NSE5 Exam
Far out Fortinet NSE5 - An Overview 21 to 30
Cause all that matters here is passing the Fortinet NSE5 exam. Cause all that you need is a high score of NSE5 Fortinet Network Security Expert 5 Written Exam (500) exam. The only one thing you need to do is downloading Testking NSE5 exam study guides now. We will not let you down with our money-back guarantee.
Q21. - (Topic 1)
Which one of the following statements is correct about raw log messages?
A. Logs have a header and a body section. The header will have the same layout for every log message. The body section will change layout from one type of log message to another.
B. Logs have a header and a body section. The header and body will change layout from one type of log message to another.
C. Logs have a header and a body section. The header and body will have the same layout for every log message.
Answer: A
Q22. - (Topic 3)
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?
A. Packet encryption
B. MIB-based report uploads
C. SNMP access limits through access lists
D. Running SNMP service on a non-standard port is possible
Answer: A
Q23. - (Topic 1)
A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode.
Which one of the following statements is correct regarding the use of web-only mode SSL VPN?
A. Web-only mode supports SSL version 3 only.
B. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN.
C. Web-only mode requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client to be able to connect to a web-only mode SSL VPN.
Answer: C
Q24. - (Topic 3)
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI.
C:\>ping 10.0.1.1
Pinging 10.0.1.1 with 32 bytes of data:
Reply from 10.0.1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
user1 # get system interface
== [ internal ]
namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forwarD. disable typE. physical mtu-overridE. disable
== [ vlan1 ]
namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forwarD. disable typE. vlan mtu-overridE. disable
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=274 msg="vd-root received a packet(proto=6, 10.0.1.130:47927->10.0.1.1:443) from internal."
id=20085 trace_id=274 msg="allocate a new session-00000b1b"
id=20085 trace_id=274 msg="find SNAT: IP-10.0.1.1, port-43798"
id=20085 trace_id=274 msg="iprope_in_check() check failed, drop"
Based on the output from these commands, which of the following explanations is a possible cause of the problem?
A. The Fortigate unit has no route back to the PC.
B. The PC has an IP address in the wrong subnet.
C. The PC is using an incorrect default gateway IP address.
D. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface.
E. There is no firewall policy allowing traffic from INTERNAL-> VLAN1.
Answer: D
Q25. - (Topic 1)
A FortiGate 100 unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which of the following statements are possible reasons for this? (Select all that apply.)
A. The external facing interface of the FortiGate unit is configured to use DHCP.
B. The FortiGate unit has not been registered.
C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network.
D. The FortiGate unit is in Transparent mode.
Answer: A,B,C
Q26. - (Topic 3)
Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.)
A. The web client SSL handshake.
B. The web server SSL handshake.
C. File buffering.
D. Communication with the urlfilter process.
Answer: A,B
Q27. - (Topic 2)
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.
Answer: A,B,C
Q28. - (Topic 3)
Which of the following cannot be used in conjunction with the endpoint compliance check?
A. HTTP Challenge Redirect to a Secure Channel (HTTPS) in the Authentication Settings.
B. Any form of firewall policy authentication.
C. WAN optimization.
D. Traffic shaping.
Answer: A
Q29. - (Topic 1)
By default the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action?
A. Block all network attacks.
B. Block the most common network attacks.
C. Allow all traffic.
D. Allow and log all traffic.
Answer: C
Q30. - (Topic 3)
An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor,
the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit.
Which of the following is the best explanation for the Ban Sender action NOT being available?
A. The Ban Sender action is never available for FTP traffic.
B. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.
C. Firewall policy authentication is required before the Ban Sender action becomes available.
D. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.
Answer: A