It is more faster and easier to pass the Fortinet NSE5 exam by using Verified Fortinet Fortinet Network Security Expert 5 Written Exam (500) questuins and answers. Immediate access to the Latest NSE5 Exam and find the same core area NSE5 questions with professionally verified answers, then PASS your exam with a high score now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Fortinet NSE5 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW NSE5 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/NSE5-exam-dumps.html
Q61. - (Topic 3)
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?
A. Packet encryption
B. MIB-based report uploads
C. SNMP access limits through access lists
D. Running SNMP service on a non-standard port is possible
Answer: A
Q62. - (Topic 3)
Which spam filter is not available on a FortiGate device?
A. Sender IP reputation database
B. URLs included in the body of known SPAM messages.
C. Email addresses included in the body of known SPAM messages.
D. Spam object checksums
E. Spam grey listing
Answer: E
Q63. - (Topic 1)
If no firewall policy is specified between two FortiGate interfaces and zones are not used, which of the following statements describes the action taken on traffic flowing between these interfaces?
A. The traffic is blocked.
B. The traffic is passed.
C. The traffic is passed and logged.
D. The traffic is blocked and logged.
Answer: A
Q64. - (Topic 2)
Identify the statement which correctly describes the output of the following command: diagnose ips anomaly list
A. Lists the configured DoS policy.
B. List the real-time counters for the configured DoS policy.
C. Lists the errors captured when compiling the DoS policy.
Answer: B
Q65. - (Topic 1)
Which Fortinet products & features could be considered part of a comprehensive solution to monitor and prevent the leakage of senstive data? (Select all that apply.)
A. Archive non-compliant outgoing e-mails using FortiMail.
B. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate.
C. Monitor database activity using FortiAnalyzer.
D. Apply a DLP sensor to a firewall policy.
E. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk.
Answer: A,B,D
Q66. - (Topic 1)
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?
A. Packet encryption
B. MIB-based report uploads
C. SNMP access limits through access lists
D. Running SNMP service on a non-standard port is possible
Answer: A
Q67. - (Topic 3)
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
user1 # get system interface
== [ internal ]
namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forwarD. disable typE. physical mtu-overridE. disable
== [ vlan1 ]
namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S 10.0.0.0/8 [10/0] is a summary, Null
C 10.0.1.0/25 is directly connected, vlan1
C 10.0.1.128/25 is directly connected, internal
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130
:47922->10.0.1.1:443) from internal."
id=20085 trace_id=277 msg="allocate a new session-00000b21"
id=20085 trace_id=277 msg="iprope_in_check() check failed, drop"
Based on the output from these commands, which of the following is a possible cause of the problem?
A. The FortiGate unit has no route back to the PC.
B. The PC has an IP address in the wrong subnet.
C. The PC is using an incorrect default gateway IP address.
D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.
Answer: D
Q68. - (Topic 3)
Which of the following statements is not correct regarding virtual domains (VDOMs)?
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. A backup management VDOM will synchronize the configuration from an active management VDOM.
D. VDOMs share firmware versions, as well as antivirus and IPS databases.
E. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.
Answer: C
Q69. - (Topic 3)
An administrator has formed a High Availability cluster involving two FortiGate 310B units.
[Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ]
The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster.
Which of the following options describes the best step the administrator can take?
The administrator should...
A. set up a full-mesh design which uses redundant interfaces.
B. increase the number of FortiGate units in the cluster and configure HA in Active-Active mode.
C. enable monitoring of all active interfaces.
D. configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.
Answer: A
Q70. - (Topic 2)
Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. The Phase 2 will re-key even if there is no traffic.
B. There will be a DH exchange for each re-key.
C. The sequence number of ESP packets received from the peer will not be checked.
D. Quick mode selectors will default to those used in the firewall policy.
Answer: A,B
