15 tips on How to NSE5 Test Like a Badass [91 to 105]

Downloadable of NSE5 test engine materials and preparation labs for Fortinet certification for IT engineers, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Today!

2016 Mar NSE5 Study Guide Questions:

Q91. - (Topic 2) 

In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below. 

Which of the following statements are correct regarding this setting? (Select all that apply.) 

A. Interface settings on port7 will not be synchronized with other cluster members. 

B. The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface. 

C. Port7 appears in the routing table. 

D. A gateway address may be configured for port7. 

E. When connecting to port7 you always connect to the master device. 

Answer: A,D 

Q92. - (Topic 3) 

When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating? 

A. Common Name 

B. Organization 

C. Organizational Unit 

D. Serial Number 

E. Validity 

Answer: A 

Q93. - (Topic 2) 

The eicar test virus is put into a zip archive, which is given the password of “Fortinet” in order to open the archive. Review the configuration in the exhibits shown below; then answer the question that follows. 

Exhibit A – Antivirus Profile: 

Exhibit B – Non-default UTM Proxy Options Profile: 

Exhibit C – DLP Profile: 

Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol? 

A. Only Exhibit A 

B. Only Exhibit B 

C. Only Exhibit C with default UTM Proxy settings. 

D. All of the Exhibits (A, B and C) 

E. Only Exhibit C with non-default UTM Proxy settings (Exhibit B). 

Answer: C 

Q94. - (Topic 2) 

In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit? 

A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server 

B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server 

C. Request: Internal Host; Slave FortiGate; Internet; Web Server 

D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server 

Answer: A 

Q95. - (Topic 1) 

How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side? 

A. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface. 

B. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit’s kernel routing table. 

C. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit. 

D. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy. 

Answer: B 

NSE5 vce

Renew NSE5 exam question:

Q96. - (Topic 3) 

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of, but gets no connectivity. 

The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI. 


Pinging with 32 bytes of data: 

Reply from bytes=32 time=1ms TTL=255 

Reply from bytes=32 time<1ms TTL=255 

Reply from bytes=32 time<1ms TTL=255 

Reply from bytes=32 time<1ms TTL=255 

user1 # get system interface 

== [ internal ] 

namE. internal modE. static ip: status: up 

netbios-forwarD. disable typE. physical mtu-overridE. disable 

== [ vlan1 ] 

namE. vlan1 modE. static ip: status: up netb 

ios-forwarD. disable typE. vlan mtu-overridE. disable 

user1 # diagnose debug flow trace start 100 

user1 # diagnose debug ena 

user1 # diagnose debug flow filter daddr 

id=20085 trace_id=274 msg="vd-root received a packet(proto=6,> from internal." 

id=20085 trace_id=274 msg="allocate a new session-00000b1b" 

id=20085 trace_id=274 msg="find SNAT: IP-, port-43798" 

id=20085 trace_id=274 msg="iprope_in_check() check failed, drop" 

Based on the output from these commands, which of the following explanations is a possible cause of the problem? 

A. The Fortigate unit has no route back to the PC. 

B. The PC has an IP address in the wrong subnet. 

C. The PC is using an incorrect default gateway IP address. 

D. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface. 

E. There is no firewall policy allowing traffic from INTERNAL-> VLAN1. 

Answer: D 

Q97. - (Topic 3) 

What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.) 

A. Using a hub and spoke topology is required to achieve full redundancy. 

B. Using a hub and spoke topology simplifies configuration. 

C. Using a hub and spoke topology provides stronger encryption. 

D. Using a hub and spoke topology reduces the number of tunnels. 

Answer: B,D 

Q98. - (Topic 1) 

The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate Web Config and also using the CLI. The command used in the CLI to perform this function is __________. 

A. set order 

B. edit policy 

C. reorder 

D. move 

Answer: D 

Q99. - (Topic 1) 

When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge. 

Select all supported protocols from the following: 






Answer: C,D 

Q100. - (Topic 2) 

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. 

Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.) 

A. An FSSO Collector Agent must be installed on every domain controller. 

B. An FSSO Domain Controller Agent must be installed on every domain controller. 

C. The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit. 

D. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit. 

E. For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client. 

Answer: B,D 

NSE5 free practice exam

Accurate NSE5 exam question:

Q101. - (Topic 3) 

Which of the following statements is correct regarding the NAC Quarantine feature? 

A. With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP. 

B. NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate. 

C. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk. 

D. If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine. 

Answer: C 

Q102. - (Topic 3) 

Which of the following DLP actions will override any other action? 

A. Exempt 

B. Quarantine Interface 

C. Block 

D. None 

Answer: A 

Q103. - (Topic 1) 

Which of the following statements is correct regarding URL Filtering on the FortiGate unit? 

A. The available actions for URL Filtering are Allow and Block. 

B. Multiple URL Filter lists can be added to a single Web filter profile. 

C. A FortiGuard Web Filtering Override match will override a block action in the URL filter list. 

D. The available actions for URL Filtering are Allow, Block and Exempt. 

Answer: D 

Q104. - (Topic 1) 

The command structure of the FortiGate CLI consists of commands, objects, branches, tables, and parameters. Which of the following items describes user? 

A. A command. 

B. An object. 

C. A table. 

D. A parameter. 

Answer: B 

Q105. - (Topic 3) 

SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection? 

A. The file is buffered by the application proxy. 

B. The file is buffered by the SSL proxy. 

C. In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy. 

D. No file buffering is needed since a stream-based scanning approach is used for SSL content inspection. 

Answer: A 

Fortinet NSE5 Certification Sample Questions and Answers: http://www.braindumpsall.net/NSE5-dumps/

P.S. New NSE5 dumps PDF: http://www.4easydumps.com/NSE5-dumps-download.html