Virtual of NSE5 download materials and testing material for Fortinet certification for IT examinee, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!
2016 Apr NSE5 Study Guide Questions:
Q61. - (Topic 1)
FortiGate units are preconfigured with four default protection profiles. These protection profiles are used to control the type of content inspection to be performed.
What action must be taken for one of these profiles to become active?
A. The protection profile must be assigned to a firewall policy.
B. The "Use Protection Profile" option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam.
C. The protection profile must be set as the Active Protection Profile.
D. All of the above.
Q62. - (Topic 1)
Which of the following statements correctly describes how a push update from the FortiGuard Distribution Network (FDN) works?
A. The FDN sends push updates only once.
B. The FDN sends package updates automatically to the FortiGate unit without requiring an update request.
C. The FDN continues to send push updates until the FortiGate unit sends an acknowledgement.
D. The FDN sends a message to the FortiGate unit that there is an update available and that the FortiGate unit should download the update.
Q63. - (Topic 1)
The FortiGate unit can be configured to allow authentication to a RADIUS server. The RADIUS server can use several different authentication protocols during the authentication process.
Which of the following are valid authentication protocols that can be used when a user authenticates to the RADIUS server? (Select all that apply.)
A. MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication Protocol v2)
B. PAP (Password Authentication Protocol)
C. CHAP (Challenge-Handshake Authentication Protocol)
D. MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol v1)
E. FAP (FortiGate Authentication Protocol)
Q64. - (Topic 3)
A static route is configured for a FortiGate unit from the CLI using the following commands:
config router static
set device "wan1"
set distance 20
set gateway 192.168.100.1
Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit’s routing table?
A. The Administrative Status of the wan1 interface is displayed as Up.
B. The Link Status of the wan1 interface is displayed as Up.
C. All other default routes should have an equal or higher distance.
D. You must disable DHCP client on that interface.
Q65. - (Topic 3)
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?
A. TCP connection
B. File attachments
C. Message headers
D. Message body
Leading mb6-700 exam:
Q66. - (Topic 2)
In Transparent Mode, forward-domain is an attribute of ______________.
A. an interface
B. a firewall policy
C. a static route
D. a virtual domain
Q67. - (Topic 1)
You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct?
A. 192.168.2.0 / 255.255.255.0
B. 192.168.2.2 / 255.255.255.0
C. 192.168.2.0 / 255.255.255.255
D. 192.168.2.2 / 255.255.255.255
Q68. - (Topic 1)
Which of the following statements is correct regarding URL Filtering on the FortiGate unit?
A. The FortiGate unit can filter URLs based on patterns using text and regular expressions.
B. The available actions for URL Filtering are Allow and Block.
C. Multiple URL Filter lists can be added to a single Web filter profile.
D. A FortiGuard Web Filtering Override match will override a block action in the URL filter list.
Q69. - (Topic 2)
Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.)
config ips sensor
set comment ''
set replacemsg-group ''
set log enable
set action default
set application all
set location server
set log enable
set log-packet enable
set os Linux set protocol all
set quarantine none
set severity all
set status default
A. The sensor will log all server attacks for all operating systems.
B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature.
C. The sensor will match all traffic from the address object ‘LINUX_SERVER’.
D. The sensor will reset all connections that match these signatures.
E. The sensor only filters which IPS signatures to apply to the selected firewall policy.
Q70. - (Topic 1)
Two-factor authentication is supported using the following methods? (Select all that apply.)
C. SMS phone message
D. Code books
Certified mb6-700 exam questions:
Q71. - (Topic 2)
Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.
Which one of the following statements is correct regarding this output?
A. OSPF Hello packets will only be sent on interfaces configured with the IP addresses
172.16.1.1 and 172.16.1.2.
B. OSPF Hello packets will be sent on all interfaces of the FortiGate device.
C. OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.
D. OSPF Hello packets are not sent on point-to-point networks.
Q72. - (Topic 1)
An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel.
Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet?
A. Exhibit A
B. Exhibit B
C. Exhibit C
D. Exhibit D
Q73. - (Topic 1)
Which of the following statements are correct regarding logging to memory on a FortiGate unit? (Select all that apply.)
A. When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory.
B. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages.
C. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost.
D. None of the above.
Q74. - (Topic 2)
Shown below is a section of output from the debug command diag ip arp list.
index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1
In the output provided, which of the following best describes the IP address 172.20.187.150?
A. It is the primary IP address of the port1 interface.
B. It is one of the secondary IP addresses of the port1 interface.
C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface.
Q75. - (Topic 1)
Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?
A. The FortiGate unit applies NAT to all traffic.
B. The FortiGate unit functions as a Layer 3 device.
C. The FortiGate unit functions as a Layer 2 device.
D. The FortiGate unit functions as a router and the firewall function is disabled.
see more http://www.certshared.com/exam/NSE5/
Fortinet NSE5 Certification Sample Questions and Answers: https://www.braindumpsall.net/NSE5-dumps/
P.S. New NSE5 dumps PDF: http://www.4easydumps.com/NSE5-dumps-download.html