Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 2, Volume B part 01

September 25, 2015

Ensurepass

QUESTION 120  (Topic 2)

 

With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.

 

If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)

 

 

 

 

 

A.

The login event is sent to the Collector Agent.

B.

The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.

C.

The Collector Agent performs the DNS lookup for the authenticated client’s IP address.

D.

The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.

 

Answer: AC

 

 

QUESTION 121  (Topic 2)

 

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway?

 

A.

A look-up is done only when the first packet coming from the client (SYN) arrives.

B.

A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives.

C.

A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK).

D.

A look-up is always done each time a packet arrives, from either the server or the client side.

 

Answer: B

 

 

QUESTION 122  (Topic 2)

 

Examine the exhibit shown below then answer the question that follows it.

 

clip_image002

 

Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:

 

 

 

 

 

A.

FortiGate unit’s encryption certificate used by the SSL proxy.

B.

FortiGate unit’s signing certificate used by the SSL proxy.

C.

FortiGuard’s signing certificate used by the SSL proxy.

D.

FortiGuard’s encryption certificate used by the SSL proxy.

 

Answer: A

 

 

QUESTION 123  (Topic 2)

 

What are the requirements for a cluster to maintain TCP connections after device or link failover? (Select all that apply.)

 

A.

Enable session pick-up.

B.

Only applies to connections handled by a proxy.

C.

Only applies to UDP and ICMP connections.

D.

Connections must not be handled by a proxy.

 

Answer: AD

 

 

QUESTION 124  (Topic 2)

 

Examine the Exhibit shown below; then answer the question following it.

 

clip_image004

 

In this scenario, the Fortigate unit in Ottawa has the following routing table:

 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2

 

C 172.20.167.0/24 is directly connected, port1

 

C 172.20.170.0/24 is directly connected, port2

 

 

 

 

Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets?

 

A.

The forward policy check.

B.

The reverse path forwarding check.

C.

The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit’s routing table.

D.

The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.

 

Answer: B

 

 

QUESTION 125  (Topic 2)

 

Examine the Exhibits shown below, then answer the question that follows.

 

Review the following DLP Sensor (Exhibit 1):

 

clip_image006

 

Review the following File Filter list for rule #1 (Exhibit 2):

 

clip_image008

 

Review the following File Filter list for rule #2 (Exhibit 3):

 

clip_image010

 

Review the following File Filter list for rule #3 (Exhibit 4):

 

clip_image012

 

 

 

 

An MP3 file is renamed to `workbook.exe’ and put into a ZIP archive. It is then sent through the FortiGate device over HTTP. It is intercepted and processed by the configuration shown in the above Exhibits 1-4.

 

Assuming the file is not too large for the File scanning threshold, what action will the FortiGate unit take?

 

A.

The file will be detected by rule #1 as an `Audio (mp3)’, a log entry will be created and it will be allowed to pass through.

B.

The file will be detected by rule #2 as a “*.exe”, a log entry will be created and the interface that received the traffic will be brought down.

C.

The file will be detected by rule #3 as an Archive(zip), blocked, and a log entry will be created.

D.

Nothing, the file will go undetected.

 

Answer: A

 

 

QUESTION 126  (Topic 2)

 

Which of the following statements correctly describe Transparent Mode operation? (Select all that apply.)

 

A.

The FortiGate unit acts as transparent bridge and routes traffic using Layer-2 forwarding.

B.

Ethernet packets are forwarded based on destination MAC addresses NOT IPs.

C.

The device is transparent to network hosts.

D.

Permits inline traffic inspection and firewalling without changing the IP scheme of the network.

E.

All interfaces must be on different IP subnets.

 

Answer: ABCD

 

 

QUESTION 127  (Topic 2)

 

How can DLP file filters be configured to detect Office 2010 files? (Select all that apply.)

 

A.

File TypE. Microsoft Office(msoffice)

B.

File TypE. Archive(zip)

C.

File TypE. Unknown Filetype(unknown)

D.

File NamE. “*.ppt”, “*.doc”, “*.xls”

 

 

 

 

E.

File NamE. “*.pptx”, “*.docx”, “*.xlsx”

 

Answer: BE

 

 

QUESTION 128  (Topic 2)

 

Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.)

 

A.

The device this command is executed on is likely to switch from master to slave status if master override is disabled.

B.

The device this command is executed on is likely to switch from master to slave status if master override is enabled.

C.

This command has no impact on the HA algorithm.

D.

This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

 

Answer: AD

 

 

QUESTION 129  (Topic 2)

 

Review the configuration for FortiClient IPsec shown in the Exhibit below.

 

clip_image014

 

 

 

 

Which of the following statements is correct regarding this configuration?

 

A.

The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object

B.

The connecting VPN client will install a default route

C.

The connecting VPN client will install a route to the 172.20.1.[1-5] address range

D.

The connecting VPN client will connect in web portal mode and no route will be installed

 

Answer: A

 

 

QUESTION 130  (Topic 2)

 

Identify the correct properties of a partial mesh VPN deployment:

 

A.

VPN tunnels interconnect between every single location.

B.

VPN tunnels are not configured between every single location.

C.

Some locations are reached via a hub location.

D.

There are no hub locations in a partial mesh.

 

Answer: BC

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …