Pass4Sure Fortinet NSE5 Practice Test

Fortinet

Exam NSE5

Fortinet Network Security Expert 5 Written Exam (500)

Version: Demo

[ Total Questions: 10 ]

Topic Break Down

Topic 1, Volume A

Question No : 1 - (Topic 1)

Which of the following items does NOT support the Logging feature?

A. File Filter

B. Application control

C. Session timeouts

D. Administrator activities

E. Web URL filtering

Answer: C

Question No : 2 - (Topic 1)

Which of the following statements correctly describes how a push update from the FortiGuard Distribution Network (FDN) works?

A. The FDN sends push updates only once.

B. The FDN sends package updates automatically to the FortiGate unit without requiring an update request.

C. The FDN continues to send push updates until the FortiGate unit sends an acknowledgement.

D. The FDN sends a message to the FortiGate unit that there is an update available and that the FortiGate unit should download the update.

Answer: D

Question No : 3 - (Topic 1)

A FortiGate AntiVirus profile can be configured to scan for viruses on SMTP, FTP, POP3, and SMB protocols using which inspection mode?

A. Proxy

B. DNS

C. Flow-based

D. Man-in-the-middle

Answer: C

Question No : 4 - (Topic 1)

Which of the following are valid authentication user group types on a FortiGate unit?

(Select all that apply.)

A. Firewall

B. Directory Service

C. Local

D. LDAP

E. PKI

Answer: A,B

Question No : 5 - (Topic 1)

The Idle Timeout setting on a FortiGate unit applies to which of the following?

A. Web browsing

B. FTP connections

C. User authentication

D. Administrator access

E. Web filtering overrides.

Answer: D

Question No : 6 - (Topic 1)

When creating administrative users which of the following configuration objects determines access rights on the FortiGate unit.

A. profile

B. allowaccess interface settings

C. operation mode

D. local-in policy

Answer: A

Question No : 7 - (Topic 1)

You wish to create a firewall policy that applies only to traffic intended for your web server. The server has an IP address of 192.168.2.2 and belongs to a class C subnet. When

defining the firewall address for use in this policy, which one of the following addressing formats is correct?

A. 192.168.2.0 / 255.255.255.0

B. 192.168.2.2 / 255.255.255.0

C. 192.168.2.0 / 255.255.255.255

D. 192.168.2.2 / 255.255.255.255

Answer: D

Topic 2, Volume B

Question No : 8 - (Topic 2)

Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.

Which one of the following statements is correct regarding this output?

A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2.

B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.

C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.

D. OSPF Hello packets are not sent on point-to-point networks.

Answer: C

Topic 3, Volume C

Question No : 9 - (Topic 3)

The Host Check feature can be enabled on the FortiGate unit for SSL VPN connections. When this feature is enabled, the FortiGate unit probes the remote host computer to verify that it is "safe" before access is granted. Which of the following items is NOT an option as part of the Host Check feature?

A. FortiClient Antivirus software

B. Microsoft Windows Firewall software

C. FortiClient Firewall software

D. Third-party Antivirus software

Answer: B

Question No : 10 - (Topic 3)

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. The following troubleshooting commands are executed from the CLI:

user1 # get system interface

== [ internal ]

namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up

netbios-forwarD. disable typE. physical mtu-overridE. disable

== [ vlan1 ]

namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb

ios-forwarD. disable typE. vlan mtu-overridE. disable

user1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default

S 10.0.0.0/8 [10/0] is a summary, Null

C 10.0.1.0/25 is directly connected, vlan1

C 10.0.1.128/25 is directly connected, internal

user1 # diagnose debug flow trace start 100

user1 # diagnose debug ena

user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1

id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130

:47922->10.0.1.1:443) from internal."

id=20085 trace_id=277 msg="allocate a new session-00000b21"

id=20085 trace_id=277 msg="iprope_in_check() check failed, drop"

Based on the output from these commands, which of the following is a possible cause of the problem?

A. The FortiGate unit has no route back to the PC.

B. The PC has an IP address in the wrong subnet.

C. The PC is using an incorrect default gateway IP address.

D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.

Answer: D