Pass4sure offers free demo for NSE5 exam. "Fortinet Network Security Expert 5 Written Exam (500)", also known as NSE5 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE5 exam, will help you answer those questions. The NSE5 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE5 exams and revised by experts!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Fortinet NSE5 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW NSE5 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/NSE5-exam-dumps.html
Q131. - (Topic 1)
In which order are firewall policies processed on the FortiGate unit?
A. They are processed from the top down according to their sequence number.
B. They are processed based on the policy ID number shown in the left hand column of the policy window.
C. They are processed on best match.
D. They are processed based on a priority value assigned through the priority column in the policy window.
Answer: A
Q132. - (Topic 1)
You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct?
A. 192.168.2.0 / 255.255.255.0
B. 192.168.2.2 / 255.255.255.0
C. 192.168.2.0 / 255.255.255.255
D. 192.168.2.2 / 255.255.255.255
Answer: D
Q133. - (Topic 1)
The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit’s GUI and also using the CLI. The command used in the CLI to perform this function is ______ .
A. set order
B. edit policy
C. reorder
D. move
Answer: D
Q134. - (Topic 1)
A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?
A. SSL
B. IPSec
C. direct serial connection
D. S/MIME
Answer: B
Q135. - (Topic 1)
Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?
A. The FortiGate unit requires only a single IP address for receiving updates and configuring from a management computer.
B. The FortiGate unit must use public IP addresses on both the internal and external networks.
C. The FortiGate unit commonly uses private IP addresses on the internal network but hides them using network address translation.
D. The FortiGate unit uses only DHCP-assigned IP addresses on the internal network.
Answer: C
Q136. - (Topic 3)
When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?
A. Common Name
B. Organization
C. Organizational Unit
D. Serial Number
E. Validity
Answer: A
Q137. - (Topic 2)
Examine the Exhibit shown below; then answer the question following it.
In this scenario, the Fortigate unit in Ottawa has the following routing table:
S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2
C 172.20.167.0/24 is directly connected, port1
C 172.20.170.0/24 is directly connected, port2
Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets?
A. The forward policy check.
B. The reverse path forwarding check.
C. The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit’s routing table.
D. The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.
Answer: B
Q138. - (Topic 2)
Examine the Exhibit shown below; then answer the question following it.
The Vancouver FortiGate unit initially had the following information in its routing table:
S 172.20.0.0/16 [10/0] via 172.21.1.2, port2
C 172.21.0.0/16 is directly connected, port2
C 172.11.11.0/24 is directly connected, port1
Afterwards, the following static route was added:
config router static
edit 6
set dst 172.20.1.0 255.255.255.0
set pririoty 0
set device port1
set gateway 172.11.12.1
next
end
Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?
A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.
B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1.
C. The priority is 0, which means that the route will remain inactive.
D. The static route configuration is missing the distance setting.
Answer: B
Q139. - (Topic 3)
An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?
A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured.
B. Enable Traffic Shaping for the appropriate SIP firewall policy.
C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command.
D. Run the set udp-idle-timer CLI command and set a lower time value.
Answer: A
Q140. - (Topic 1)
Which of the following items does NOT support the.Logging feature?
A. File Filter
B. Application control
C. Session timeouts
D. Administrator activities
E. Web URL filtering
Answer: C
