Act now and download your Fortinet NSE5 test today! Do not waste time for the worthless Fortinet NSE5 tutorials. Download Down to date Fortinet Fortinet Network Security Expert 5 Written Exam (500) exam with real questions and answers and begin to learn Fortinet NSE5 with a classic professional.

2021 Oct NSE5 exam prep

Q101. - (Topic 3) 

In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session? 

A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server 

B. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server 

C. Request: Internal Host -> Slave FG -> Internet -> Web Server 

D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server 

Answer: A 


Q102. - (Topic 3) 

Which of the following items is NOT a packet characteristic matched by a firewall service object? 

A. ICMP type and code 

B. TCP/UDP source and destination ports 

C. IP protocol number 

D. TCP sequence number 

Answer: D 


Q103. - (Topic 2) 

Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.) 

A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units. 

B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates. 

C. VDOMs share firmware versions, as well as antivirus and IPS databases. 

D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes. 

Answer: A,B,C 


Q104. - (Topic 3) 

A static route is configured for a FortiGate unit from the CLI using the following commands: 

config router static 

edit 1 

set device "wan1" 

set distance 20 

set gateway 192.168.100.1 

next 

end 

Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit’s routing table? 

A. The Administrative Status of the wan1 interface is displayed as Up. 

B. The Link Status of the wan1 interface is displayed as Up. 

C. All other default routes should have an equal or higher distance. 

D. You must disable DHCP client on that interface. 

Answer: D 


Q105. - (Topic 3) 

WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel? 

A. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule. 

B. The attempt will be accepted when there is a matching WAN optimization passive rule. 

C. The attempt will be accepted when the request comes from a known peer. 

D. The attempt will be accepted when a user on the remote peer accepts the connection request. 

Answer: A 


Avant-garde NSE5 vce:

Q106. - (Topic 1) 

A client can establish a secure connection to a corporate network using SSL VPN in tunnel mode. 

Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.) 

A. Split tunneling can be enabled when using tunnel mode SSL VPN. 

B. Client software is required to be able to use a tunnel mode SSL VPN. 

C. Users attempting to create a tunnel mode SSL VPN connection must be authenticated by at least one SSL VPN policy. 

D. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit. 

Answer: A,B,C,D 


Q107. - (Topic 3) 

Which of the following statements is correct about configuring web filtering overrides? 

A. The Override option for FortiGuard Web Filtering is available for any user group type. 

B. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor. 

C. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used. 

D. Using Web Filtering Overrides requires the use of Firewall Policy Authentication. 

Answer: C 


Q108. - (Topic 1) 

What are the valid sub-types for a Firewall type policy? (Select all that apply) 

A. Device Identity 

B. Address 

C. User Identity 

D. Schedule 

E. SSL VPN 

Answer: A,B,C 


Q109. - (Topic 1) 

In an IPSec gateway-to-gateway configuration, two FortiGate units create a VPN tunnel between two separate private networks. 

Which of the following configuration steps must be performed on both FortiGate units to support this configuration? (Select all that apply.) 

A. Create firewall policies to control traffic between the IP source and destination address. 

B. Configure the appropriate user groups on the FortiGate units to allow users access to the IPSec VPN connection. 

C. Set the operating mode of the FortiGate unit to IPSec VPN mode. 

D. Define the Phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with the remote peer. 

E. Define the Phase 1 parameters that the FortiGate unit needs to authenticate the remote peers. 

Answer: A,D,E 


Q110. - (Topic 1) 

You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct? 

A. 192.168.2.0 / 255.255.255.0 

B. 192.168.2.2 / 255.255.255.0 

C. 192.168.2.0 / 255.255.255.255 

D. 192.168.2.2 / 255.255.255.255 

Answer: D