Regenerate NSE5 Exam Study Guides With New Update Exam Questions

100% Correct of NSE5 free exam questions materials and preparation exams for Fortinet certification for IT engineers, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!

Q46. - (Topic 1) 

An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down. 

Which of the following statements best describes how to resolve this issue? 

A. This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user's web portal. 

B. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface. 

C. Check the SSL adaptor on the host machine. If necessary, uninstall and reinstall the adaptor from the tunnel mode portal. 

D. Make sure that only Internet Explorer is used. All other browsers are unsupported. 

Answer: B 

Q47. - (Topic 1) 

Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit? 

A. Packet encryption 

B. MIB-based report uploads 

C. SNMP access limits through access lists 

D. Running SNMP service on a non-standard port is possible 

Answer: A 

Q48. - (Topic 2) 

What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.) 

A. Enable session pick-up. 

B. Only applies to connections handled by a proxy. 

C. Only applies to UDP and ICMP connections. 

D. Connections must not be handled by a proxy. 

Answer: A,D 

Q49. - (Topic 1) 

A FortiGate unit can act as which of the following? (Select all that apply.) 

A. Antispam filter 

B. Firewall 

C. VPN gateway 

D. Mail relay 

E. Mail server 

Answer: A,B,C 

Q50. - (Topic 1) 

FortiGate units are preconfigured with four default protection profiles. These protection profiles are used to control the type of content inspection to be performed. 

What action must be taken for one of these profiles to become active? 

A. The protection profile must be assigned to a firewall policy. 

B. The "Use Protection Profile" option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam. 

C. The protection profile must be set as the Active Protection Profile. 

D. All of the above. 

Answer: A 

Q51. - (Topic 1) 

Which of the following products is designed to manage multiple FortiGate devices? 

A. FortiGate device 

B. FortiAnalyzer device 

C. FortiClient device 

D. FortiManager device 

E. FortiMail device 

F. FortiBridge device 

Answer: D 

Q52. - (Topic 1) 

Which of the following statements describes the method of creating a policy to block access to an FTP site? 

A. Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list. 

B. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny. 

C. Create a firewall policy with a protection profile containing the Block FTP option enabled. 

D. None of the above. 

Answer: B 

Q53. - (Topic 1) 

Two-factor authentication is supported using the following methods? (Select all that apply.) 

A. FortiToken 

B. Email 

C. SMS phone message 

D. Code books 

Answer: A,B,C 

Q54. - (Topic 2) 

Examine the Exhibit shown below; then answer the question following it. 

The Vancouver FortiGate unit initially had the following information in its routing table: 

S 172.20.0.0/16 [10/0] via 172.21.1.2, port2 

C 172.21.0.0/16 is directly connected, port2 

C 172.11.11.0/24 is directly connected, port1 

Afterwards, the following static route was added: 

config router static 

edit 6 

set dst 172.20.1.0 255.255.255.0 

set pririoty 0 

set device port1 

set gateway 172.11.12.1 

next 

end 

Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem? 

A. The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first. 

B. The 'gateway' IP address is NOT in the same subnet as the IP address of port1. 

C. The priority is 0, which means that the route will remain inactive. 

D. The static route configuration is missing the distance setting. 

Answer: B 

Q55. - (Topic 1) 

Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.) 

A. An IP address pool. 

B. A virtual IP address. 

C. An actual IP address or an IP address group. 

D. An FQDN or Geographic value(s). 

Answer: B,C,D 

Q56. - (Topic 1) 

How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side? 

A. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface. 

B. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit’s kernel routing table. 

C. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit. 

D. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy. 

Answer: B 

Q57. - (Topic 1) 

The Idle Timeout setting on a FortiGate unit applies to which of the following? 

A. Web browsing 

B. FTP connections 

C. User authentication 

D. Administrator access 

E. Web filtering overrides. 

Answer: D 

Q58. - (Topic 3) 

A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit? 

A. Any other matched DLP rules will be ignored with the exception of Archiving. 

B. Future files whose characteristics match this file will bypass DLP scanning. 

C. The traffic matching the DLP rule will bypass antivirus scanning. 

D. The client IP address will be added to a white list. 

Answer: A 

Q59. - (Topic 2) 

For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions? 

A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol. 

B. A block action prevents the transaction. A quarantine action archives the data. 

C. A block action has a finite duration. A quarantine action must be removed by an administrator. 

D. A block action is used for known users. A quarantine action is used for unknown users. 

Answer: A 

Q60. - (Topic 1) 

Which of the following spam filtering methods are supported on the FortiGate unit? (Select all that apply.) 

A. IP Address Check 

B. Open Relay Database List (ORDBL) 

C. Black/White List 

D. Return Email DNS Check 

E. Email Checksum Check 

Answer: A,B,C,D,E