Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 05

September 25, 2015

Ensurepass

 

QUESTION 203  (Topic 3)

 

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.

 

The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI.

 

C:\>ping 10.0.1.1

 

Pinging 10.0.1.1 with 32 bytes of data:

 

Reply from 10.0.1.1: bytes=32 time=1ms TTL=255

 

Reply from 10.0.1.1: bytes=32 time<1ms TTL=255

 

Reply from 10.0.1.1: bytes=32 time<1ms TTL=255

 

Reply from 10.0.1.1: bytes=32 time<1ms TTL=255

 

user1 # get system interface

 

== [ internal ]

 

namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up

 

netbios-forwarD. disable typE. physical mtu-overridE. disable

 

== [ vlan1 ]

 

namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb

 

ios-forwarD. disable typE. vlan mtu-overridE. disable

 

user1 # diagnose debug flow trace start 100

 

 

 

 

user1 # diagnose debug ena

 

user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1

 

id=20085 trace_id=274 msg=”vd-root received a packet(proto=6, 10.0.1.130:47927- >10.0.1.1:443) from internal.”

 

id=20085 trace_id=274 msg=”allocate a new session-00000b1b”

 

id=20085 trace_id=274 msg=”find SNAT: IP-10.0.1.1, port-43798″

 

id=20085 trace_id=274 msg=”iprope_in_check() check failed, drop”

 

Based on the output from these commands, which of the following explanations is a possible cause of the problem?

 

A.

The Fortigate unit has no route back to the PC.

B.

The PC has an IP address in the wrong subnet.

C.

The PC is using an incorrect default gateway IP address.

D.

The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface.

E.

There is no firewall policy allowing traffic from INTERNAL-> VLAN1.

 

Answer: D

 

 

QUESTION 204  (Topic 3)

 

An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report.

 

Which of the following statements best describes how to do this?

 

A.

In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.

B.

Add the following entry to the Generic Field section of the Data Filter: service=”!smtp”.

C.

When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.

D.

When editing the chart, enter ‘dns’ in the Exclude Service field.

 

Answer: A

 

 

QUESTION 205  (Topic 3)

 

 

 

 

Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met.

 

Considering this, which of the following statements is NOT correct?

 

A.

On a FortiGate device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.

B.

On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.

C.

Only a FortiAnalyzer device can send the alert notification in the form of a syslog message.

D.

Both the FortiGate and FortiAnalyzer devices can send alert notifications in the form of an email alert.

 

Answer: B

 

 

QUESTION 206  (Topic 3)

 

Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?

 

A.

TCP connection

B.

File attachments

C.

Message headers

D.

Message body

 

Answer: A

 

 

QUESTION 207  (Topic 3)

 

Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?

 

A.

Antivirus scanning provides end-to-end virus protection for client workstations.

B.

Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols.

C.

Antivirus scanning supports banned word checking.

D.

Antivirus scanning supports grayware protection.

 

 

 

 

 

Answer: D

 

 

QUESTION 208  (Topic 3)

 

You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route.

 

Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)

 

A.

Create one firewall policy.

B.

Create two firewall policies.

C.

Add a route for the remote subnet.

D.

Add a route for incoming traffic.

E.

Create a phase 1 definition.

F.

Create a phase 2 definition.

 

Answer: BCEF

 

 

QUESTION 209  (Topic 3)

 

Which of the following DLP actions will override any other action?

 

A.

Exempt

B.

Quarantine Interface

C.

Block

D.

None

 

Answer: A

 

 

QUESTION 210  (Topic 3)

 

Which of the following statements is correct regarding the NAC Quarantine feature?

 

 

 

 

 

A.

With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP.

B.

NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate.

C.

NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.

D.

If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine.

 

Answer: C

 

 

QUESTION 211  (Topic 3)

 

What advantages are there in using a fully Meshed IPSec VPN configuration instead of a hub and spoke set of IPSec tunnels?

 

A.

Using a hub and spoke topology is required to achieve full redundancy.

B.

Using a full mesh topology simplifies configuration.

C.

Using a full mesh topology provides stronger encryption.

D.

Full mesh topology is the most fault-tolerant configuration.

 

Answer: D

 

 

QUESTION 212  (Topic 3)

 

A FortiClient fails to establish a VPN tunnel with a FortiGate unit.

 

The following information is displayed in the FortiGate unit logs:

 

msg=”Initiator: sent 192.168.11.101 main mode message #1 (OK)”

 

msg=”Initiator: sent 192.168.11.101 main mode message #2 (OK)”

 

msg=”Initiator: sent 192.168.11.101 main mode message #3 (OK)”

 

msg=”Initiator: parsed 192.168.11.101 main mode message #3 (DONE)”

 

msg=”Initiator: sent 192.168.11.101 quick mode message #1 (OK)”

 

msg=”Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa”

 

 

 

 

msg=”Initiator: sent 192.168.11.101 quick mode message #2 (DONE)”

 

msg=”Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5″

 

msg=”Failed to acquire an IP address

 

Which of the following statements is a possible cause for the failure to establish the VPN tunnel?

 

A.

An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.

B.

There is no IPSec firewall policy configured for the policy-based VPN.

C.

There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.

D.

The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.

 

Answer: A

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …