Precise of NSE5 exam question materials and braindump for Fortinet certification for candidates, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!
Q137. - (Topic 2)
With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.
If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)
A. The login event is sent to the Collector Agent.
B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.
C. The Collector Agent performs the DNS lookup for the authenticated client’s IP address.
D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.
Answer: A,C
Q138. - (Topic 1)
In an IPSec gateway-to-gateway configuration, two FortiGate units create a VPN tunnel between two separate private networks.
Which of the following configuration steps must be performed on both FortiGate units to support this configuration? (Select all that apply.)
A. Create firewall policies to control traffic between the IP source and destination address.
B. Configure the appropriate user groups on the FortiGate units to allow users access to the IPSec VPN connection.
C. Set the operating mode of the FortiGate unit to IPSec VPN mode.
D. Define the Phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with the remote peer.
E. Define the Phase 1 parameters that the FortiGate unit needs to authenticate the remote peers.
Answer: A,D,E
Q139. - (Topic 1)
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function.
An administrator must assign a set of UTM features to a group of users.
Which of the following is the correct method for doing this?
A. Enable a set of unique UTM features under "Edit User Group".
B. The administrator must enable the UTM features in an identify-based policy applicable to the user group.
C. When defining the UTM objects, the administrator must list the user groups which will use the UTM object.
D. The administrator must apply the UTM features directly to a user object.
Answer: B
Q140. - (Topic 2)
Review the static route configuration for IPsec shown in the Exhibit below; then answer the question following it.
Which of the following statements are correct regarding this configuration? (Select all that apply).
A. Remote_1 is a Phase 1 object with interface mode enabled
B. The gateway address is not required because the interface is a point-to-point connection
C. The gateway address is not required because the default route is used
D. Remote_1 is a firewall zone
Answer: A,B
Q141. - (Topic 1)
A FortiGate unit can act as which of the following? (Select all that apply.)
A. Antispam filter
B. Firewall
C. VPN gateway
D. Mail relay
E. Mail server
Answer: A,B,C
Q142. - (Topic 3)
In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?
A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server
B. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server
C. Request: Internal Host -> Slave FG -> Internet -> Web Server
D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server
Answer: A
Q143. CORRECT TEXT - (Topic 1)
The __________CLI command is used on the FortiGate unit to run static commands such as ping or to reset the FortiGate unit to factory defaults.
Answer: execute