Tested of NSE5 exams materials and dump for Fortinet certification for IT candidates, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!
Q113. - (Topic 3)
What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels?
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a full mesh topology simplifies configuration.
C. Using a full mesh topology provides stronger encryption.
D. Full mesh topology is the most fault-tolerant configuration.
Answer: D
Q114. - (Topic 1)
When creating administrative users which of the following configuration objects determines access rights on the FortiGate unit.
A. profile
B. allowaccess interface settings
C. operation mode
D. local-in policy
Answer: A
Q115. CORRECT TEXT - (Topic 1)
In addition to AntiVirus services, the FortiGuard Subscription Services provide IPS, Web Filtering, and ___________ services.
Answer: antispam
Q116. - (Topic 2)
Examine the Exhibits shown below, then answer the question that follows. Review the following DLP Sensor (Exhibit 1):
Review the following File Filter list for rule #1 (Exhibit 2):
Review the following File Filter list for rule #2 (Exhibit 3):
Review the following File Filter list for rule #3 (Exhibit 4):
An MP3 file is renamed to ‘workbook.exe’ and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4.
Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?
A. The file will be detected by rule #1 as an ‘Audio (mp3)’, a log entry will be created and it will be allowed to pass through.
B. The file will be detected by rule #2 as a “*.exe”, a log entry will be created and the interface that received the traffic will be brought down.
C. The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.
D. Nothing, the file will go undetected.
Answer: A
Q117. - (Topic 3)
The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules.
Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.)
A. Encrypted protocols can be scanned through the use of the SSL proxy.
B. DLP rules can be used to block the transmission of encrypted files.
C. Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels.
D. Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.
Answer: A,B,D
Q118. - (Topic 1)
The Idle Timeout setting on a FortiGate unit applies to which of the following?
A. Web browsing
B. FTP connections
C. User authentication
D. Administrator access
E. Web filtering overrides.
Answer: D
Q119. - (Topic 3)
In order to load-share traffic using multiple static routes, the routes must be configured with ...
A. the same distance and same priority.
B. the same distance and the same weight.
C. the same distance but each of them must be assigned a unique priority.
D. a distance equal to its desired weight for ECMP but all must have the same priority.
Answer: A
Q120. - (Topic 3)
What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?
A. Sessions can be idle for no more than 1800 seconds.
B. The maximum length of time a session can be open is 1800 seconds.
C. After 1800 seconds, the end user must reauthenticate.
D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.
Answer: A