getcertified4sure.com

NSE5 Exam

Regenerate Fortinet NSE5 - An Overview 21 to 30



Want to know Pass4sure NSE5 Exam practice test features? Want to lear more about Fortinet Fortinet Network Security Expert 5 Written Exam (500) certification experience? Study Simulation Fortinet NSE5 answers to Update NSE5 questions at Pass4sure. Gat a success with an absolute guarantee to pass Fortinet NSE5 (Fortinet Network Security Expert 5 Written Exam (500)) test on your first attempt.

Q21. - (Topic 3) 

A FortiGate unit is operating in NAT/Route mode and is configured with two Virtual LAN (VLAN) sub-interfaces added to the same physical interface. 

Which of the following statements is correct regarding the VLAN IDs in this scenario? 

A. The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets. 

B. The two VLAN sub-interfaces must have different VLAN IDs. 

C. The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs. 

D. The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches. 

Answer:


Q22. - (Topic 1) 

In which order are firewall policies processed on the FortiGate unit? 

A. They are processed from the top down according to their sequence number. 

B. They are processed based on the policy ID number shown in the left hand column of the policy window. 

C. They are processed on best match. 

D. They are processed based on a priority value assigned through the priority column in the policy window. 

Answer:


Q23. - (Topic 1) 

A client can establish a secure connection to a corporate network using SSL VPN in tunnel mode. 

Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.) 

A. Split tunneling can be enabled when using tunnel mode SSL VPN. 

B. Client software is required to be able to use a tunnel mode SSL VPN. 

C. Users attempting to create a tunnel mode SSL VPN connection must be authenticated by at least one SSL VPN policy. 

D. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit. 

Answer: A,B,C,D 


Q24. - (Topic 3) 

Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies? 

A. TCP connection 

B. File attachments 

C. Message headers 

D. Message body 

Answer:


Q25. - (Topic 3) 

Which of the following statements is correct regarding the FortiGuard Services Web Filtering Override configuration as illustrated in the exhibit? 

A. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/. 

B. A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site. 

C. A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs. 

D. A client with an IP address of 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009. 

E. Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ until August 7, 2009. 

Answer:


Q26. - (Topic 2) 

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway? 

A. A look-up is done only when the first packet coming from the client (SYN) arrives. 

B. A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives. 

C. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK). 

D. A look-up is always done each time a packet arrives, from either the server or the client side. 

Answer:


Q27. - (Topic 2) 

Review the IKE debug output for IPsec shown in the Exhibit below. 

Which one of the following statements is correct regarding this output? 

A. The output is a Phase 1 negotiation. 

B. The output is a Phase 2 negotiation. 

C. The output captures the Dead Peer Detection messages. 

D. The output captures the Dead Gateway Detection packets. 

Answer:


Q28. - (Topic 2) 

Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domains only apply to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

E. They are only available in high-end models. 

Answer: A,D 


Q29. - (Topic 1) 

If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range? 

A. 172.168.0.1 - 172.168.0.10 

B. 210.192.168.3 - 210.192.168.10 

C. 210.192.168.1 - 210.192.168.4 

D. All of the above. 

Answer:


Q30. - (Topic 1) 

What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds? 

A. Sessions can be idle for no more than 1800 seconds. 

B. The maximum length of time a session can be open is 1800 seconds. 

C. After 1800 seconds, the end user must reauthenticate. 

D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server. 

Answer:


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.