Exam Code: NSE5 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 5 Written Exam (500)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE5 Exam.
2026 New NSE5 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/NSE5/
Q1. - (Topic 3)
A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office.
The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers.
What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?
A. Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
B. Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
C. Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.
D. Dynamic routing protocols cannot be used over IPSec VPN tunnels.
Answer: A
Q2. - (Topic 1)
Which of the following statements correctly describes how a FortiGate unit functions in Transparent mode?
A. To manage the FortiGate unit, one of the interfaces must be designated as the management interface. This interface may not be used for forwarding data.
B. An IP address is used to manage the FortiGate unit but this IP address is not associated with a specific interface.
C. The FortiGate unit must use public IP addresses on the internal and external networks.
D. The FortiGate unit uses private IP addresses on the internal network but hides them using address translation.
Answer: B
Q3. - (Topic 2)
With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent.
If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.)
A. The login event is sent to the Collector Agent.
B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller.
C. The Collector Agent performs the DNS lookup for the authenticated client’s IP address.
D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent.
Answer: A,C
Q4. - (Topic 1)
In which order are firewall policies processed on the FortiGate unit?
A. They are processed from the top down according to their sequence number.
B. They are processed based on the policy ID number shown in the left hand column of the policy window.
C. They are processed on best match.
D. They are processed based on a priority value assigned through the priority column in the policy window.
Answer: A
Q5. - (Topic 1)
Which of the following methods can be used to access the CLI? (Select all that apply.) A. By using a direct connection to a serial console.
B. By using the CLI console window in Web Config.
C. By using an SSH connection.
D. By using a Telnet connection.
Answer: A,B,C,D
Q6. - (Topic 2)
Review the output of the command get router info routing-table database shown in the Exhibit below; then answer the question following it.
Which of the following statements are correct regarding this output? (Select all that apply).
A. There will be six routes in the routing table.
B. There will be seven routes in the routing table.
C. There will be two default routes in the routing table.
D. There will be two routes for the 10.0.2.0/24 subnet in the routing table.
Answer: A,C
Q7. - (Topic 2)
Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 10
set device port1
next
edit 2
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 20
set device port2
next
end
Which of the following statements correctly describes the static routing configuration provided above?
A. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.
B. The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.
D. Only the route that is using port1 will show up in the routing table.
Answer: C
Q8. - (Topic 1)
Which of the following authentication types are supported by FortiGate units? (Select all that apply.)
A. Kerberos
B. LDAP
C. RADIUS
D. Local Users
Answer: B,C,D
Q9. - (Topic 1)
Which of the following statements best describes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?
A. The proxy will not allow a file to be transmitted in multiple streams simultaneously.
B. The proxy sends the file to the server while simultaneously buffering it.
C. If the file being scanned is determined to be infected, the proxy deletes it from the server by sending a delete command on behalf of the client.
D. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.
Answer: A
Q10. - (Topic 1)
Which of the following network protocols can be used to access a FortiGate unit as an administrator?
A. HTTPS, HTTP, SSH, TELNET, PING, SNMP
B. FTP, HTTPS, NNTP, TCP, WINS
C. HTTP, NNTP, SMTP, DHCP
D. Telnet, FTP, RLOGIN, HTTP, HTTPS, DDNS
E. Telnet, UDP, NNTP, SMTP
Answer: A