Updated NSE5: Actualtests real forum from 49 to 56

Exam Code: NSE5 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 5 Written Exam (500)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE5 Exam.

Q49. - (Topic 1) 

Which of the following statements regarding the firewall policy authentication timeout is true? 

A. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source IP. 

B. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source IP after this timer has expired. 

C. The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source MAC. 

D. The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source MAC after this timer has expired. 

Answer: A 

Q50. - (Topic 3) 

Which of the following items is NOT a packet characteristic matched by a firewall service object? 

A. ICMP type and code 

B. TCP/UDP source and destination ports 

C. IP protocol number 

D. TCP sequence number 

Answer: D 

Q51. - (Topic 3) 

The following diagnostic output is displayed in the CLI: 

diag firewall auth list 

policy iD. 9, srC. 192.168.3.168, action: accept, timeout: 13427 

user: forticlient_chk_only, group: 

flag (80020): auth timeout_ext, flag2 (40): exact 

group iD. 0, av group: 0 

----- 1 listed, 0 filtered ------

Based on this output, which of the following statements is correct? 

A. Firewall policy 9 has endpoint compliance enabled but not firewall authentication. 

B. The client check that is part of an SSL VPN connection attempt failed. 

C. This user has been associated with a guest profile as evidenced by the group id of 0. 

D. An auth-keepalive value has been enabled. 

Answer: A 

Q52. - (Topic 3) 

The following ban list entry is displayed through the CLI. 

get user ban list 

id cause src-ip-addr dst-ip-addr expires created 

531 protect_client 10.177.0.21 207.1.17.1 indefinite Wed Dec 24 :21:33 2008 

Based on this command output, which of the following statements is correct? 

A. The administrator has specified the Attack and Victim Address method for the quarantine. 

B. This diagnostic entry results from the administrator running the diag ips log test command. This command has no effect on traffic. 

C. A DLP rule has been matched. 

D. An attack has been repeated more than once during the holddown period; the expiry time has been reset to indefinite. 

Answer: A 

Q53. - (Topic 2) 

For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions? 

A. A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol. 

B. A block action prevents the transaction. A quarantine action archives the data. 

C. A block action has a finite duration. A quarantine action must be removed by an administrator. 

D. A block action is used for known users. A quarantine action is used for unknown users. 

Answer: A 

Q54. - (Topic 1) 

A FortiGate 100 unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received. Which of the following statements are possible reasons for this? (Select all that apply.) 

A. The external facing interface of the FortiGate unit is configured to use DHCP. 

B. The FortiGate unit has not been registered. 

C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network. 

D. The FortiGate unit is in Transparent mode. 

Answer: A,B,C 

Q55. - (Topic 3) 

Which of the following describes the best custom signature for detecting the use of the word "Fortinet" in chat applications? 

A. The sample packet trace illustrated in the exhibit provides details on the packet that requires detection. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --no_case; ) 

B. F-SBID( --protocol tcp; --flow from_client; --pattern "fortinet"; --no_case; ) 

C. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; --no_case; ) 

D. F-SBID( --protocol tcp; --flow from_client; --pattern "X-MMS-IM-Format"; --pattern "fortinet"; --within 20; ) 

Answer: A 

Q56. - (Topic 2) 

Examine the static route configuration shown below; then answer the question following it. 

config router static 

edit 1 

set dst 172.20.1.0 255.255.255.0 

set device port1 

set gateway 172.11.12.1 

set distance 10 

set weight 5 

next 

edit 2 

set dst 172.20.1.0 255.255.255.0 

set blackhole enable 

set distance 5 

set weight 10 

next 

end 

Which of the following statements correctly describes the static routing configuration provided? (Select all that apply.) 

A. All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit. 

B. As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route. 

C. The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route. 

D. The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route. 

E. Traffic to 172.20.1.0/24 will be shared through both routes. 

Answer: A,C