply a traffic shaper to a protocol options profile.


Answer : A

Which file names will match the *.tiff file name pattern configured in a data leak prevention filter? (Choose two.)

  • A. tiff.tiff [1]
  • C. tiff.jpeg
  • D. gif.tiff


Answer : AD

An administrator has configured a dialup IPsec VPN with XAuth. Which method statement best describes this scenario?

  • A. Only digital certificates will be accepted as an authentication method in phase 1.
  • B. Dialup clients must provide a username and password for authentication.
  • C. Phase 1 negotiations will skip pre-shared key exchange.
  • D. Dialup clients must provide their local ID during phase 2 negotiations.


Answer : B

View the exhibit.


VDOM1 is operating is transparent mode VDOM2 is operating in NAT Route mode. There is an inter-VDOM link between both VDOMs. A client workstation with the IP address 10.0.1.10/24 is connected to port2. A web server with the IP address 10.200.1.2/24 is connected to port1.
What is required in the FortiGate configuration to route and allow connections from the client workstation to the web server? (Choose two.)

  • A. A static or dynamic route in VDOM2 with the subnet 10.0.1.0/24 as the destination.
  • B. A static or dynamic route in VDOM1 with the subnet 10.200.1.0/24 as the destination.
  • C. One firewall policy in VDOM1 with port2 as the source interface and InterVDOM0 as the destination interface.
  • D. One firewall policy in VDOM2 with InterVDOM1 as the source interface and port1 as the destination interface.


Answer : AC

Which component of FortiOS performs application control inspection?

  • A. Kernel
  • B. Antivirus engine
  • C. IPS engine
  • D. Application control engine


Answer : C

Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

  • A. They support GRE-over-IPsec.
  • B. They can be configured in both NAT/Route and transparent operation modes.
  • C. They require two firewall policies: one for each direction of traffic flow.
  • D. They support L2TP-over-IPsec.


Answer : BD

What statement describes what DNS64 does?

  • A. Converts DNS A record lookups to AAAA record lookups.
  • B. Translates the destination IPv6 address of the DNS traffic to an IPv4 address.
  • C. Synthesizes DNS AAAA records from A records.
  • D. Translates the destination IPv4 address of the DNS traffic to an IPv6 address.


Answer : B

What does the command diagnose debug fsso-polling refresh-user do?

  • A. It refreshes user group information form any servers connected to the FortiGate using a collector agent.
  • B. It refreshes all users learned through agentless polling.
  • C. It displays status information and some statistics related with the polls done by FortiGate on each DC.
  • D. It enables agentless polling mode real-time debug.


Answer : B

Page:    1 / 39   
Total 575 questions