[Abreast of the times] mb2-700 exam answers

Download of NSE5 testing engine materials and questions pool for Fortinet certification for examinee, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!

2016 Apr NSE5 Study Guide Questions:

Q16. - (Topic 3) 

An administrator has formed a High Availability cluster involving two FortiGate 310B units. 

[Multiple upstream Layer 2 switches] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] 

The administrator wishes to ensure that a single link failure will have minimal impact upon the overall throughput of traffic through this cluster. 

Which of the following options describes the best step the administrator can take? 

The administrator should... 

A. set up a full-mesh design which uses redundant interfaces. 

B. increase the number of FortiGate units in the cluster and configure HA in Active-Active mode. 

C. enable monitoring of all active interfaces. 

D. configure the HA ping server feature to allow for HA failover in the event that a path is disrupted. 

Answer: A 

Q17. - (Topic 3) 

The Host Check feature can be enabled on the FortiGate unit for SSL VPN connections. 

When this feature is enabled, the FortiGate unit probes the remote host computer to verify that it is "safe" before access is granted. 

Which of the following items is NOT an option as part of the Host Check feature? 

A. FortiClient Antivirus software 

B. Microsoft Windows Firewall software 

C. FortiClient Firewall software 

D. Third-party Antivirus software 

Answer: B 

Q18. - (Topic 3) 

The diag sys session list command is executed in the CLI. The output of this command is shown in the exhibit. 

Based on the output from this command, which of the following statements is correct? 

A. This is a UDP session. 

B. Traffic shaping is being applied to this session. 

C. This is an ICMP session. 

D. This traffic has been authenticated. 

E. This session matches a firewall policy with ID 5. 

Answer: B 

Q19. - (Topic 1) 

Users may require access to a web site that is blocked by a policy. Administrators can give 

users the ability to override the block. Which of the following statements regarding overrides is NOT correct? 

A. A web filter profile may only have one user group defined as an override group. 

B. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering. 

C. When requesting an override, the matched user must belong to a user group for which the override capabilty has been enabled. 

D. Overrides can be allowed by the administrator for a specific period of time. 

Answer: A 

Q20. - (Topic 1) 

An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the “Connect” button. The administrator has enabled split tunneling. 

Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client’s routing table. 

A. A route to destination matching the ‘WIN2K3’ address object. 

B. A route to the destination matching the ‘all’ address object. 

C. A default route. 

D. No route is added. 

Answer: A 

NSE5 exam question

Replace mb2-700 answers:

Q21. - (Topic 1) 

Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.) 

A. Firewall 

B. Directory Service 

C. Local 



Answer: A,B 

Q22. - (Topic 1) 

What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds? 

A. Sessions can be idle for no more than 1800 seconds. 

B. The maximum length of time a session can be open is 1800 seconds. 

C. After 1800 seconds, the end user must reauthenticate. 

D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server. 

Answer: A 

Q23. - (Topic 1) 

Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. How are UTM features applied to traffic? 

A. One or more UTM features are enabled in a firewall policy. 

B. In the system configuration for that UTM feature, you can identify the policies to which the feature is to be applied. 

C. Enable the appropriate UTM objects and identify one of them as the default. 

D. For each UTM object, identify which policy will use it. 

Answer: A 

Q24. - (Topic 1) 

Which of the following components are contained in all FortiGate units from the FG50 models and up? (Select all that apply.) 

A. FortiASIC content processor. 

B. Hard Drive. 

C. Gigabit network interfaces. 

D. Serial console port. 

Answer: A,D 

Q25. - (Topic 1) 

Which of the following is true regarding Switch Port Mode? 

A. Allows all internal ports to share the same subnet. 

B. Provides separate routable interfaces for each internal port. 

C. An administrator can select ports to be used as a switch. 

D. Configures ports to be part of the same broadcast domain. 

Answer: A 

NSE5 training

Approved mb2-700 certification:

Q26. - (Topic 1) 

Which one of the following statements is correct about raw log messages? 

A. Logs have a header and a body section. The header will have the same layout for every log message. The body section will change layout from one type of log message to another. 

B. Logs have a header and a body section. The header and body will change layout from one type of log message to another. 

C. Logs have a header and a body section. The header and body will have the same layout for every log message. 

Answer: A 

Q27. - (Topic 1) 

Encrypted backup files provide which of the following benefits? (Select all that apply.) 

A. Integrity of the backup file is protected since it cannot be easily modified when encrypted. 

B. Prevents the backup file from becoming corrupted. 

C. Protects details of the device's configuration settings from being discovered while the backup file is in transit. For example, transferred to a data centers for system recovery. 

D. A copy of the encrypted backup file is automatically pushed to the FortiGuard Distribution Service (FDS) for disaster recovery purposes. If the backup file becomes corrupt it can be retrieved through FDS. 

E. Fortinet Technical Support can recover forgotten passwords with a backdoor passphrase. 

Answer: A,C 

Q28. - (Topic 1) 

What are the valid sub-types for a Firewall type policy? (Select all that apply) 

A. Device Identity 

B. Address 

C. User Identity 

D. Schedule 


Answer: A,B,C 

Q29. - (Topic 3) 

An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121. 

Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message. 

Which of the following statements represents the best solution to this problem? 

A. Create a new session helper for the FTP service monitoring port 2121. 

B. Enable the ANY service in the firewall policies for both incoming and outgoing traffic. 

C. Place the client and server interface in the same zone and enable intra-zone traffic. 

D. Disable any protection profiles being applied to FTP traffic. 

Answer: A 

Q30. - (Topic 1) 

Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode? 

A. The FortiGate unit requires only a single IP address for receiving updates and configuring from a management computer. 

B. The FortiGate unit must use public IP addresses on both the internal and external networks. 

C. The FortiGate unit commonly uses private IP addresses on the internal network but hides them using network address translation. 

D. The FortiGate unit uses only DHCP-assigned IP addresses on the internal network. 

Answer: C 

see more http://www.certshared.com/exam/NSE5/

Fortinet NSE5 Certification Sample Questions and Answers: http://www.braindumpsall.net/NSE5-dumps/

P.S. New NSE5 dumps PDF: http://www.4easydumps.com/NSE5-dumps-download.html