Fortinet documentation is a vital documentation in the area of strategy technologies. Including the label Fortinet is enough pertaining to ensuring a good good chance for you. This Fortinet qualification analyze the degree of expertness the fact that specific boasts. This Fortinet is principally aimed at increasing the innovativeness of the specialists. A lot of these Fortinet certificationssuch when NSE5 improve your capabilities together with transform you into hugely accomplished job hopefuls of the space.
2021 Sep NSE5 download
Q1. - (Topic 1)
By default the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action?
A. Block all network attacks.
B. Block the most common network attacks.
C. Allow all traffic.
D. Allow and log all traffic.
Answer: C
Q2. - (Topic 3)
Which of the following statements is correct regarding the NAC Quarantine feature?
A. With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP.
B. NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate.
C. NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.
D. If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine.
Answer: C
Q3. - (Topic 3)
A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?
A. Any other matched DLP rules will be ignored with the exception of Archiving.
B. Future files whose characteristics match this file will bypass DLP scanning.
C. The traffic matching the DLP rule will bypass antivirus scanning.
D. The client IP address will be added to a white list.
Answer: A
Q4. - (Topic 1)
Which of the following items does NOT support the.Logging feature?
A. File Filter
B. Application control
C. Session timeouts
D. Administrator activities
E. Web URL filtering
Answer: C
Q5. - (Topic 1)
Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?
A. The FortiGate unit applies NAT to all traffic.
B. The FortiGate unit functions as a Layer 3 device.
C. The FortiGate unit functions as a Layer 2 device.
D. The FortiGate unit functions as a router and the firewall function is disabled.
Answer: B
Leading NSE5 actual exam:
Q6. - (Topic 1)
How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side?
A. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface.
B. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit’s kernel routing table.
C. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit.
D. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy.
Answer: B
Q7. - (Topic 3)
A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM.
What would be a possible cause for this problem?
A. The dmz interface is referenced in the configuration of another VDOM.
B. The administrator does not have the proper permissions to reassign the dmz interface.
C. Non-management VDOMs can not reference physical interfaces.
D. The dmz interface is in PPPoE or DHCP mode.
E. Reassigning an interface to a different VDOM can only be done through the CLI.
Answer: A
Q8. - (Topic 3)
The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules.
Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.)
A. Encrypted protocols can be scanned through the use of the SSL proxy.
B. DLP rules can be used to block the transmission of encrypted files.
C. Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels.
D. Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.
Answer: A,B,D
Q9. - (Topic 1)
A client can establish a secure connection to a corporate network using SSL VPN in tunnel mode.
Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.)
A. Split tunneling can be enabled when using tunnel mode SSL VPN.
B. Client software is required to be able to use a tunnel mode SSL VPN.
C. Users attempting to create a tunnel mode SSL VPN connection must be authenticated by at least one SSL VPN policy.
D. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit.
Answer: A,B,C,D
Q10. - (Topic 3)
When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option.
What is a valid reason for using the Full Search option, instead?
A. The search items you are looking for are not contained in indexed log fields.
B. A quick search only searches data received within the last 24 hours.
C. You want the search to include the FortiAnalyzer's local logs.
D. You want the search to include content archive data as well.
Answer: A