Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 03

September 25, 2015

Ensurepass

QUESTION 21  (Topic 1)

 

 

 

 

Which statement is correct regarding virus scanning on a FortiGate unit?

 

A.

Virus scanning is enabled by default.

B.

Fortinet Customer Support enables virus scanning remotely for you.

C.

Virus scanning must be enabled in a UTM security profile and the UTM security profile must be assigned to a firewall policy.

D.

Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through the FortiGate device.

 

Answer: C

 

 

QUESTION 22  (Topic 1)

 

Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?

 

A.

The FortiGate unit applies NAT to all traffic.

B.

The FortiGate unit functions as a Layer 3 device.

C.

The FortiGate unit functions as a Layer 2 device.

D.

The FortiGate unit functions as a router and the firewall function is disabled.

 

Answer: B

 

 

QUESTION 23  (Topic 1)

 

A FortiGate 60 unit is configured for your small office. The DMZ interface is connected to a network containing a web server and email server. The Internal interface is connected to a network containing 10 user workstations and the WAN1 interface is connected to your ISP.

 

You want to configure firewall policies so that your users can send and receive email messages to the email server on the DMZ network. You also want the email server to be able to retrieve email messages from an email server hosted by your ISP using the POP3 protocol.

 

Which policies must be created for this communication? (Select all that apply.)

 

A.

Internal > DMZ

B.

DMZ > Internal

 

 

 

 

C.

Internal > WAN1

D.

WAN1 > Internal

E.

DMZ > WAN1

F.

WAN1 > DMZ

 

Answer: AE

 

 

QUESTION 24  (Topic 1)

 

When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge.

 

Select all supported protocols from the following:

 

A.

SMTP

B.

SSH

C.

HTTP

D.

FTP

E.

SCP

 

Answer: CD

 

 

QUESTION 25  (Topic 1)

 

Which of the statements below are true regarding firewall policy disclaimers? (Select all that apply.)

 

A.

User must accept the disclaimer to proceed with the authentication process.

B.

The disclaimer page is customizable.

C.

The disclaimer cannot be used in combination with user authentication.

D.

The disclaimer can only be applied to wireless interfaces.

 

Answer: AB

 

 

QUESTION 26  (Topic 1)

 

Users may require access to a web site that is blocked by a policy. Administrators can give

 

 

 

 

users the ability to override the block. Which of the following statements regarding overrides is NOT correct?

 

A.

A web filter profile may only have one user group defined as an override group.

B.

A firewall user group can be used to provide override privileges for FortiGuard Web Filtering.

C.

When requesting an override, the matched user must belong to a user group for which the override capabilty has been enabled.

D.

Overrides can be allowed by the administrator for a specific period of time.

 

Answer: A

 

 

QUESTION 27  (Topic 1)

 

Which of the following statements regarding the firewall policy authentication timeout is true?

 

A.

The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source IP.

B.

The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source IP after this timer has expired.

C.

The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source MAC.

D.

The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source MAC after this timer has expired.

 

Answer: A

 

 

QUESTION 28  (Topic 1)

 

Which of the following products can be installed on a computer running Windows XP to provide personal firewall protection, antivirus protection, web and mail filtering, spam filtering, and VPN functionality?

 

A.

FortiGate

B.

FortiAnalyzer

C.

FortiClient

D.

FortiManager

 

 

 

 

E.

FortiReporter

 

Answer: C

 

 

QUESTION 29  (Topic 1)

 

In NAT/Route mode when there is no matching firewall policy for traffic to be forwarded by the Firewall, which of the following statements describes the action taken on traffic?

 

A.

The traffic is blocked.

B.

The traffic is passed.

C.

The traffic is passed and logged.

D.

The traffic is blocked and logged.

 

Answer: A

 

 

QUESTION 30  (Topic 1)

 

Which of the following statements describes the method of creating a policy to block access to an FTP site?

 

A.

Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list.

B.

Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny.

C.

Create a firewall policy with a protection profile containing the Block FTP option enabled.

D.

None of the above.

 

Answer: B

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …