NSE4-5.4 Online Practice Questions and Answers

An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?

A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured.

B. Enable Traffic Shaping for the appropriate SIP firewall policy.

C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command.

D. Run the set udp-idle-timer CLI command and set a lower time value.

Based on the web filtering configuration illustrated in the exhibit,

which one of the following statements is not a reasonable conclusion?

A. Users can access both the www.google.com site and the www.fortinet.com site.

B. When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site.

C. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed.

D. Downloaded content from www.google.com will be scanned for viruses if antivirus is enabled.

Which of the following statements must be true for a digital certificate to be valid? (Choose two.)

A. It must be signed by a "trusted" CA

B. It must be listed as valid in a Certificate Revocation List (CRL)

C. The CA field must be "TRUE"

D. It must be still within its validity period

A FortiGate unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which of the following statements are possible reasons for this? (Select all that apply.)

A. The external facing interface of the FortiGate unit is configured to use DHCP.

B. The FortiGate unit has not been registered.

C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured.

D. The FortiGate unit is in Transparent mode which does not support push updates.

In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic?

A. The traffic is blocked.

B. The traffic is passed.

C. The traffic is passed and logged.

D. The traffic is blocked and logged.

Which web filtering inspection mode inspects DNS traffic?

A. DNS-based

B. FQDN-based

C. Flow-based

D. URL-based

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?

A. A lookup is done only when the first packet coming from the client (SYN) arrives

B. A lookup is done when the first packet coming from the client (SYN) arrives, and a second one is performed when the first packet coming from the server (SYN/ACK) arrives.

C. Three lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).

D. A lookup is always done each time a packet arrives, from either the server or the client side.

In which order are firewall policies processed on a FortiGate unit?

A. From top to down, according with their sequence number.

B. From top to down, according with their policy ID number.

C. Based on best match.

D. Based on the priority value.

How does FortiGate look for a matching firewall policy to process traffic?

A. From top to bottom, based on the sequence numbers.

B. Based on best match.

C. From top to bottom, based on the policy ID numbers.

D. From lower to higher, based on the priority value.

In a high availability (HA) cluster operating in active-active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a secondary FortiGate?

A. Client > primary FortiGate> secondary FortiGate> primary FortiGate> web server.

B. Client > secondary FortiGate> web server.

C. Client >secondary FortiGate> primary FortiGate> web server.

D. Client> primary FortiGate> secondary FortiGate> web server.