It is more faster and easier to pass the Fortinet NSE5 exam by using Approved Fortinet Fortinet Network Security Expert 5 Written Exam (500) questuins and answers. Immediate access to the Up to the immediate present NSE5 Exam and find the same core area NSE5 questions with professionally verified answers, then PASS your exam with a high score now.
Q105. - (Topic 2)
Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below.
Which of the following statements are correct regarding this output? (Select all that apply.)
A. The connecting client has been allocated address 172.20.1.1.
B. In the Phase 1 settings, dead peer detection is enabled.
C. The tunnel is idle.
D. The connecting client has been allocated address 10.200.3.1.
Answer: A,B
Q106. - (Topic 1)
Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?
A. The FortiGate unit applies NAT to all traffic.
B. The FortiGate unit functions as a Layer 3 device.
C. The FortiGate unit functions as a Layer 2 device.
D. The FortiGate unit functions as a router and the firewall function is disabled.
Answer: B
Q107. - (Topic 1)
Which of the following statements best describes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?
A. The proxy will not allow a file to be transmitted in multiple streams simultaneously.
B. The proxy sends the file to the server while simultaneously buffering it.
C. If the file being scanned is determined to be infected, the proxy deletes it from the server by sending a delete command on behalf of the client.
D. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.
Answer: A
Q108. - (Topic 3)
In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling.
Which of the following statements is true about the IP address used by the SSL VPN client?
A. The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings.
B. Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established.
C. The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options.
Answer: A
Q109. - (Topic 1)
An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has not enabled split tunneling and so the end user must access the Internet through the SSL VPN Tunnel.
Which firewall policies are needed to allow the end user to not only access the internal network but also reach the Internet?
A)
B)
C)
D)
A. Exhibit A
B. Exhibit B
C. Exhibit C
D. Exhibit D
Answer: A
Q110. - (Topic 3)
Which of the following report templates must be used when scheduling report generation?
A. Layout Template
B. Data Filter Template
C. Output Template
D. Chart Template
Answer: A
Q111. - (Topic 3)
Which of the following statements is correct regarding the NAC Quarantine feature?
A. With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP.
B. NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate.
C. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.
D. If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine.
Answer: C
Q112. - (Topic 2)
Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it.
Which one of the following statements correctly describes this output?
A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.
B. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup.
C. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used.
D. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.
Answer: A