It is impossible to pass Fortinet NSE5 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Fortinet NSE5 practice questions. You will get a surprising result by our Latest Fortinet Network Security Expert 5 Written Exam (500) practice guides.
2026 New NSE5 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/NSE5/
Q1. - (Topic 1)
Which of the following products is designed to manage multiple FortiGate devices?
A. FortiGate device
B. FortiAnalyzer device
C. FortiClient device
D. FortiManager device
E. FortiMail device
F. FortiBridge device
Answer: D
Q2. - (Topic 3)
What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds?
A. Sessions can be idle for no more than 1800 seconds.
B. The maximum length of time a session can be open is 1800 seconds.
C. After 1800 seconds, the end user must reauthenticate.
D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.
Answer: A
Q3. - (Topic 2)
Identify the correct properties of a partial mesh VPN deployment:
A. VPN tunnels interconnect between every single location.
B. VPN tunnels are not configured between every single location.
C. Some locations are reached via a hub location.
D. There are no hub locations in a partial mesh.
Answer: B,C
Q4. - (Topic 1)
A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the antivirus and email filter profiles applied to this policy.
Exhibit A:
Exhibit B:
What is the correct behavior when the email attachment is detected as a virus by the FortiGate antivirus engine?
A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected.
B. The FortiGate unit will reject the infected email and the sender will receive a failed delivery message.
C. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed.
D. The FortiGate unit will reject the infected email and notify the sender.
Answer: B
Q5. - (Topic 1)
Encrypted backup files provide which of the following benefits? (Select all that apply.)
A. Integrity of the backup file is protected since it cannot be easily modified when encrypted.
B. Prevents the backup file from becoming corrupted.
C. Protects details of the device's configuration settings from being discovered while the backup file is in transit. For example, transferred to a data centers for system recovery.
D. A copy of the encrypted backup file is automatically pushed to the FortiGuard Distribution Service (FDS) for disaster recovery purposes. If the backup file becomes corrupt it can be retrieved through FDS.
E. Fortinet Technical Support can recover forgotten passwords with a backdoor passphrase.
Answer: A,C
Q6. CORRECT TEXT - (Topic 1)
When creating administrative users, the assigned _____________determines user rights on the FortiGate unit.
Answer: access profile
Q7. - (Topic 3)
The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.
Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)
A. An FSAE Collector Agent must be installed on every domain controller.
B. An FSAE Domain Controller Agent must be installed on every domain controller.
C. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.
D. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
E. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.
Answer: B,D
Q8. - (Topic 2)
Review the IKE debug output for IPsec shown in the Exhibit below.
Which one of the following statements is correct regarding this output?
A. The output is a Phase 1 negotiation.
B. The output is a Phase 2 negotiation.
C. The output captures the Dead Peer Detection messages.
D. The output captures the Dead Gateway Detection packets.
Answer: C
Q9. - (Topic 1)
A FortiGate unit is configured to receive push updates from the FortiGuard Distribution Network, however, updates are not being received.
Which of the following statements are possible reasons for this? (Select all that apply.)
A. The external facing interface of the FortiGate unit is configured to use DHCP.
B. The FortiGate unit has not been registered.
C. There is a NAT device between the FortiGate unit and the FortiGuard Distribution Network and no override push IP is configured.
D. The FortiGate unit is in Transparent mode which does not support push updates.
Answer: A,B,C
Q10. - (Topic 1)
A FortiGate unit can act as which of the following? (Select all that apply.)
A. Antispam filter
B. Firewall
C. VPN gateway
D. Mail relay
E. Mail server
Answer: A,B,C