Ucertify offers free demo for NSE5 exam. "Fortinet Network Security Expert 5 Written Exam (500)", also known as NSE5 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE5 exam, will help you answer those questions. The NSE5 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE5 exams and revised by experts!
2026 New NSE5 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/NSE5/
Q1. - (Topic 3)
A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit.
Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Select all that apply.)
A. The administrator should configure inter-VDOM links to avoid using external interfaces and routers.
B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. This provides the same level of security internally as externally.
C. This configuration requires the use of an external router.
D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached.
E. As each VDOM has an independant routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs.
Answer: A,B,E
Q2. - (Topic 1)
Which one of the following statements is correct about raw log messages?
A. Logs have a header and a body section. The header will have the same layout for every log message. The body section will change layout from one type of log message to another.
B. Logs have a header and a body section. The header and body will change layout from one type of log message to another.
C. Logs have a header and a body section. The header and body will have the same layout for every log message.
Answer: A
Q3. - (Topic 2)
In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit?
A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server
B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server
C. Request: Internal Host; Slave FortiGate; Internet; Web Server
D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server
Answer: A
Q4. - (Topic 3)
An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121.
Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message.
Which of the following statements represents the best solution to this problem?
A. Create a new session helper for the FTP service monitoring port 2121.
B. Enable the ANY service in the firewall policies for both incoming and outgoing traffic.
C. Place the client and server interface in the same zone and enable intra-zone traffic.
D. Disable any protection profiles being applied to FTP traffic.
Answer: A
Q5. - (Topic 1)
Which of the following email spam filtering features is NOT supported on a FortiGate unit?
A. Multipurpose Internet Mail Extensions (MIME) Header Check
B. HELO DNS Lookup
C. Greylisting
D. Banned Word
Answer: C
Q6. - (Topic 1)
How is traffic routed onto an SSL VPN tunnel from the FortiGate unit side?
A. A static route must be configured by the administrator using the ssl.root interface as the outgoing interface.
B. Assignment of an IP address to the client causes a host route to be added to the FortiGate unit’s kernel routing table.
C. A route back to the SSLVPN IP pool is automatically created on the FortiGate unit.
D. The FortiGate unit adds a route based upon the destination address in the SSL VPN firewall policy.
Answer: B
Q7. - (Topic 1)
A FortiGate unit can provide which of the following capabilities? (Select all that apply.)
A. Email filtering
B. Firewall
C. VPN gateway
D. Mail relay
E. Mail server
Answer: A,B,C
Q8. - (Topic 3)
Which of the following statements is correct about configuring web filtering overrides?
A. The Override option for FortiGuard Web Filtering is available for any user group type.
B. Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor.
C. The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.
D. Using Web Filtering Overrides requires the use of Firewall Policy Authentication.
Answer: C
Q9. - (Topic 3)
An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor,
the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit.
Which of the following is the best explanation for the Ban Sender action NOT being available?
A. The Ban Sender action is never available for FTP traffic.
B. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.
C. Firewall policy authentication is required before the Ban Sender action becomes available.
D. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.
Answer: A
Q10. - (Topic 1)
FortiGate units are preconfigured with four default protection profiles. These protection profiles are used to control the type of content inspection to be performed.
What action must be taken for one of these profiles to become active?
A. The protection profile must be assigned to a firewall policy.
B. The "Use Protection Profile" option must be selected in the Web Config tool under the sections for AntiVirus, IPS, WebFilter, and AntiSpam.
C. The protection profile must be set as the Active Protection Profile.
D. All of the above.
Answer: A