Want to Pass NSE4-5.4 Exam In Next HOURS? Get it now →
September 25, 2018

The Secret of NSE4-5.4 free download

It is more faster and easier to pass the Fortinet NSE4-5.4 exam by using Accurate Fortinet Fortinet Network Security Expert - FortiOS 5.4 questuins and answers. Immediate access to the Refresh NSE4-5.4 Exam and find the same core area NSE4-5.4 questions with professionally verified answers, then PASS your exam with a high score now.

P.S. Accurate NSE4-5.4 bundle are available on Google Drive, GET MORE: https://drive.google.com/open?id=1xSlEaFFo1TkP1Im8lI2_FaBp164pASCS

New Fortinet NSE4-5.4 Exam Dumps Collection (Question 4 - Question 13)

New Questions 4

Which statement about data leak prevention (DLP) on a FortiGate is true?

A. Traffic shaping can be applied to DLP sensors.

B. It can be applied to a firewall policy in a flow-based VDOM.

C. Files can be sent to FortiSandbox for detecting DLP threats.

D. It can archive files and messages.

Answer: D

New Questions 5

What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

A. Traffic to inappropriate web sites

B. SQL injection attacks

C. Server information disclosure attacks

D. Credit card data leaks

E. Traffic to botnet command and control (C&C) servers

Answer: B,C,E

New Questions 6

An administrator has configured a route-based IPsec VPN between two FortiGates. Which statement about this IPsec VPN configuration is true?

A. A phase 2 configuration is not required.

B. This VPN cannot be used as part of a hub and spoke topology.

C. The IPsec firewall policies must be placed at the top of the list.

D. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.

Answer: D

New Questions 7

Which statement about the firewall policy authentication timeout is true?

A. It is a hard timeout. The FortiGate removes the temporary policy for a useru2019s source IP address after this times expires.

B. It is a hard timeout. The FortiGate removes the temporary policy for a useru2019s source MAC address after this times expires.

C. It is an idle timeout. The FortiGate considers a user to be idle if it does not see any

packets coming from the useru2019s source MAC address.

D. It is an idle timeout. The FortiGate considers a user to be idle if it does not see any packets coming from the useru2019s source IP.

Answer: D

New Questions 8

Which configuration steps must be performed on both units to support this scenario? (Choose three.)

A. Define the phase 2 parameters.

B. Set the phase 2 encapsulation method to transport mode.

C. Define at least one firewall policy, with the action set to IPsec.

D. Define a route to the remote network over the IPsec tunnel.

E. Define the phase 1 parameters, without enabling IPsec interface mode.

Answer: A,D,E

New Questions 9

Which statements about high availability (HA) for FortiGates are true? (Choose two.)

A. Virtual clustering can be configured between two FortiGate devices with multiple VDOM.

B. Heartbeat interfaces are not required on the primary device.

C. HA management interface settings are synchronized between cluster members.

D. Sessions handled by UTM proxy cannot be synchronized.

Answer: A,C

New Questions 10

Which statements about DNS filter profiles are true? (Choose two.)

A. They can inspect HTTP traffic.

B. They must be applied in firewall policies with SSL inspection enabled.

C. They can block DNS request to known botnet command and control servers.

D. They can redirect blocked requests to a specific portal.

Answer: C,D

New Questions 11

How to configure Collector agent settings?

A. The dead entry timeout interval is used to age out entries with an unverified status.

B. The workstation verify interval is used to periodically check if a workstation is still a domain member.

C. The user group cache expiry is used to age out the monitored groups.

D. The IP address change verify interval monitors the server IP address where the collector agent is installed, and updates the collector agent configuration if it changes.

Answer: D

New Questions 12

View the exhibit.

When a user attempts to connect to an HTTPS site, what is the expected result with this configuration?

A. The user is required to authenticate before accessing sites with untrusted SSL certificates.

B. The user is presented with certificate warnings when connecting to sites that have untrusted SSL certificates.

C. The user is allowed access all sites with untrusted SSL certificates, without certificate warnings.

D. The user is blocked from connecting to sites that have untrusted SSL certificates (no exception provided).

Answer: B

New Questions 13

Which configuration objects can be selected for the Source filed of a firewall policy? (Choose two.)

A. FQDN address

B. IP pool

C. User or user group

D. Firewall service

Answer: B,C

see more http://www.ubraindumps.com/NSE4-5.4-dumps/

P.S. Easily pass NSE4-5.4 Exam with Dumpscollection Accurate Dumps & pdf vce, Try Free: http://www.dumpscollection.net/dumps/NSE4-5.4/ ( New Questions)