Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 2, Volume B part 03

September 25, 2015

Ensurepass

QUESTION 141  (Topic 2)

 

Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)

 

A.

SNMP

B.

IPSec

C.

SMTP

D.

POP3

E.

HTTP

 

Answer: CDE

 

 

 

QUESTION 142  (Topic 2)

 

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.

 

config router static

 

edit 1

 

set dst 172.20.168.0 255.255.255.0

 

set distance 20

 

set priority 10

 

set device port1

 

next

 

edit 2

 

set dst 172.20.168.0 255.255.255.0

 

set distance 20

 

set priority 20

 

set device port2

 

next

 

end

 

Which of the following statements correctly describes the static routing configuration provided above?

 

A.

The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.

B.

The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.

C.

The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.

D.

Only the route that is using port1 will show up in the routing table.

 

Answer: C

 

 

 

QUESTION 143  (Topic 2)

 

In HA, the option Reserve Management Port for Cluster Member is selected as shown in the Exhibit below.

 

clip_image002

 

Which of the following statements are correct regarding this setting? (Select all that apply.)

 

A.

Interface settings on port7 will not be synchronized with other cluster members.

B.

The IP address assigned to this interface must not overlap with the IP address subnet assigned to another interface.

C.

Port7 appears in the routing table.

D.

A gateway address may be configured for port7.

E.

When connecting to port7 you always connect to the master device.

 

Answer: AD

 

 

QUESTION 144  (Topic 2)

 

Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it.

 

 

 

 

 

clip_image004

 

Which of the following statements are correct regarding this configuration? (Select all that apply).

 

A.

The Phase 2 will re-key even if there is no traffic.

B.

There will be a DH exchange for each re-key.

C.

The sequence number of ESP packets received from the peer will not be checked.

D.

Quick mode selectors will default to those used in the firewall policy.

 

Answer: AB

 

 

QUESTION 145  (Topic 2)

 

Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of ‘diag sys session stat’ for the STUDENT device. Exhibit B shows the command output of ‘diag sys session stat’ for the REMOTE device.

 

Exhibit A:

 

 

 

 

 

clip_image006

 

Exhibit B:

 

clip_image008

 

Given the information provided in the exhibits, which of the following statements are correct? (Select all that apply.)

 

A.

STUDENT is likely to be the master device.

B.

Session-pickup is likely to be enabled.

C.

The cluster mode is definitely Active-Passive.

D.

There is not enough information to determine the cluster mode.

 

Answer: AD

 

 

 

QUESTION 146  (Topic 2)

 

Identify the statement which correctly describes the output of the following command:

 

diagnose ips anomaly list

 

A.

Lists the configured DoS policy.

B.

List the real-time counters for the configured DoS policy.

C.

Lists the errors captured when compiling the DoS policy.

 

Answer: B

 

 

QUESTION 147  (Topic 2)

 

Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)

 

A.

They both create separate broadcast domains.

B.

Port Pairing works only for physical interfaces.

C.

Forwarding Domains only apply to virtual interfaces.

D.

They may contain physical and/or virtual interfaces.

E.

They are only available in high-end models.

 

Answer: AD

 

 

QUESTION 148  (Topic 2)

 

Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it.

 

 

 

 

 

clip_image010

 

Which one of the following statements correctly describes this output?

 

A.

The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings.

B.

The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup.

C.

OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used.

D.

172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24.

 

Answer: A

 

 

QUESTION 149  (Topic 2)

 

For Data Leak Prevention, which of the following describes the difference between the block and quarantine actions?

 

A.

A block action prevents the transaction. A quarantine action blocks all future transactions, regardless of the protocol.

B.

A block action prevents the transaction. A quarantine action archives the data.

C.

A block action has a finite duration. A quarantine action must be removed by an administrator.

D.

A block action is used for known users. A quarantine action is used for unknown users.

 

Answer: A

 

 

 

QUESTION 150  (Topic 2)

 

In Transparent Mode, forward-domain is an attribute of ______________.

 

A.

an interface

B.

a firewall policy

C.

a static route

D.

a virtual domain

 

Answer: A

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …