NSE5 Exam
Dec 2021 updated: Examcollection Fortinet NSE5 exam guide 71-80
Our pass rate is high to 98.9% and the similarity percentage between our NSE5 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE5 exam in just one try? I am currently studying for the Fortinet NSE5 exam. Latest Fortinet NSE5 Test exam practice questions and answers, Try Fortinet NSE5 Brain Dumps First.
Q71. - (Topic 2)
How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)
A. File TypE. Microsoft Office(msoffice)
B. File TypE. Archive(zip)
C. File TypE. Unknown Filetype(unknown)
D. File NamE. "*.ppt", "*.doc", "*.xls"
E. File NamE. "*.pptx", "*.docx", "*.xlsx"
Answer: B,E
Q72. - (Topic 2)
Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.)
config ips sensor
edit "LINUX_SERVER"
set comment ''
set replacemsg-group ''
set log enable
config entries
edit 1
set action default
set application all
set location server
set log enable
set log-packet enable
set os Linux set protocol all
set quarantine none
set severity all
set status default
next
end
next
end
A. The sensor will log all server attacks for all operating systems.
B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature.
C. The sensor will match all traffic from the address object ‘LINUX_SERVER’.
D. The sensor will reset all connections that match these signatures.
E. The sensor only filters which IPS signatures to apply to the selected firewall policy.
Answer: B,E
Q73. - (Topic 1)
Which of the following statements regarding the firewall policy authentication timeout is true?
A. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source IP.
B. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source IP after this timer has expired.
C. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source MAC.
D. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source MAC after this timer has expired.
Answer: A
Q74. - (Topic 2)
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below.
Which of the following statements are correct regarding this output? (Select all that apply.)
A. The connecting client has been allocated address 172.20.1.1.
B. In the Phase 1 settings, dead peer detection is enabled.
C. The tunnel is idle.
D. The connecting client has been allocated address 10.200.3.1.
Answer: A,B
Q75. - (Topic 3)
If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?
A. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR).
B. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR).
C. At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.
D. The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP.
E. By design, BGP cannot redistribute routes learned through OSPF.
Answer: C
Q76. - (Topic 3)
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration.
C. Using a hub and spoke topology provides stronger encryption.
D. Using a hub and spoke topology reduces the number of tunnels.
Answer: B,D
Q77. - (Topic 2)
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)
A. They both create separate broadcast domains.
B. Port Pairing works only for physical interfaces.
C. Forwarding Domains only apply to virtual interfaces.
D. They may contain physical and/or virtual interfaces.
E. They are only available in high-end models.
Answer: A,D
Q78. - (Topic 1)
Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)
A. Domain Local Security Agent.
B. Collector Agent.
C. Active Directory Agent.
D. User Authentication Agent.
E. Domain Controller Agent.
Answer: B,E
Q79. - (Topic 3)
Which of the following statements is not correct regarding virtual domains (VDOMs)?
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. A backup management VDOM will synchronize the configuration from an active management VDOM.
D. VDOMs share firmware versions, as well as antivirus and IPS databases.
E. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.
Answer: C
Q80. - (Topic 2)
Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device.
Exhibit A:
Exhibit B
Which one of the following is the most likely reason that the cluster fails to form?
A. Password
B. HA mode
C. Hearbeat
D. Override
Answer: B