Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 01

September 25, 2015

Ensurepass

QUESTION 163  (Topic 3)

 

The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules.

 

Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.)

 

A.

Encrypted protocols can be scanned through the use of the SSL proxy.

B.

DLP rules can be used to block the transmission of encrypted files.

C.

Firewall authentication can be enabled in the firewall policy, preventing the use of encrypted communications channels.

D.

Application control can be used to monitor the use of encrypted protocols; alerts can be sent to the administrator through email when the use of encrypted protocols is attempted.

 

Answer: ABD

 

 

 

QUESTION 164  (Topic 3)

 

An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor,

 

clip_image002

 

the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit.

 

Which of the following is the best explanation for the Ban Sender action NOT being available?

 

A.

The Ban Sender action is never available for FTP traffic.

B.

The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.

C.

Firewall policy authentication is required before the Ban Sender action becomes available.

D.

The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.

 

Answer: A

 

 

QUESTION 165  (Topic 3)

 

Which of the following statements is correct about configuring web filtering overrides?

 

 

 

 

 

A.

The Override option for FortiGuard Web Filtering is available for any user group type.

B.

Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor.

C.

The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.

D.

Using Web Filtering Overrides requires the use of Firewall Policy Authentication.

 

Answer: C

 

 

QUESTION 166  (Topic 3)

 

A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the AntiVirus and Email Filter profiles applied to this policy.

 

clip_image004

 

clip_image006

 

What is the correct behavior when the email attachment is detected as a virus by the

 

 

 

 

FortiGate AntiVirus engine?

 

A.

The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected.

B.

The FortiGate unit will reject the infected email and notify both the sender and recipient.

C.

The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed.

D.

The FortiGate unit will reject the infected email and notify the sender.

 

Answer: A

 

 

QUESTION 167  (Topic 3)

 

Which spam filter is not available on a FortiGate device?

 

A.

Sender IP reputation database

B.

URLs included in the body of known SPAM messages.

C.

Email addresses included in the body of known SPAM messages.

D.

Spam object checksums

E.

Spam grey listing

 

Answer: E

 

 

QUESTION 168  (Topic 3)

 

An administrator is examining the attack logs and notices the following entry:

 

device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect- servers ref=http://www.fortinet.com/ids/VID100663402 msg=”anomaly: tcp_src_session, 2 > threshold 1″ policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A

 

Based solely upon this log message, which of the following statements is correct?

 

A.

This attack was blocked by the HTTP protocol decoder.

B.

This attack was caught by the DoS sensor “protect-servers”.

 

 

 

 

C.

This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit.

D.

The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold.

 

Answer: B

 

 

QUESTION 169  (Topic 3)

 

When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions?

 

A.

Static

B.

Round robin

C.

Weighted round robin

D.

Least connected

 

Answer: A

 

 

QUESTION 170  (Topic 3)

 

Which of the following DLP actions will always be performed if it is selected?

 

A.

Archive

B.

Quarantine Interface

C.

Ban Sender

D.

Block

E.

None

F.

Ban

G.

Quarantine IP Address

 

Answer: A

 

 

QUESTION 171  (Topic 3)

 

An administrator is examining the attack logs and notices the following entry:

 

 

 

 

type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192.168.1.100 src_port=80 dst_port=4887 src_int=wlan dst_int=internal status=detected proto=6 service=4887/tcp user=N/A group=N/A msg=web_client: IE.IFRAME.BufferOverflow.B

 

Based on the information displayed in this entry, which of the following statements are correct? (Select all that apply.)

 

A.

This is an HTTP server attack.

B.

The attack was detected and blocked by the FortiGate unit.

C.

The attack was against a FortiGate unit at the 192.168.1.100 IP address.

D.

The attack was detected and passed by the FortiGate unit.

 

Answer: CD

 

 

QUESTION 172  (Topic 3)

 

An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down.

 

Which of the following statements best describes how to resolve this issue?

 

A.

This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user’s web portal.

B.

This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface.

C.

Check the SSL adaptor on the host machine. If necessary, uninstall and reinstall the adaptor from the tunnel mode portal.

D.

Make sure that only Internet Explorer is used. All other browsers are unsupported.

 

Answer: B

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …