Vivid of NSE5 free question materials and keys for Fortinet certification for IT candidates, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Fortinet NSE5 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW NSE5 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/NSE5-exam-dumps.html
Q111. - (Topic 1)
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet Customer Support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a protection profile and the protection profile must be assigned to a firewall policy.
D. Enabling virus scanning in a protection profile enables virus scanning for all traffic flowing through the FortiGate.
Answer: C
Q112. - (Topic 1)
In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic?
A. The traffic is blocked.
B. The traffic is passed.
C. The traffic is passed and logged.
D. The traffic is blocked and logged.
Answer: A
Q113. - (Topic 3)
The following ban list entry is displayed through the CLI.
get user ban list
id cause src-ip-addr dst-ip-addr expires created
531 protect_client 10.177.0.21 207.1.17.1 indefinite Wed Dec 24 :21:33 2008
Based on this command output, which of the following statements is correct?
A. The administrator has specified the Attack and Victim Address method for the quarantine.
B. This diagnostic entry results from the administrator running the diag ips log test command. This command has no effect on traffic.
C. A DLP rule has been matched.
D. An attack has been repeated more than once during the holddown period; the expiry time has been reset to indefinite.
Answer: A
Q114. - (Topic 2)
What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)
A. Enable session pick-up.
B. Only applies to connections handled by a proxy.
C. Only applies to UDP and ICMP connections.
D. Connections must not be handled by a proxy.
Answer: A,D
Q115. - (Topic 1)
Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)
A. Domain Local Security Agent.
B. Collector Agent.
C. Active Directory Agent.
D. User Authentication Agent.
E. Domain Controller Agent.
Answer: B,E
Q116. - (Topic 3)
Which of the following items is NOT a packet characteristic matched by a firewall service object?
A. ICMP type and code
B. TCP/UDP source and destination ports
C. IP protocol number
D. TCP sequence number
Answer: D
Q117. - (Topic 1)
If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range?
A. 172.168.0.1 - 172.168.0.10
B. 210.192.168.3 - 210.192.168.10
C. 210.192.168.1 - 210.192.168.4
D. All of the above.
Answer: B
Q118. - (Topic 1)
Which of the following items is NOT a packet characteristic matched by a firewall service object?
A. ICMP type and code
B. TCP/UDP source and destination ports
C. IP protocol number
D. TCP sequence number
Answer: D
Q119. - (Topic 3)
The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)
A. An FSAE Collector Agent must be installed on every domain controller.
B. An FSAE Domain Controller Agent must be installed on every domain controller.
C. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.
D. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
E. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.
Answer: B,D
Q120. - (Topic 3)
Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.)
A. The web client SSL handshake.
B. The web server SSL handshake.
C. File buffering.
D. Communication with the urlfilter process.
Answer: A,B
