A Review Of Accurate NSE5 practice exam

Breathing of NSE5 free exam materials and preparation labs for Fortinet certification for consumer, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!

Q97. - (Topic 3) 

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)? 

A. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors. 

B. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors. 

C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options. 

D. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings. 

E. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options. 

Answer: C 

Q98. - (Topic 1) 

Which of the following items is NOT a packet characteristic matched by a firewall service object? 

A. ICMP type and code 

B. TCP/UDP source and destination ports 

C. IP protocol number 

D. TCP sequence number 

Answer: D 

Q99. - (Topic 2) 

Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it. 

Which of the following statements are correct regarding this configuration? (Select all that apply). 

A. The Phase 2 will re-key even if there is no traffic. 

B. There will be a DH exchange for each re-key. 

C. The sequence number of ESP packets received from the peer will not be checked. 

D. Quick mode selectors will default to those used in the firewall policy. 

Answer: A,B 

Q100. - (Topic 1) 

An administrator has configured a FortiGate unit so that end users must authenticate against the firewall using digital certificates before browsing the Internet. What must the user have for a successful authentication? (Select all that apply.) 

A. An entry in a supported LDAP Directory. 

B. A digital certificate issued by any CA server. 

C. A valid username and password. 

D. A digital certificate issued by the FortiGate unit. 

E. Membership in a firewall user group. 

Answer: B,E 

Q101. - (Topic 2) 

Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) 

config ips sensor 

edit "LINUX_SERVER" 

set comment '' 

set replacemsg-group '' 

set log enable 

config entries 

edit 1 

set action default 

set application all 

set location server 

set log enable 

set log-packet enable 

set os Linux set protocol all 

set quarantine none 

set severity all 

set status default 

next 

end 

next 

end 

A. The sensor will log all server attacks for all operating systems. 

B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature. 

C. The sensor will match all traffic from the address object ‘LINUX_SERVER’. 

D. The sensor will reset all connections that match these signatures. 

E. The sensor only filters which IPS signatures to apply to the selected firewall policy. 

Answer: B,E 

Q102. - (Topic 3) 

An administrator is examining the attack logs and notices the following entry: 

device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect-servers ref=http://www.fortinet.com/ids/VID100663402 msg="anomaly: tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A 

Based solely upon this log message, which of the following statements is correct? 

A. This attack was blocked by the HTTP protocol decoder. 

B. This attack was caught by the DoS sensor "protect-servers". 

C. This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit. 

D. The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold. 

Answer: B 

Q103. - (Topic 1) 

The command structure of the CLI on a FortiGate unit consists of commands, objects, branches, tables and parameters. Which of the following items describes port1? 

A. A command. 

B. An object. 

C. A table. 

D. A parameter. 

Answer: C 

Q104. - (Topic 1) 

Examine the exhibit shown below; then answer the question following it. 

Which of the following statements best describes the green status indicators that appear next to the different FortiGuard Distribution Network services as illustrated in the exhibit? 

A. They indicate that the FortiGate unit is able to connect to the FortiGuard Distribution Network. 

B. They indicate that the FortiGate unit has the latest updates that are available from the FortiGuard Distribution Network. 

C. They indicate that updates are available and should be downloaded from the FortiGuard Distribution Network to the FortiGate unit. 

D. They indicate that the FortiGate unit is in the process of downloading updates from the FortiGuard Distribution Network. 

Answer: A