Implement Network Security Management and Analytics Exam / NSE5 Dumps / NSE5 Exam Questions / NSE5 PDF Dumps / NSE5 VCE Dumps

Fortinet Network Security Analyst NSE5 Exam Questions with VCE and PDF for Free Download from PassLeader (Question 176 – Question 200)

PassLeader just published the NEWEST Fortinet NSE5 exam dumps! And, PassLeader offer two types of the NSE5 dumps — NSE5 VCE dumps and NSE5 PDF dumps, both VCE and PDF contain the NEWEST NSE5 exam questions, they will help you PASSING the Fortinet NSE5 exam easily! Now, get the NEWEST NSE5 dumps in VCE and PDF from PassLeaderhttp://www.passleader.com/nse5.html (320 Q&As Dumps)

What’s more, part of that PassLeader NSE5 dumps now are freehttps://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM

QUESTION 176
Which of the following DLP actions will override any other action?

A.    Exempt
B.    Quarantine Interface
C.    Block
D.    None

Answer: A

QUESTION 177
Both the FortiGate and FortiAnalyzer units can notify administrators when certain alert conditions are met. Considering this, which of the following statements is NOT correct?

A.    On a FortiGate device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.
B.    On a FortiAnalyzer device, the alert condition is based either on the severity level or on the log type, but not on a combination of the two.
C.    Only a FortiAnalyzer device can send the alert notification in the form of a syslog message.
D.    Both the FortiGate and FortiAnalyzer devices can send alert notifications in the form of an email alert.

Answer: A

QUESTION 178
Which of the following items is NOT a packet characteristic matched by a firewall service object?

A.    ICMP type and code
B.    TCP/UDP source and destination ports
C.    IP protocol number
D.    TCP sequence number

Answer: D

QUESTION 179
Which of the following Session TTL values will take precedence?

A.    Session TTL specified at the system level for that port number
B.    Session TTL specified in the matching firewall policy
C.    Session TTL dictated by the application control list associated with the matching firewall policy
D.    The default session TTL specified at the system level

Answer: C

QUESTION 180
SSL Proxy is used to decrypt the SSL-encrypted traffic. After decryption, where is the traffic buffered in preparation for content inspection?

A.    The file is buffered by the application proxy.
B.    The file is buffered by the SSL proxy.
C.    In the upload direction, the file is buffered by the SSL proxy. In the download direction, the file is buffered by the application proxy.
D.    No file buffering is needed since a stream-based scanning approach is used for SSL content inspection.

Answer: A

QUESTION 181
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. The following troubleshooting commands are executed from the CLI:
user1 # get system interface
== [ internal ]
name. internal mode. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forwarD. disable type. physical mtu-override. disable
== [ vlan1 ]
name. vlan1 mode. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forward. disable type. vlan mtu-override. Disable
user1 # get router info routing-table all
Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
* – candidate default
S 10.0.0.0/8 [10/0] is a summary, Null
C 10.0.1.0/25 is directly connected, vlan1
C 10.0.1.128/25 is directly connected, internal
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=277 msg=”vd-root received a packet(proto=6, 10.0.1.130
:47922->10.0.1.1:443) from internal.”
id=20085 trace_id=277 msg=”allocate a new session-00000b21″
id=20085 trace_id=277 msg=”iprope_in_check() check failed, drop”
Based on the output from these commands, which of the following is a possible cause of the problem?

A.    The FortiGate unit has no route back to the PC.
B.    The PC has an IP address in the wrong subnet.
C.    The PC is using an incorrect default gateway IP address.
D.    There is no firewall policy allowing traffic from INTERNAL -> VLAN1.

Answer: D

QUESTION 182
A FortiGate unit is configured with multiple VDOMs. An administrative account on the device has been assigned a Scope value of VDOM:root. Which of the following items would an administrator logging in using this account NOT be able to configure?

A.    Firewall addresses
B.    DHCP servers
C.    FortiGuard Distribution Network configuration
D.    PPTP VPN configuration

Answer: C

QUESTION 183
A FortiGate unit is operating in NAT/Route mode and is configured with two Virtual LAN (VLAN) sub-interfaces added to the same physical interface. Which of the following statements is correct regarding the VLAN IDs in this scenario?

A.    The two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
B.    The two VLAN sub-interfaces must have different VLAN IDs.
C.    The two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
D.    The two VLAN sub-interfaces can have the same VLAN ID if they are connected to different L2 IEEE 802.1Q compliant switches.

Answer: B

QUESTION 184
Which of the following statements is correct about configuring web filtering overrides?

A.    The Override option for FortiGuard Web Filtering is available for any user group type.
B.    Admin overrides require an administrator to manually allow pending override requests which are listed in the Override Monitor.
C.    The Override Scopes of User and User Group are only for use when Firewall Policy Authentication is also being used.
D.    Using Web Filtering Overrides requires the use of Firewall Policy Authentication.

Answer: C

QUESTION 185
The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)

A.    An FSAE Collector Agent must be installed on every domain controller.
B.    An FSAE Domain Controller Agent must be installed on every domain controller.
C.    The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.
D.    The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.
E.    For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.

Answer: BD

QUESTION 186
An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor, the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit.
passleader-nse5-dumps-1861
Which of the following is the best explanation for the Ban Sender action NOT being available?

