NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 141-150

By on May 8, 2016
EnsurepassQUESTION 141 Review the IKE debug output for IPsec shown in the Exhibit below. Which one of the following statements is correct regarding this output?     A. The output is a Phase 1 negotiation. B. The output is a Phase 2 negotiation. C. The output captures the Dead Peer Detection messages. D. The output captures the Dead Gateway Detection packets.   Correct Answer: C     QUESTION 142 In Transparent Mode, forward-domain is an attribute of ______________. Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 151-160

By on
EnsurepassQUESTION 151 Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.)   A. The device this command is executed on is likely to switch from master to slave status if master override is disabled. B. The device this command is executed on is likely to switch from master to slave status if master override is enabled. C. This command has no impact on the HA algorithm. D. This command resets the uptime variable Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 121-130

By on
EnsurepassQUESTION 121 Two devices are in an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'diag sys session stat' for the STUDENT device. Exhibit B shows the command output of 'diag sys session stat' for the REMOTE device.   Exhibit A:   Exhibit B:   Given the information provided in the exhibits, which of the following statements are correct? (Select all that apply.)   A. STUDENT is likely to be the master device. B. Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 131-140

By on
EnsurepassQUESTION 131 Review the IPsec Phase2 configuration shown in the Exhibit; then answer the question following it. Which of the following statements are correct regarding this configuration? (Select all that apply).     A. The Phase 2 will re-key even if there is no traffic. B. There will be a DH exchange for each re-key. C. The sequence number of ESP packets received from the peer will not be checked. D. Quick mode selectors will default to those used in the firewall Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 111-120

By on
EnsurepassQUESTION 111 Which of the following network protocols can be used to access a FortiGate unit as an administrator?   A. HTTPS, HTTP, SSH, TELNET, PING, SNMP B. FTP, HTTPS, NNTP, TCP, WINS C. HTTP, NNTP, SMTP, DHCP D. Telnet, FTP, RLOGIN, HTTP, HTTPS, DDNS E. Telnet, UDP, NNTP, SMTP   Correct Answer: A     QUESTION 112 An end user logs into the SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 101-110

By on
EnsurepassQUESTION 101 You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route. Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)   A. Create one firewall policy. B. Create Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 91-100

By on
EnsurepassQUESTION 91 UTM features can be applied to which of the following items?   A. Firewall policies B. User groups C. Policy routes D. Address groups   Correct Answer: A     QUESTION 92 Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)   A. Firewall B. Directory Service C. Local D. LDAP E. PKI   Correct Answer: AB   QUESTION 93 Which Fortinet products & features Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 81-90

By on
EnsurepassQUESTION 81 Which of the following statements correctly describes how a FortiGate unit functions in Transparent mode?   A. To manage the FortiGate unit, one of the interfaces must be designated as the management interface. This interface may not be used for forwarding data. B. An IP address is used to manage the FortiGate unit but this IP address is not associated with a specific interface. C. The FortiGate unit must use public IP addresses on the internal and external networks. Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 71-80

By on
EnsurepassQUESTION 71 The command structure of the CLI on a FortiGate unit consists of commands, objects, branches, tables and parameters. Which of the following items describes port1?   A. A command. B. An object. C. A table. D. A parameter.   Correct Answer: C     QUESTION 72 How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side?   A. A static route must be configured by the administrator using the ssl.root interface as the outgoing Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 61-70

By on
EnsurepassQUESTION 61 Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode?   A. The FortiGate unit requires only a single IP address for receiving updates and configuring from a management computer. B. The FortiGate unit must use public IP addresses on both the internal and external networks. C. The FortiGate unit commonly uses private IP addresses on the internal network but hides them using network address translation. D. The FortiGate Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 51-60

By on
EnsurepassQUESTION 51 Which of the following items is NOT a packet characteristic matched by a firewall service object?   A. ICMP type and code B. TCP/UDP source and destination ports C. IP protocol number D. TCP sequence number   Correct Answer: D QUESTION 52 Which of the following network protocols are supported for administrative access to a FortiGate unit?   A. HTTPS, HTTP, SSH, TELNET, PING, SNMP B. FTP, HTTPS, NNTP, TCP, WINS C. HTTP, NNTP, SMTP, DHCP Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 41-50

By on
EnsurepassQUESTION 41 In order to match an identity-based policy, the FortiGate unit checks the IP information. Once inside the policy, the following logic is followed:   A. First, a check is performed to determine if the user's login credentials are valid. Next, the user is checked to determine if they belong to any of the groups defined for that policy. Finally, user restrictions are determined and port, time, and UTM profiles are applied. B. First, user restrictions are determined Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 31-40

By on
EnsurepassQUESTION 31 Which of the following antivirus and attack definition update features are supported by FortiGate units? (Select all that apply.)   A. Manual, user-initiated updates from the FortiGuard Distribution Network. B. Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FortiGuard Distribution Network. C. Push updates from the FortiGuard Distribution Network. D. Update status including version numbers, expiry dates, Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 21-30

By on
EnsurepassQUESTION 21 Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)   A. Domain Local Security Agent. B. Collector Agent. C. Active Directory Agent. D. User Authentication Agent. E. Domain Controller Agent.   Correct Answer: BE     QUESTION 22 Which of the following statements regarding the firewall policy authentication timeout is true?   A. The authentication timeout is Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 11-20

By on
EnsurepassQUESTION 11 When creating administrative users, the assigned _____________determines user rights on the FortiGate unit.   Correct Answer: access profile     QUESTION 12 Which of the following are valid FortiGate device interface methods for handling DNS requests? (Select all that apply.)   A. Forward-only B. Non-recursive C. Recursive D. Iterative E. Conditional-forward   Correct Answer: ABC     QUESTION 13 Which of the following is true Read more [...]

