★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW NSE5 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/NSE5-dumps.html


Want to know Actualtests NSE5 Exam practice test features? Want to lear more about Fortinet Fortinet Network Security Expert 5 Written Exam (500) certification experience? Study Real Fortinet NSE5 answers to Down to date NSE5 questions at Actualtests. Gat a success with an absolute guarantee to pass Fortinet NSE5 (Fortinet Network Security Expert 5 Written Exam (500)) test on your first attempt.

2021 Dec NSE5 test question

Q131. - (Topic 2) 

Select the answer that describes what the CLI command diag debug authd fsso list is used for. 

A. Monitors communications between the FSSO Collector Agent and FortiGate unit. 

B. Displays which users are currently logged on using FSSO. 

C. Displays a listing of all connected FSSO Collector Agents. 

D. Lists all DC Agents installed on all Domain Controllers. 

Answer:


Q132. - (Topic 1) 

A FortiGate AntiVirus profile can be configured to scan for viruses on SMTP, FTP, POP3, and SMB protocols using which inspection mode? 

A. Proxy 

B. DNS 

C. Flow-based 

D. Man-in-the-middle 

Answer:


Q133. - (Topic 1) 

Which of the following network protocols are supported for administrative access to a FortiGate unit? 

A. HTTPS, HTTP, SSH, TELNET, PING, SNMP 

B. FTP, HTTPS, NNTP, TCP, WINS 

C. HTTP, NNTP, SMTP, DHCP 

D. Telnet, FTP, RLOGIN, HTTP, HTTPS, DDNS 

E. Telnet, UDP, NNTP, SMTP 

Answer:


Q134. - (Topic 2) 

Shown below is a section of output from the debug command diag ip arp list. 

index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1 

In the output provided, which of the following best describes the IP address 172.20.187.150? 

A. It is the primary IP address of the port1 interface. 

B. It is one of the secondary IP addresses of the port1 interface. 

C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface. 

Answer:


Q135. - (Topic 1) 

Which Fortinet products & features could be considered part of a comprehensive solution to monitor and prevent the leakage of senstive data? (Select all that apply.) 

A. Archive non-compliant outgoing e-mails using FortiMail. 

B. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate. 

C. Monitor database activity using FortiAnalyzer. 

D. Apply a DLP sensor to a firewall policy. 

E. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk. 

Answer: A,B,D 


Improved NSE5 download:

Q136. - (Topic 1) 

You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct? 

A. 192.168.2.0 / 255.255.255.0 

B. 192.168.2.2 / 255.255.255.0 

C. 192.168.2.0 / 255.255.255.255 

D. 192.168.2.2 / 255.255.255.255 

Answer:


Q137. - (Topic 1) 

A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices? 

A. SSL 

B. IPSec 

C. direct serial connection 

D. S/MIME 

Answer:


Q138. - (Topic 1) 

In an IPSec gateway-to-gateway configuration, two FortiGate units create a VPN tunnel between two separate private networks. 

Which of the following configuration steps must be performed on both FortiGate units to support this configuration? (Select all that apply.) 

A. Create firewall policies to control traffic between the IP source and destination address. 

B. Configure the appropriate user groups on the FortiGate units to allow users access to the IPSec VPN connection. 

C. Set the operating mode of the FortiGate unit to IPSec VPN mode. 

D. Define the Phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with the remote peer. 

E. Define the Phase 1 parameters that the FortiGate unit needs to authenticate the remote peers. 

Answer: A,D,E 


Q139. - (Topic 3) 

Which of the following Session TTL values will take precedence? 

A. Session TTL specified at the system level for that port number 

B. Session TTL specified in the matching firewall policy 

C. Session TTL dictated by the application control list associated with the matching firewall policy 

D. The default session TTL specified at the system level 

Answer:


Q140. - (Topic 1) 

An administrator wants to assign a set of UTM features to a group of users. Which of the following is the correct method for doing this? 

A. Enable a set of unique UTM profiles under "Edit User Group". 

B. The administrator must enable the UTM profiles in an identity-based policy applicable to the user group. 

C. When defining the UTM objects, the administrator must list the user groups which will use the UTM object. 

D. The administrator must apply the UTM features directly to a user object. 

Answer: