Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 04

September 25, 2015

Ensurepass

QUESTION 193  (Topic 3)

 

 

 

 

A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.

 

Which of the following items would an administrator logging in using this account NOT be able to configure?

 

A.

Firewall addresses

B.

DHCP servers

C.

FortiGuard Distribution Network configuration

D.

PPTP VPN configuration

 

Answer: C

 

 

QUESTION 194  (Topic 3)

 

In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?

 

A.

Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server

B.

Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server

C.

Request: Internal Host -> Slave FG -> Internet -> Web Server

D.

Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server

 

Answer: A

 

 

QUESTION 195  (Topic 3)

 

Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?

 

A.

The FortiGate unit receives periodic “Here I am” messages from the web cache.

B.

The FortiGate unit polls all globally-defined web cache servers at a regular intervals.

C.

The FortiGate using uses the health check monitor to verify the availability of a web cache server.

D.

The web cache sends an “I see you” message which is captured by the FortiGate unit.

 

Answer: C

 

 

 

QUESTION 196  (Topic 3)

 

A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM.

 

What would be a possible cause for this problem?

 

A.

The dmz interface is referenced in the configuration of another VDOM.

B.

The administrator does not have the proper permissions to reassign the dmz interface.

C.

Non-management VDOMs can not reference physical interfaces.

D.

The dmz interface is in PPPoE or DHCP mode.

E.

Reassigning an interface to a different VDOM can only be done through the CLI.

 

Answer: A

 

 

QUESTION 197  (Topic 3)

 

An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121.

 

Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message.

 

Which of the following statements represents the best solution to this problem?

 

A.

Create a new session helper for the FTP service monitoring port 2121.

B.

Enable the ANY service in the firewall policies for both incoming and outgoing traffic.

C.

Place the client and server interface in the same zone and enable intra-zone traffic.

D.

Disable any protection profiles being applied to FTP traffic.

 

Answer: A

 

 

QUESTION 198  (Topic 3)

 

A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit.

 

 

 

 

 

clip_image002

 

Which of the following statements best describes the reason why the FortiGate 60B unit is unable to archive data to the FortiAnalyzer unit?

 

A.

The FortiGate unit is considered an unregistered device.

B.

The FortiGate unit has been blocked from sending archive data to the FortiAnalyzer device by the administrator.

C.

The FortiGate unit has insufficient privileges. The administrator should edit the device entry in the FortiAnalyzer and modify the privileges.

D.

The FortiGate unit is being treated as a syslog device and is only permitted to send log data.

 

Answer: A

 

 

QUESTION 199  (Topic 3)

 

Which of the following features could be used by an administrator to block FTP uploads while still allowing FTP downloads?

 

A.

Anti-Virus File-Type Blocking

B.

Data Leak Prevention

C.

Network Admission Control

D.

FortiClient Check

 

Answer: B

 

 

QUESTION 200  (Topic 3)

 

Which of the following Session TTL values will take precedence?

 

A.

Session TTL specified at the system level for that port number

B.

Session TTL specified in the matching firewall policy

C.

Session TTL dictated by the application control list associated with the matching firewall policy

 

 

 

 

D.

The default session TTL specified at the system level

 

Answer: C

 

 

QUESTION 201  (Topic 3)

 

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)?

 

A.

The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors.

B.

The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors.

C.

At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options.

D.

The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings.

E.

At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options.

 

Answer: C

 

 

QUESTION 202  (Topic 3)

 

Which of the following statements is correct based on the firewall configuration illustrated in the exhibit?

 

clip_image004

 

A.

A user can access the Internet using only the protocols that are supported by user authentication.

B.

A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access.

 

 

 

 

C.

A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services.

D.

A user cannot access the Internet using any protocols unless the user has passed firewall authentication.

 

Answer: D

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …