★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW NSE5 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/NSE5-dumps.html
Proper study guides for Renewal Fortinet Fortinet Network Security Expert 5 Written Exam (500) certified begins with Fortinet NSE5 preparation products which designed to deliver the Realistic NSE5 questions by making you pass the NSE5 test at your first time. Try the free NSE5 demo right now.
2021 Nov NSE5 practice
Q61. - (Topic 3)
Which of the following statements is correct about how the FortiGate unit verifies username and password during user authentication?
A. If a remote server is included in a user group, it will be checked before local accounts.
B. An administrator can define a local account for which the password must be verified by querying a remote server.
C. If authentication fails with a local password, the FortiGate unit will query the authentication server if the local user is configured with both a local password and an authentication server.
D. The FortiGate unit will only attempt to authenticate against Active Directory if Fortinet Server Authentication Extensions are installed and configured.
Answer: B
Q62. - (Topic 3)
A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office.
The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers.
What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?
A. Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
B. Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
C. Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.
D. Dynamic routing protocols cannot be used over IPSec VPN tunnels.
Answer: A
Q63. - (Topic 1)
FortiGate units are preconfigured with four default protection profiles. These protection profiles are used to control the type of content inspection to be performed.
What action must be taken for one of these profiles to become active?
A. The protection profile must be assigned to a firewall policy.
B. The "Use Protection Profile" option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam.
C. The protection profile must be set as the Active Protection Profile.
D. All of the above.
Answer: A
Q64. - (Topic 1)
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. How are UTM features applied to traffic?
A. One or more UTM features are enabled in a firewall policy.
B. In the system configuration for that UTM feature, you can identify the policies to which the feature is to be applied.
C. Enable the appropriate UTM objects and identify one of them as the default.
D. For each UTM object, identify which policy will use it.
Answer: A
Q65. - (Topic 1)
If a FortiGate unit has a dmz interface IP address of 210.192.168.2 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range?
A. 172.168.0.1 - 172.168.0.10
B. 210.192.168.3 - 210.192.168.10
C. 210.192.168.1 - 210.192.168.4
D. All of the above.
Answer: B
Most up-to-date NSE5 exam question:
Q66. - (Topic 1)
Which of the following antivirus and attack definition update features are supported by FortiGate units? (Select all that apply.)
A. Manual, user-initiated updates from the FortiGuard Distribution Network.
B. Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FortiGuard Distribution Network.
C. Push updates from the FortiGuard Distribution Network.
D. Update status including version numbers, expiry dates, and most recent update dates and times.
Answer: A,B,C,D
Q67. - (Topic 2)
Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)
A. They both create separate broadcast domains.
B. Port Pairing works only for physical interfaces.
C. Forwarding Domains only apply to virtual interfaces.
D. They may contain physical and/or virtual interfaces.
E. They are only available in high-end models.
Answer: A,D
Q68. - (Topic 3)
Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?
A. The FortiGate unit receives periodic "Here I am" messages from the web cache.
B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.
C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.
D. The web cache sends an "I see you" message which is captured by the FortiGate unit.
Answer: C
Q69. - (Topic 3)
SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?
A. The file is buffered by the application proxy.
B. The file is buffered by the SSL proxy.
C. In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy.
D. No file buffering is needed since a stream-based scanning approach is used for SSL content inspection.
Answer: A
Q70. - (Topic 2)
Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. VDOMs share firmware versions, as well as antivirus and IPS databases.
D. Only administrative users with a 'super_admin' profile will be able to enter multiple VDOMs to make configuration changes.
Answer: A,B,C