Skip to content

The Secret of Fortinet NSE5 exam

Exam Code: NSE5 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 5 Written Exam (500)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE5 Exam.

2018 NEW RECOMMEND

Free VCE & PDF File for Fortinet NSE5 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW NSE5 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/NSE5-dumps.html

Q1. – (Topic 1) 

Which of the following statements best describes the green status indicators that appear next to different FortiGuard Distribution Network services as illustrated in the exhibit? 

A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network. 

B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network. 

C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. 

D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network. 

Answer:

Q2. – (Topic 2) 

In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit. 

A. The HA mode changes to standalone. 

B. Port3 is configured with an IP address for management access. 

C. The Firewall rules are purged on the disconnected unit. 

D. All other interface IP settings are maintained. 

Answer: A,B 

Q3. – (Topic 1) 

The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit’s GUI and also using the CLI. The command used in the CLI to perform this function is ______ . 

A. set order 

B. edit policy 

C. reorder 

D. move 

Answer:

Q4. – (Topic 1) 

An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network. 

Which of the following FortiAnalyzers will be detected? (Select all that apply.) 

A. 192.168.11.100 

B. 192.168.11.251 

C. 192.168.10.100 

D. 192.168.10.251 

Answer: A,B 

Q5. – (Topic 3) 

When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit. 

Which of the following statements is correct regarding this entry? 

A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule. 

B. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature. 

This client is banned from receiving or sending any traffic through the FortiGate. 

C. The entry displays a quarantine, which could have been added by either IPS or DLP. 

D. This entry displays a ban entry that was added manually by the administrator on June11th. 

Answer:

Q6. – (Topic 3) 

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)? 

A. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors. 

B. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors. 

C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options. 

D. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings. 

E. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options. 

Answer:

Q7. – (Topic 3) 

What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels? 

A. Using a hub and spoke topology is required to achieve full redundancy. 

B. Using a full mesh topology simplifies configuration. 

C. Using a full mesh topology provides stronger encryption. 

D. Full mesh topology is the most fault-tolerant configuration. 

Answer:

Q8. – (Topic 1) 

A FortiGate unit can act as which of the following? (Select all that apply.) 

A. Antispam filter 

B. Firewall 

C. VPN gateway 

D. Mail relay 

E. Mail server 

Answer: A,B,C 

Q9. – (Topic 2) 

Shown below is a section of output from the debug command diag ip arp list. 

index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1 

In the output provided, which of the following best describes the IP address 172.20.187.150? 

A. It is the primary IP address of the port1 interface. 

B. It is one of the secondary IP addresses of the port1 interface. 

C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface. 

Answer:

Q10. – (Topic 3) 

A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the AntiVirus and Email Filter profiles applied to this policy. 

What is the correct behavior when the email attachment is detected as a virus by the 

FortiGate AntiVirus engine? 

A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected. 

B. The FortiGate unit will reject the infected email and notify both the sender and recipient. 

C. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed. 

D. The FortiGate unit will reject the infected email and notify the sender. 

Answer: