Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

NSE4-5.4Free trial

By fortinet

Verified

25Q per page

Question 1

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

A: The interface has been configured for one-arm sniffer.
B: The interface is a member of a virtual wire pair.
C: The operation mode is transparent.
D: The interface is a member of a zone.
E: Captive portal is enabled in the interface.

—

Question 2

Examine the following web filtering log.

Which statement about the log message is true?

A: The action for the category Games is set to block.
B: The usage quota for the IP address 10.0.1.10 has expired.
C: The name of the applied web filter profile is default.
D: The web site miniclip.com matches a static URL filter whose action is set to Warning.

—

Question 3

Examine this output from a debug flow:

Which statements about the output are correct? (Choose two.)

A: The packet was allowed by the firewall policy with the ID 00007fc0.
B: FortiGate routed the packet through port3.
C: FortiGate received a TCP SYN/ACK packet.
D: The source IP address of the packet was translated to 10.0.1.10.

—

Question 4

View the exhibit.

Which users and user groups are allowed access to the network through captive portal?

A: Only individual usersג€"not groupsג€"defined in the captive portal configuration.
B: Groups defined in the captive portal configuration
C: All users
D: Users and groups defined in the firewall policy.

—

Question 5

An administrator needs to create a tunnel mode SSLVPN to access an internal web server from the Internet. The web server is connected to port1. The Internet is connected to port2. Both interfaces belong to the VDOM named Corporation. What interface must be used as the source for the firewall policy that will allow this traffic?

A: ssl.root
B: ssl.Corporation
C: port2
D: port1

—

Question 6

View the exhibit.

Why is the administrator getting the error shown in the exhibit?

A: The administrator admin does not have the privileges required to configure global settings.
B: The global settings cannot be configured from the root VDOM context.
C: The command config system global does not exist in FortiGate.
D: The administrator must first enter the command edit global.

—

Question 7

What FortiGate feature can be used to block a ping sweep scan from an attacker?

A: Web application firewall (WAF)
B: Rate based IPS signatures
C: One-arm sniffer
D: DoS policies

—

Question 8

Which statements about the firmware upgrade process on an active-active high availability (HA) cluster are true? (Choose two.)

A: The firmware image must be manually uploaded to each FortiGate.
B: Only secondary FortiGate devices are rebooted.
C: Uninterruptable upgrade is enabled by default.
D: Traffic load balancing is temporally disabled while upgrading the firmware.

—

Question 9

View the example routing table.

Which route will be selected when trying to reach 10.20.30.254?

A: 10.20.30.0/26 [10/0] via 172.20.168.254, port2
B: The traffic will be dropped because it cannot be routed.
C: 10.20.30.0/24 [10/0] via 172.20.167.254, port3
D: 0.0.0.0/0 [10/0] via 172.20.121.2, port1

—

Question 10

View the exhibit.

Which statements are correct, based on this output? (Choose two.)

A: The FortiGate have three VDOMs.
B: The all VDOM is not synchronized between the primary and secondary FortiGate.
C: The global configuration is synchronized between the primary and secondary FortiGate.
D: The root VDOM is not synchronized between the primary and secondary FortiGate.

—

Question 11

What IPv6 extension header can be used to provide encryption and data confidentiality?

A: Mobility
B: ESP
C: Authentication
D: Destination options

—

Question 12

Which two statements are true about IPsec VPNs and SSL VPNs? (Choose two.)

A: SSL VPN creates a HTTPS connection. IPsec does not.
B: Both SSL VPNs and IPsec VPNs are standard protocols.
C: Either a SSL VPN or an IPsec VPN can be established between two FortiGate devices.
D: Either a SSL VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device.

—

Question 13

What is a valid reason for using session based authentication instead of IP based authentication in a FortiGate web proxy solution?

A: Users are required to manually enter their credentials each time they connect to a different web site.
B: Proxy users are authenticated via FSSO.
C: There are multiple users sharing the same IP address.
D: Proxy users are authenticated via RADIUS.

—

That’s the end of your free questions

You’ve reached the preview limit for NSE4-5.4

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 62

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!