Want to know Testking NSE5 Exam practice test features? Want to lear more about Fortinet Fortinet Network Security Expert 5 Written Exam (500) certification experience? Study Top Quality Fortinet NSE5 answers to Replace NSE5 questions at Testking. Gat a success with an absolute guarantee to pass Fortinet NSE5 (Fortinet Network Security Expert 5 Written Exam (500)) test on your first attempt.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Fortinet NSE5 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW NSE5 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/NSE5-exam-dumps.html
Q41. - (Topic 2)
Examine the Exhibits shown below, then answer the question that follows. Review the following DLP Sensor (Exhibit 1):
Review the following File Filter list for rule #1 (Exhibit 2):
Review the following File Filter list for rule #2 (Exhibit 3):
Review the following File Filter list for rule #3 (Exhibit 4):
An MP3 file is renamed to ‘workbook.exe’ and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4.
Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?
A. The file will be detected by rule #1 as an ‘Audio (mp3)’, a log entry will be created and it will be allowed to pass through.
B. The file will be detected by rule #2 as a “*.exe”, a log entry will be created and the interface that received the traffic will be brought down.
C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.
D. Nothing, the file will go undetected.
Answer: A
Q42. - (Topic 2)
Shown below is a section of output from the debug command diag ip arp list.
index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1
In the output provided, which of the following best describes the IP address 172.20.187.150?
A. It is the primary IP address of the port1 interface.
B. It is one of the secondary IP addresses of the port1 interface.
C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.
Answer: C
Q43. - (Topic 1)
When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge.
Select all supported protocols from the following:
A. SMTP
B. SSH
C. HTTP
D. FTP
E. SCP
Answer: C,D
Q44. - (Topic 3)
In order to load-share traffic using multiple static routes, the routes must be configured with ...
A. the same distance and same priority.
B. the same distance and the same weight.
C. the same distance but each of them must be assigned a unique priority.
D. a distance equal to its desired weight for ECMP but all must have the same priority.
Answer: A
Q45. - (Topic 3)
An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings.
Which of the following statements are correct regarding the IPSec VPN configuration?
A. To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network.
B. The virtual IPSec interface is automatically created after the phase1 configuration.
C. The IPSec policies must be placed at the top of the list.
D. This VPN cannot be used as part of a hub and spoke topology.
E. Routes were automatically created based on the address objects in the firewall policies.
Answer: B
Q46. - (Topic 1)
Which of the following network protocols are supported for administrative access to a FortiGate unit?
A. HTTPS, HTTP, SSH, TELNET, PING, SNMP
B. FTP, HTTPS, NNTP, TCP, WINS
C. HTTP, NNTP, SMTP, DHCP
D. Telnet, FTP, RLOGIN, HTTP, HTTPS, DDNS
E. Telnet, UDP, NNTP, SMTP
Answer: A
Q47. - (Topic 3)
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration.
C. Using a hub and spoke topology provides stronger encryption.
D. Using a hub and spoke topology reduces the number of tunnels.
Answer: B,D
Q48. - (Topic 1)
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. How are UTM features applied to traffic?
A. One or more UTM features are enabled in a firewall policy.
B. In the system configuration for that UTM feature, you can identify the policies to which the feature is to be applied.
C. Enable the appropriate UTM objects and identify one of them as the default.
D. For each UTM object, identify which policy will use it.
Answer: A
Q49. - (Topic 2)
With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.
If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)
A. The login event is sent to the Collector Agent.
B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.
C. The Collector Agent performs the DNS lookup for the authenticated client’s IP address.
D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.
Answer: A,C
Q50. - (Topic 3)
In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling.
Which of the following statements is true about the IP address used by the SSL VPN client?
A. The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings.
B. Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established.
C. The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options.
Answer: A