Continue Reading

NSE5 Real Exam (May 2016)

[Free] Download Latest (May 2016) Fortinet NSE5 Real Exam 1-10

By on
EnsurepassQUESTION 1 Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.)   A. An IP address pool. B. A virtual IP address. C. An actual IP address or an IP address group. D. An FQDN or Geographic value(s).   Correct Answer: BCD     QUESTION 2 You wish to create a firewall policy that applies only to traffic intended for your web server. The server has an IP address of 192.168.2.2 Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 04

By on September 25, 2015
EnsurepassQUESTION 193  (Topic 3)         A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root.   Which of the following items would an administrator logging in using this account NOT be able to configure?   A. Firewall addresses B. DHCP servers C. FortiGuard Distribution Network configuration D. PPTP VPN configuration   Answer: C     QUESTION 194  (Topic Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 05

By on
Ensurepass  QUESTION 203  (Topic 3)   A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.   The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI.   C:\>ping 10.0.1.1   Pinging 10.0.1.1 with 32 bytes of data:   Reply from 10.0.1.1: Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 02

By on
EnsurepassQUESTION 173  (Topic 3)   When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option.         What is a valid reason for using the Full Search option, instead?   A. The search items you are looking for are not contained in indexed log fields. B. A quick search only searches data received within the last 24 hours. C. You want the search to include the FortiAnalyzer's local logs. D. You want Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 03

By on
EnsurepassQUESTION 183  (Topic 3)   When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit.     Which of the following statements is correct regarding this entry?   A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule. B. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature.         This client is banned Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 3, Volume C part 01

By on
EnsurepassQUESTION 163  (Topic 3)   The transfer of encrypted files or the use of encrypted protocols between users and servers on the internet can frustrate the efforts of administrators attempting to monitor traffic passing through the FortiGate unit and ensuring user compliance to corporate rules.   Which of the following items will allow the administrator to control the transfer of encrypted data through the FortiGate unit? (Select all that apply.)   A. Encrypted protocols Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 2, Volume B part 02

By on
EnsurepassQUESTION 131  (Topic 2)   Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below.     Which of the following statements are correct regarding this output? (Select all that apply.)   A. The connecting client has been allocated address 172.20.1.1.         B. In the Phase 1 settings, dead peer detection is enabled. C. The tunnel is idle. D. The connecting client has been allocated address Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 2, Volume B part 03

By on
EnsurepassQUESTION 141  (Topic 2)   Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)   A. SNMP B. IPSec C. SMTP D. POP3 E. HTTP   Answer: CDE       QUESTION 142  (Topic 2)   Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 2, Volume B part 01

By on
EnsurepassQUESTION 120  (Topic 2)   With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.   If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)           A. The login event is sent Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 06

By on
EnsurepassQUESTION 51 CORRECT TEXT  (Topic 1)   When creating administrative users, the assigned _____________determines user rights on the FortiGate unit.   A.   B.   C.   D.     Answer:     QUESTION 52  (Topic 1)   The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit's GUI and also using the CLI. The command used in the CLI to perform this function is ______ .   Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 07

By on
EnsurepassQUESTION 61  (Topic 1)   Which of the following antivirus and attack definition update features are supported by FortiGate units? (Select all that apply.)   A. Manual, user-initiated updates from the FortiGuard Distribution Network. B. Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FortiGuard Distribution Network. C. Push updates from the FortiGuard Distribution Network. D. Update status including version Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 03

By on
EnsurepassQUESTION 21  (Topic 1)         Which statement is correct regarding virus scanning on a FortiGate unit?   A. Virus scanning is enabled by default. B. Fortinet Customer Support enables virus scanning remotely for you. C. Virus scanning must be enabled in a UTM security profile and the UTM security profile must be assigned to a firewall policy. D. Enabling virus scanning in a UTM security profile enables virus scanning for all traffic flowing through Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 04

By on
EnsurepassQUESTION 31  (Topic 1)   An administrator wants to assign a set of UTM features to a group of users. Which of the following is the correct method for doing this?   A. Enable a set of unique UTM profiles under "Edit User Group". B. The administrator must enable the UTM profiles in an identity-based policy applicable to the user group.         C. When defining the UTM objects, the administrator must list the user groups which will use the UTM Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 05

By on
EnsurepassQUESTION 41  (Topic 1)   SSL content inspection is enabled on the FortiGate unit. Which of the following steps is required to prevent a user from being presented with a web browser warning when accessing an SSL-encrypted website?   A. The root certificate of the FortiGate SSL proxy must be imported into the local certificate store on the user's workstation. B. Disable the strict server certificate check in the web browser under Internet Options. C. Enable transparent Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 02

By on
Ensurepass  QUESTION 11  (Topic 1)   In order to match an identity-based policy, the FortiGate unit checks the IP information. Once inside the policy, the following logic is followed:   A. First, a check is performed to determine if the user's login credentials are valid. Next, the user is checked to determine if they belong to any of the groups defined for that policy. Finally, user restrictions are determined and port, time, and UTM profiles are applied. B. First, user Read more [...]

Continue Reading

NSE5 Examination questions (September)

Achieve New Updated (September) Fortinet NSE5 Examination questions Topic 1, Volume A part 01

By on
EnsurepassQUESTION 1  (Topic 1)   Which of the following authentication types are supported by FortiGate units? (Select all that apply.)   A. Kerberos B. LDAP C. RADIUS D. Local Users   Answer: BCD     QUESTION 2  (Topic 1)   Which of the following network protocols are supported for administrative access to a FortiGate unit?   A. HTTPS, HTTP, SSH, TELNET, PING, SNMP B. FTP, HTTPS, NNTP, TCP, WINS C. HTTP, NNTP, SMTP, DHCP D. Read more [...]

Continue Reading