Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 2, Volume B part 02

September 25, 2015

Ensurepass

QUESTION 131  (Topic 2)

 

Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below.

 

clip_image002

 

Which of the following statements are correct regarding this output? (Select all that apply.)

 

A.

The connecting client has been allocated address 172.20.1.1.

 

 

 

 

B.

In the Phase 1 settings, dead peer detection is enabled.

C.

The tunnel is idle.

D.

The connecting client has been allocated address 10.200.3.1.

 

Answer: AB

 

 

QUESTION 132  (Topic 2)

 

Which of the following statements are correct regarding virtual domains (VDOMs)? (Select all that apply.)

 

A.

VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.

B.

A management VDOM handles SNMP, logging, alert email, and FDN-based updates.

C.

VDOMs share firmware versions, as well as antivirus and IPS databases.

D.

Only administrative users with a ‘super_admin’ profile will be able to enter multiple VDOMs to make configuration changes.

 

Answer: ABC

 

 

QUESTION 133  (Topic 2)

 

Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.)

 

config ips sensor

 

edit “LINUX_SERVER”

 

set comment ”

 

set replacemsg-group ”

 

set log enable

 

config entries

 

edit 1

 

set action default

 

set application all

 

 

 

 

set location server

 

set log enable

 

set log-packet enable

 

set os Linux

 

set protocol all

 

set quarantine none

 

set severity all

 

set status default

 

next

 

end

 

next

 

end

 

A.

The sensor will log all server attacks for all operating systems.

B.

The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature.

C.

The sensor will match all traffic from the address object `LINUX_SERVER’.

D.

The sensor will reset all connections that match these signatures.

E.

The sensor only filters which IPS signatures to apply to the selected firewall policy.

 

Answer: BE

 

 

QUESTION 134  (Topic 2)

 

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of ‘show system ha’ for the STUDENT device. Exhibit B shows the command output of ‘show system ha’ for the REMOTE device.

 

Exhibit A:

 

 

 

 

 

clip_image004

 

Exhibit B

 

clip_image006

 

Which one of the following is the most likely reason that the cluster fails to form?

 

A.

Password

B.

HA mode

C.

Hearbeat

D.

Override

 

Answer: B

 

 

QUESTION 135  (Topic 2)

 

 

 

 

Review the static route configuration for IPsec shown in the Exhibit below; then answer the question following it.

 

clip_image008

 

Which of the following statements are correct regarding this configuration? (Select all that apply).

 

A.

Remote_1 is a Phase 1 object with interface mode enabled

B.

The gateway address is not required because the interface is a point-to-point connection

C.

The gateway address is not required because the default route is used

D.

Remote_1 is a firewall zone

 

Answer: AB

 

 

QUESTION 136  (Topic 2)

 

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.

 

Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.)

 

A.

An FSSO Collector Agent must be installed on every domain controller.

B.

An FSSO Domain Controller Agent must be installed on every domain controller.

C.

The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit.

D.

The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.

E.

For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client.

 

 

 

 

 

Answer: BD

 

 

QUESTION 137  (Topic 2)

 

Select the answer that describes what the CLI command diag debug authd fsso list is used for.

 

A.

Monitors communications between the FSSO Collector Agent and FortiGate unit.

B.

Displays which users are currently logged on using FSSO.

C.

Displays a listing of all connected FSSO Collector Agents.

D.

Lists all DC Agents installed on all Domain Controllers.

 

Answer: B

 

 

QUESTION 138  (Topic 2)

 

Examine the following log message for IPS and identify the valid responses below. (Select all that apply.)

 

2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity=”critical” src=”192.168.3.168″ dst=”192.168.3.170″ src_int=”port2″ serial=0 status=”detected” proto=1 service=”icmp” count=1 attack_name=”icmp_flood” icmp_id=”0xa8a4″ icmp_type=”0x08″ icmp_code=”0x00″ attack_id=16777316 sensor=”1″ ref=”http://www.fortinet.com/ids/VID16777316″ msg=”anomaly: icmp_flood, 51 > threshold 50″

 

A.

The target is 192.168.3.168.

B.

The target is 192.168.3.170.

C.

The attack was detected and blocked.

D.

The attack was detected only.

E.

The attack was TCP based.

 

Answer: BD

 

 

QUESTION 139  (Topic 2)

 

Review the IKE debug output for IPsec shown in the Exhibit below.

 

 

 

 

 

clip_image010

 

Which one of the following statements is correct regarding this output?

 

A.

The output is a Phase 1 negotiation.

B.

The output is a Phase 2 negotiation.

C.

The output captures the Dead Peer Detection messages.

D.

The output captures the Dead Gateway Detection packets.

 

Answer: C

 

 

QUESTION 140  (Topic 2)

 

Which of the following statements are correct regarding Application Control?

 

A.

Application Control is based on the IPS engine.

B.

Application Control is based on the AV engine.

C.

Application Control can be applied to SSL encrypted traffic.

D.

Application Control cannot be applied to SSL encrypted traffic.

 

Answer: AC

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …