Shortcuts To NSE5（17 to 24）

Your success in Fortinet NSE5 is our sole target and we develop all our NSE5 braindumps in a way that facilitates the attainment of this target. Not only is our NSE5 study material the best you can find, it is also the most detailed and the most updated. NSE5 Practice Exams for Fortinet NSE5 are written to the highest standards of technical accuracy.

Q17. - (Topic 1) 

In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic? 

A. The traffic is blocked. 

B. The traffic is passed. 

C. The traffic is passed and logged. 

D. The traffic is blocked and logged. 

Answer: A 

Q18. - (Topic 3) 

An administrator wishes to generate a report showing Top Traffic by service type. They notice that web traffic overwhelms the pie chart and want to exclude the web traffic from the report. 

Which of the following statements best describes how to do this? 

A. In the Service field of the Data Filter, type 80/tcp and select the NOT checkbox. 

B. Add the following entry to the Generic Field section of the Data Filter: service="!web". 

C. When editing the chart, uncheck wlog to indicate that Web Filtering data is being excluded when generating the chart. 

D. When editing the chart, enter 'http' in the Exclude Service field. 

Answer: A 

Q19. - (Topic 3) 

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. 

The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI. 

C:\>ping 10.0.1.1 

Pinging 10.0.1.1 with 32 bytes of data: 

Reply from 10.0.1.1: bytes=32 time=1ms TTL=255 

Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 

Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 

Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 

user1 # get system interface 

== [ internal ] 

namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up 

netbios-forwarD. disable typE. physical mtu-overridE. disable 

== [ vlan1 ] 

namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb 

ios-forwarD. disable typE. vlan mtu-overridE. disable 

user1 # diagnose debug flow trace start 100 

user1 # diagnose debug ena 

user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1 

id=20085 trace_id=274 msg="vd-root received a packet(proto=6, 10.0.1.130:47927->10.0.1.1:443) from internal." 

id=20085 trace_id=274 msg="allocate a new session-00000b1b" 

id=20085 trace_id=274 msg="find SNAT: IP-10.0.1.1, port-43798" 

id=20085 trace_id=274 msg="iprope_in_check() check failed, drop" 

Based on the output from these commands, which of the following explanations is a possible cause of the problem? 

A. The Fortigate unit has no route back to the PC. 

B. The PC has an IP address in the wrong subnet. 

C. The PC is using an incorrect default gateway IP address. 

D. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface. 

E. There is no firewall policy allowing traffic from INTERNAL-> VLAN1. 

Answer: D 

Q20. - (Topic 1) 

Under the System Information widget on the dashboard, which of the following actions are available for the system configuration? (Select all that apply.) 

A. Backup 

B. Restore 

C. Revisions 

D. Export 

Answer: A,B,C 

Q21. - (Topic 1) 

The default administrator profile that is assigned to the default "admin" user on a FortGate device is:____________________. 

A. trusted-admin 

B. super_admin 

C. super_user 

D. admin 

E. fortinet-root 

Answer: B 

Q22. - (Topic 3) 

A static route is configured for a FortiGate unit from the CLI using the following commands: 

config router static 

edit 1 

set device "wan1" 

set distance 20 

set gateway 192.168.100.1 

next 

end 

Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit’s routing table? 

A. The Administrative Status of the wan1 interface is displayed as Up. 

B. The Link Status of the wan1 interface is displayed as Up. 

C. All other default routes should have an equal or higher distance. 

D. You must disable DHCP client on that interface. 

Answer: D 

Q23. - (Topic 2) 

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway? 

A. A look-up is done only when the first packet coming from the client (SYN) arrives. 

B. A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives. 

C. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK). 

D. A look-up is always done each time a packet arrives, from either the server or the client side. 

Answer: B 

Q24. - (Topic 1) 

The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit’s GUI and also using the CLI. The command used in the CLI to perform this function is ______ . 

A. set order 

B. edit policy 

C. reorder 

D. move 

Answer: D