Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
FCNSP.v5 Examination questions (September)

Achieve New Updated (September) Fortinet FCNSP.v5 Examination questions Topic 2, Volume B part 01

September 25, 2015

Ensurepass

QUESTION 44  (Topic 2)

 

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.

 

clip_image002

 

Which of the following statements are correct regarding these VDOMs? (Select all that apply.)

 

A.

The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes.

B.

The FortiGate unit must be a model 1000 or above to support multiple VDOMs.

C.

A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled.

D.

All VDOMs must operate in the same mode.

E.

Changing a VDOM operational mode requires a reboot of the FortiGate unit.

F.

An admin account can be assigned to one VDOM or it can have access to all three VDOMs.

 

Answer: AF

 

 

QUESTION 45  (Topic 2)

 

 

 

 

Bob wants to send Alice a file that is encrypted using public key cryptography.

 

Which of the following statements is correct regarding the use of public key cryptography in this scenario?

 

A.

Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.

B.

Bob will use his public key to encrypt the file and Alice will use Bob’s private key to decrypt the file.

C.

Bob will use Alice’s public key to encrypt the file and Alice will use her private key to decrypt the file.

D.

Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.

E.

Bob will use Alice’s public key to encrypt the file and Alice will use Bob’s public key to decrypt the file.

 

Answer: C

 

 

QUESTION 46  (Topic 2)

 

Which of the following items are considered to be advantages of using the application control features on the FortiGate unit?

 

Application control allows an administor to:

 

A.

set a unique session-ttl for select applications.

B.

customize application types in a similar way to adding custom IPS signatures.

C.

check which applications are installed on workstations attempting to access the network.

D.

enable AV scanning per application rather than per policy.

 

Answer: A

 

 

QUESTION 47  (Topic 2)

 

An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report.

 

Which of the following statements best describes how to do this?

 

 

 

 

 

A.

In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.

B.

Add the following entry to the Generic Field section of the Data Filter: service=”!smtp”.

C.

When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.

D.

When editing the chart, enter ‘dns’ in the Exclude Service field.

 

Answer: A

 

 

QUESTION 48  (Topic 2)

 

If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?

 

A.

The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR).

B.

The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR).

C.

At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.

D.

The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP.

E.

By design, BGP cannot redistribute routes learned through OSPF.

 

Answer: C

 

 

QUESTION 49  (Topic 2)

 

The diag sys session list command is executed in the CLI. The output of this command is shown in the exhibit.

 

 

 

 

 

clip_image004

 

Based on the output from this command, which of the following statements is correct?

 

A.

This is a UDP session.

B.

Traffic shaping is being applied to this session.

C.

This is an ICMP session.

D.

This traffic has been authenticated.

E.

This session matches a firewall policy with ID 5.

 

Answer: B

 

 

QUESTION 50  (Topic 2)

 

The following diagnostic output is displayed in the CLI:

 

diag firewall auth list

 

policy iD. 9, srC. 192.168.3.168, action: accept, timeout: 13427

 

user: forticlient_chk_only, group:

 

flag (80020): auth timeout_ext, flag2 (40): exact

 

 

 

 

group iD. 0, av group: 0

 —- 1 listed, 0 filtered ——

 

Based on this output, which of the following statements is correct?

 

A.

Firewall policy 9 has endpoint compliance enabled but not firewall authentication.

B.

The client check that is part of an SSL VPN connection attempt failed.

C.

This user has been associated with a guest profile as evidenced by the group id of 0.

D.

An auth-keepalive value has been enabled.

 

Answer: A

 

 

QUESTION 51  (Topic 2)

 

A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office.

 

The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers.

 

What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?

 

A.

Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

B.

Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.

C.

Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.

D.

Dynamic routing protocols cannot be used over IPSec VPN tunnels.

 

Answer: A

 

 

QUESTION 52  (Topic 2)

 

A FortiClient fails to establish a VPN tunnel with a FortiGate unit.

 

 

 

 

The following information is displayed in the FortiGate unit logs:

 

msg=”Initiator: sent 192.168.11.101 main mode message #1 (OK)”

 

msg=”Initiator: sent 192.168.11.101 main mode message #2 (OK)”

 

msg=”Initiator: sent 192.168.11.101 main mode message #3 (OK)”

 

msg=”Initiator: parsed 192.168.11.101 main mode message #3 (DONE)”

 

msg=”Initiator: sent 192.168.11.101 quick mode message #1 (OK)”

 

msg=”Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa”

 

msg=”Initiator: sent 192.168.11.101 quick mode message #2 (DONE)”

 

msg=”Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5″

 

msg=”Failed to acquire an IP address

 

Which of the following statements is a possible cause for the failure to establish the VPN tunnel?

 

A.

An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.

B.

There is no IPSec firewall policy configured for the policy-based VPN.

C.

There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.

D.

The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.

 

Answer: A

 

 

QUESTION 53  (Topic 2)

 

When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option.

 

What is a valid reason for using the Full Search option, instead?

 

A.

The search items you are looking for are not contained in indexed log fields.

B.

A quick search only searches data received within the last 24 hours.

C.

You want the search to include the FortiAnalyzer’s local logs.

D.

You want the search to include content archive data as well.

 

 

 

 

 

Answer: A

 

Free VCE & PDF File for Fortinet FCNSP.v5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …