Our pass rate is high to 98.9% and the similarity percentage between our NSE5 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE5 exam in just one try? I am currently studying for the Fortinet NSE5 exam. Latest Fortinet NSE5 Test exam practice questions and answers, Try Fortinet NSE5 Brain Dumps First.
Q65. - (Topic 3)
Which of the following DLP actions will override any other action?
A. Exempt
B. Quarantine Interface
C. Block
D. None
Answer: A
Q66. - (Topic 2)
In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit?
A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server
B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server
C. Request: Internal Host; Slave FortiGate; Internet; Web Server
D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server
Answer: A
Q67. - (Topic 1)
Which of the following statements are correct regarding URL filtering on the FortiGate unit? (Select all that apply.)
A. The allowed actions for URL Filtering include Allow, Block and Exempt.
B. The allowed actions for URL Filtering are Allow and Block.
C. The FortiGate unit can filter URLs based on patterns using text and regular expressions.
D. Any URL accessible by a web browser can be blocked using URL Filtering.
E. Multiple URL Filter lists can be added to a single protection profile.
Answer: A,C
Q68. - (Topic 3)
WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?
A. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule.
B. The attempt will be accepted when there is a matching WAN optimization passive rule.
C. The attempt will be accepted when the request comes from a known peer.
D. The attempt will be accepted when a user on the remote peer accepts the connection request.
Answer: A
Q69. - (Topic 3)
A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit.
Which of the following statements best describes the reason why the FortiGate 60B unit is unable to archive data to the FortiAnalyzer unit?
A. The FortiGate unit is considered an unregistered device.
B. The FortiGate unit has been blocked from sending archive data to the FortiAnalyzer device by the administrator.
C. The FortiGate unit has insufficient privileges. The administrator should edit the device entry in the FortiAnalyzer and modify the privileges.
D. The FortiGate unit is being treated as a syslog device and is only permitted to send log data.
Answer: A
Q70. - (Topic 1)
You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route.
Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)
A. Create one firewall policy.
B. Create two firewall policies.
C. Add a route for the remote subnet.
D. Add a route for incoming traffic.
E. Create a phase 1 definition.
F. Create a phase 2 definition.
Answer: B,C,E,F
Q71. - (Topic 3)
Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.)
A. The web client SSL handshake.
B. The web server SSL handshake.
C. File buffering.
D. Communication with the urlfilter process.
Answer: A,B
Q72. - (Topic 1)
Which of the following logging options are supported on a FortiGate unit? (Select all that apply.)
A. LDAP
B. Syslog
C. FortiAnalyzer
D. Local disk and/or memory
Answer: B,C,D