Testking offers free demo for NSE5 exam. "Fortinet Network Security Expert 5 Written Exam (500)", also known as NSE5 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE5 exam, will help you answer those questions. The NSE5 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE5 exams and revised by experts!
Q136. - (Topic 3)
When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit.
Which of the following statements is correct regarding this entry?
A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.
B. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature.
This client is banned from receiving or sending any traffic through the FortiGate.
C. The entry displays a quarantine, which could have been added by either IPS or DLP.
D. This entry displays a ban entry that was added manually by the administrator on June11th.
Answer: A
Q137. - (Topic 1)
Which of the following pieces of information can be included in the Destination Address field of a firewall policy?
A. An IP address pool, a virtual IP address, an actual IP address, and an IP address group.
B. A virtual IP address, an actual IP address, and an IP address group.
C. An actual IP address and an IP address group.
D. Only an actual IP address.
Answer: B
Q138. - (Topic 3)
Which of the following items are considered to be advantages of using the application control features on the FortiGate unit?
Application control allows an administor to:
A. set a unique session-ttl for select applications.
B. customize application types in a similar way to adding custom IPS signatures.
C. check which applications are installed on workstations attempting to access the network.
D. enable AV scanning per application rather than per policy.
Answer: A
Q139. - (Topic 2)
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.
Answer: A,B,C
Q140. - (Topic 1)
A FortiGate 60 unit is configured for your small office. The DMZ interface is connected to a network containing a web server and email server. The Internal interface is connected to a network containing 10 user workstations and the WAN1 interface is connected to your ISP.
You want to configure firewall policies so that your users can send and receive email messages to the email server on the DMZ network. You also want the email server to be able to retrieve email messages from an email server hosted by your ISP using the POP3 protocol.
Which policies must be created for this communication? (Select all that apply.)
A. Internal > DMZ
B. DMZ > Internal
C. Internal > WAN1
D. WAN1 > Internal
E. DMZ > WAN1
F. WAN1 > DMZ
Answer: A,E
Q141. - (Topic 1)
Which of the following antivirus and attack definition update features are supported by FortiGate units? (Select all that apply.)
A. Manual, user-initiated updates from the FortiGuard Distribution Network.
B. Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FortiGuard Distribution Network.
C. Push updates from the FortiGuard Distribution Network.
D. Update status including version numbers, expiry dates, and most recent update dates and times.
Answer: A,B,C,D
Q142. - (Topic 1)
Which of the following statements are correct regarding logging to memory on a FortiGate unit? (Select all that apply.)
A. When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory.
B. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages.
C. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost.
D. None of the above.
Answer: B,C
Q143. - (Topic 1)
Examine the firewall configuration shown below; then answer the question following it.
Which of the following statements are correct based on the firewall configuration illustrated in the exhibit? (Select all that apply.)
A. A user can access the Internet using only the protocols that are supported by user authentication.
B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access.
C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.
D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication.
Answer: A,D