[Up to the immediate present] mb6-700 dumps

Virtual of NSE5 download materials and testing material for Fortinet certification for IT examinee, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!

2016 Apr NSE5 Study Guide Questions:

Q61. - (Topic 1) 

FortiGate units are preconfigured with four default protection profiles. These protection profiles are used to control the type of content inspection to be performed. 

What action must be taken for one of these profiles to become active? 

A. The protection profile must be assigned to a firewall policy. 

B. The "Use Protection Profile" option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam. 

C. The protection profile must be set as the Active Protection Profile. 

D. All of the above. 

Answer: A 

Q62. - (Topic 1) 

Which of the following statements correctly describes how a push update from the FortiGuard Distribution Network (FDN) works? 

A. The FDN sends push updates only once. 

B. The FDN sends package updates automatically to the FortiGate unit without requiring an update request. 

C. The FDN continues to send push updates until the FortiGate unit sends an acknowledgement. 

D. The FDN sends a message to the FortiGate unit that there is an update available and that the FortiGate unit should download the update. 

Answer: D 

Q63. - (Topic 1) 

The FortiGate unit can be configured to allow authentication to a RADIUS server. The RADIUS server can use several different authentication protocols during the authentication process. 

Which of the following are valid authentication protocols that can be used when a user authenticates to the RADIUS server? (Select all that apply.) 

A. MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication Protocol v2) 

B. PAP (Password Authentication Protocol) 

C. CHAP (Challenge-Handshake Authentication Protocol) 

D. MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol v1) 

E. FAP (FortiGate Authentication Protocol) 

Answer: A,B,C,D 

Q64. - (Topic 3) 

A static route is configured for a FortiGate unit from the CLI using the following commands: 

config router static 

edit 1 

set device "wan1" 

set distance 20 

set gateway 



Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit’s routing table? 

A. The Administrative Status of the wan1 interface is displayed as Up. 

B. The Link Status of the wan1 interface is displayed as Up. 

C. All other default routes should have an equal or higher distance. 

D. You must disable DHCP client on that interface. 

Answer: D 

Q65. - (Topic 3) 

Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies? 

A. TCP connection 

B. File attachments 

C. Message headers 

D. Message body 

Answer: A 

NSE5 free practice test

Leading mb6-700 exam:

Q66. - (Topic 2) 

In Transparent Mode, forward-domain is an attribute of ______________. 

A. an interface 

B. a firewall policy 

C. a static route 

D. a virtual domain 

Answer: A 

Q67. - (Topic 1) 

You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct? 

A. / 

B. / 

C. / 

D. / 

Answer: D 

Q68. - (Topic 1) 

Which of the following statements is correct regarding URL Filtering on the FortiGate unit? 

A. The FortiGate unit can filter URLs based on patterns using text and regular expressions. 

B. The available actions for URL Filtering are Allow and Block. 

C. Multiple URL Filter lists can be added to a single Web filter profile. 

D. A FortiGuard Web Filtering Override match will override a block action in the URL filter list. 

Answer: A 

Q69. - (Topic 2) 

Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) 

config ips sensor 


set comment '' 

set replacemsg-group '' 

set log enable 

config entries 

edit 1 

set action default 

set application all 

set location server 

set log enable 

set log-packet enable 

set os Linux set protocol all 

set quarantine none 

set severity all 

set status default 





A. The sensor will log all server attacks for all operating systems. 

B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature. 

C. The sensor will match all traffic from the address object ‘LINUX_SERVER’. 

D. The sensor will reset all connections that match these signatures. 

E. The sensor only filters which IPS signatures to apply to the selected firewall policy. 

Answer: B,E 

Q70. - (Topic 1) 

Two-factor authentication is supported using the following methods? (Select all that apply.) 

A. FortiToken 

B. Email 

C. SMS phone message 

D. Code books 

Answer: A,B,C 

NSE5 download

Certified mb6-700 exam questions:

Q71. - (Topic 2) 

Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it. 

Which one of the following statements is correct regarding this output? 

A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses and 

B. OSPF Hello packets will be sent on all interfaces of the FortiGate device. 

C. OSPF Hello packets will be sent on all interfaces configured with an address matching the and networks. 

D. OSPF Hello packets are not sent on point-to-point networks. 

Answer: C 

Q72. - (Topic 1) 

An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel. 

Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet? 





A. Exhibit A 

B. Exhibit B 

C. Exhibit C 

D. Exhibit D 

Answer: A 

Q73. - (Topic 1) 

Which of the following statements are correct regarding logging to memory on a FortiGate unit? (Select all that apply.) 

A. When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory. 

B. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages. 

C. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost. 

D. None of the above. 

Answer: B,C 

Q74. - (Topic 2) 

Shown below is a section of output from the debug command diag ip arp list. 

index=2 ifname=port1 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1 

In the output provided, which of the following best describes the IP address 

A. It is the primary IP address of the port1 interface. 

B. It is one of the secondary IP addresses of the port1 interface. 

C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface. 

Answer: C 

Q75. - (Topic 1) 

Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode? 

A. The FortiGate unit applies NAT to all traffic. 

B. The FortiGate unit functions as a Layer 3 device. 

C. The FortiGate unit functions as a Layer 2 device. 

D. The FortiGate unit functions as a router and the firewall function is disabled. 

Answer: B 

see more http://www.certshared.com/exam/NSE5/

Fortinet NSE5 Certification Sample Questions and Answers: https://www.braindumpsall.net/NSE5-dumps/

P.S. New NSE5 dumps PDF: http://www.4easydumps.com/NSE5-dumps-download.html