Proper study guides for Update Fortinet Fortinet Network Security Expert 5 Written Exam (500) certified begins with Fortinet NSE5 preparation products which designed to deliver the Breathing NSE5 questions by making you pass the NSE5 test at your first time. Try the free NSE5 demo right now.
2026 New NSE5 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/NSE5/
Q1. - (Topic 1)
A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode.
Which one of the following statements is correct regarding the use of web-only mode SSL VPN?
A. Web-only mode supports SSL version 3 only.
B. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN.
C. Web-only mode requires the user to have a web browser that supports 64-bit cipher length.
D. The JAVA run-time environment must be installed on the client to be able to connect to a web-only mode SSL VPN.
Answer: C
Q2. - (Topic 3)
What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?
A. Sessions can be idle for no more than 1800 seconds.
B. The maximum length of time a session can be open is 1800 seconds.
C. After 1800 seconds, the end user must reauthenticate.
D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.
Answer: A
Q3. - (Topic 3)
Which spam filter is not available on a FortiGate device?
A. Sender IP reputation database
B. URLs included in the body of known SPAM messages.
C. Email addresses included in the body of known SPAM messages.
D. Spam object checksums
E. Spam grey listing
Answer: E
Q4. - (Topic 1)
Which of the statements below are true regarding firewall policy disclaimers? (Select all that apply.)
A. User must accept the disclaimer to proceed with the authentication process.
B. The disclaimer page is customizable.
C. The disclaimer cannot be used in combination with user authentication.
D. The disclaimer can only be applied to wireless interfaces.
Answer: A,B
Q5. - (Topic 1)
The FortiGate unit can be configured to allow authentication to a RADIUS server. The RADIUS server can use several different authentication protocols during the authentication process.
Which of the following are valid authentication protocols that can be used when a user authenticates to the RADIUS server? (Select all that apply.)
A. MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication Protocol v2)
B. PAP (Password Authentication Protocol)
C. CHAP (Challenge-Handshake Authentication Protocol)
D. MS-CHAP (Microsoft Challenge-Handshake Authentication Protocol v1)
E. FAP (FortiGate Authentication Protocol)
Answer: A,B,C,D
Q6. - (Topic 3)
A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit.
Which of the following statements best describes the reason why the FortiGate 60B unit is unable to archive data to the FortiAnalyzer unit?
A. The FortiGate unit is considered an unregistered device.
B. The FortiGate unit has been blocked from sending archive data to the FortiAnalyzer device by the administrator.
C. The FortiGate unit has insufficient privileges. The administrator should edit the device entry in the FortiAnalyzer and modify the privileges.
D. The FortiGate unit is being treated as a syslog device and is only permitted to send log data.
Answer: A
Q7. - (Topic 2)
In Transparent Mode, forward-domain is an attribute of ______________.
A. an interface
B. a firewall policy
C. a static route
D. a virtual domain
Answer: A
Q8. - (Topic 1)
A FortiGate unit can create a secure connection to a client using SSL VPN in tunnel mode.
Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.)
A. Split tunneling can be enabled when using tunnel mode SSL VPN.
B. Software must be downloaded to the web client to be able to use a tunnel mode SSL VPN.
C. Users attempting to create a tunnel mode SSL VPN connection must be members of a configured user group on the FortiGate unit.
D. Tunnel mode SSL VPN requires the FortiClient software to be installed on the user's computer.
E. The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit.
Answer: A,B,C,E
Q9. - (Topic 1)
What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?
A. Sessions can be idle for no more than 1800 seconds.
B. The maximum length of time a session can be open is 1800 seconds.
C. After 1800 seconds, the end user must reauthenticate.
D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.
Answer: A
Q10. - (Topic 3)
In which of the following report templates would you configure the charts to be included in the report?
A. Layout Template
B. Data Filter Template
C. Output Template
D. Schedule Template
Answer: A