The Down to date Guide To NSE5 exam

Q1. - (Topic 2) 

Shown below is a section of output from the debug command diag ip arp list. 

index=2 ifname=port1 172.20.187.150 00:09:0f:69:03:7e state=00000004 use=4589 confirm=4589 update=2422 ref=1 

In the output provided, which of the following best describes the IP address 172.20.187.150? 

A. It is the primary IP address of the port1 interface. 

B. It is one of the secondary IP addresses of the port1 interface. 

C. It is the IP address of another network device located in the same LAN segment as the FortiGate unit’s port1 interface. 

View Answer

Q2. - (Topic 3) 

The Host Check feature can be enabled on the FortiGate unit for SSL VPN connections. 

When this feature is enabled, the FortiGate unit probes the remote host computer to verify that it is "safe" before access is granted. 

Which of the following items is NOT an option as part of the Host Check feature? 

A. FortiClient Antivirus software 

B. Microsoft Windows Firewall software 

C. FortiClient Firewall software 

D. Third-party Antivirus software 

View Answer

Q3. - (Topic 2) 

Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it. 

Which one of the following statements correctly describes this output? 

A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings. 

B. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup. 

C. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used. 

D. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24. 

View Answer

Q4. - (Topic 2) 

Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below. 

Which of the following statements are correct regarding this output? (Select all that apply.) 

A. The connecting client has been allocated address 172.20.1.1. 

B. In the Phase 1 settings, dead peer detection is enabled. 

C. The tunnel is idle. 

D. The connecting client has been allocated address 10.200.3.1. 

View Answer

Q5. - (Topic 1) 

Which of the following statements describes the method of creating a policy to block access to an FTP site? 

A. Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list. 

B. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny. 

C. Create a firewall policy with a protection profile containing the Block FTP option enabled. 

D. None of the above. 

View Answer

Q6. - (Topic 1) 

Which of the following methods can be used to access the CLI? (Select all that apply.) 

A. By using a direct connection to a serial console. 

B. By using the CLI console window in the GUI. 

C. By using an SSH connection. 

D. By using a Telnet connection. 

View Answer

Q7. - (Topic 3) 

A FortiGate administrator configures a Virtual Domain (VDOM) for a new customer. After creating the VDOM, the administrator is unable to reassign the dmz interface to the new VDOM as the option is greyed out in Web Config in the management VDOM. 

What would be a possible cause for this problem? 

A. The dmz interface is referenced in the configuration of another VDOM. 

B. The administrator does not have the proper permissions to reassign the dmz interface. 

C. Non-management VDOMs can not reference physical interfaces. 

D. The dmz interface is in PPPoE or DHCP mode. 

E. Reassigning an interface to a different VDOM can only be done through the CLI. 

View Answer

Q8. - (Topic 3) 

An administrator is examining the attack logs and notices the following entry: 

device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect-servers ref=http://www.fortinet.com/ids/VID100663402 msg="anomaly: tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A 

Based solely upon this log message, which of the following statements is correct? 

A. This attack was blocked by the HTTP protocol decoder. 

B. This attack was caught by the DoS sensor "protect-servers". 

C. This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit. 

D. The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold. 

View Answer

Q9. - (Topic 3) 

An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform? 

A. They can delete logged-in users who are also assigned the super_admin access profile. 

B. They can make changes to the super_admin profile. 

C. They can delete the admin account if the default admin user is not logged in. 

D. They can view all the system configuration settings but can not make changes. 

E. They can access configuration options for only the VDOMs to which they have been assigned. 

View Answer

Q10. - (Topic 3) 

When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit. 

Which of the following statements is correct regarding this entry? 

A. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule. 

B. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature. 

This client is banned from receiving or sending any traffic through the FortiGate. 

C. The entry displays a quarantine, which could have been added by either IPS or DLP. 

D. This entry displays a ban entry that was added manually by the administrator on June11th. 

View Answer