A.    The Ban Sender action is never available for FTP traffic.
B.    The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.
C.    Firewall policy authentication is required before the Ban Sender action becomes available.
D.    The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.

Answer: A

QUESTION 187
An intermittent connectivity issue is noticed between two devices located behind the FortiGate dmz and internal interfaces. A continuous sniffer trace is run on the FortiGate unit that the administrator will convert into a .cap file for an off-line analysis with a sniffer application.
passleader-nse5-dumps-1871
Given the high volume of global traffic on the network, which of the following CLI commands will best allow the administrator to perform this troubleshooting operation?

A.    diagnose sniffer packet any
B.    diagnose sniffer packet dmz “” 3
C.    diagnose sniffer packet any “host 192.168.1.100 and host 192.168.10.100 ” 3
D.    diagnose sniffer packet any “host 192.168.1.100 and host 192.168.10.100 ” 4

Answer: C

QUESTION 188
A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit.
passleader-nse5-dumps-1881
Which of the following statements best describes the reason why the FortiGate 60B unit is unable to archive data to the FortiAnalyzer unit?

A.    The FortiGate unit is considered an unregistered device.
B.    The FortiGate unit has been blocked from sending archive data to the FortiAnalyzer device by the administrator.
C.    The FortiGate unit has insufficient privileges. The administrator should edit the device entry in the FortiAnalyzer and modify the privileges.
D.    The FortiGate unit is being treated as a syslog device and is only permitted to send log data.

Answer: A

QUESTION 189
If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?

A.    The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR).
B.    The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR).
C.    At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.
D.    The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP.
E.    By design, BGP cannot redistribute routes learned through OSPF.

Answer: C

QUESTION 190
An administrator is examining the attack logs and notices the following entry:
type=ips subtype=signature pri=alert vd=root serial=1995 attack_id=103022611 src=69.45.64.22 dst=192.168.1.100 src_port=80 dst_port=4887 src_int=wlan dst_int=internal status=detected proto=6 service=4887/tcp user=N/A group=N/A msg=web_client: IE.IFRAME.BufferOverflow.B
Based on the information displayed in this entry, which of the following statements are correct? (Select all that apply.)

A.    This is an HTTP server attack.
B.    The attack was detected and blocked by the FortiGate unit.
C.    The attack was against a FortiGate unit at the 192.168.1.100 IP address.
D.    The attack was detected and passed by the FortiGate unit.

Answer: CD

QUESTION 191
Which part of an email message exchange is NOT inspected by the POP3 and IMAP proxies?

A.    TCP connection
B.    File attachments
C.    Message headers
D.    Message body

Answer: A

QUESTION 192
Which of the following represents the method used on a FortiGate unit running FortiOS version 4.2 to apply traffic shaping to P2P traffic, such as BitTorrent?

A.    Apply a Traffic Shaper to a BitTorrent entry in an Application Control List.
B.    Enable the Shape option in a Firewall policy with a Service set to BitTorrent.
C.    Define a DLP Rule to match against BitTorrent traffic and include the rule in a DLP Sensor with Traffic Shaping enabled.
D.    Specify the amount of Rate Limiting to be applied to BitTorrent traffic through the P2P settings of the Firewall Policy Protocol Options.

Answer: A

QUESTION 193
In which of the following report templates would you configure the charts to be included in the report?

A.    Layout Template
B.    Data Filter Template
C.    Output Template
D.    Schedule Template

Answer: A

QUESTION 194
What is the effect of using CLI “config system session-ttl” to set session_ttl to 1800 seconds?

A.    Sessions can be idle for no more than 1800 seconds.
B.    The maximum length of time a session can be open is 1800 seconds.
C.    After 1800 seconds, the end user must reauthenticate.
D.    After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.

Answer: A

QUESTION 195
Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.)

A.    The web client SSL handshake.
B.    The web server SSL handshake.
C.    File buffering.
D.    Communication with the urlfilter process.

Answer: AB

QUESTION 196
An administrator wishes to generate a report showing Top Traffic by service type. They notice that web traffic overwhelms the pie chart and want to exclude the web traffic from the report. Which of the following statements best describes how to do this?

A.    In the Service field of the Data Filter, type 80/tcp and select the NOT checkbox.
B.    Add the following entry to the Generic Field section of the Data Filter: service=”!web”.
C.    When editing the chart, uncheck wlog to indicate that Web Filtering data is being excluded when generating the chart.
D.    When editing the chart, enter ‘http’ in the Exclude Service field.

Answer: A

QUESTION 197
When browsing to an internal web server using a web-mode SSL VPN bookmark, from which of the following source IP addresses would the web server consider the HTTP request to be initiated?

A.    The remote user’s virtual IP address.
B.    The FortiGate unit’s internal IP address.
C.    The remote user’s public IP address.
D.    The FortiGate unit’s external IP address.

Answer: B

QUESTION 198
A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?

A.    Any other matched DLP rules will be ignored with the exception of Archiving.
B.    Future files whose characteristics match this file will bypass DLP scanning.
C.    The traffic matching the DLP rule will bypass antivirus scanning.
D.    The client IP address will be added to a white list.

Answer: A

QUESTION 199
An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?

A.    Apply an application control list which contains a rule for SIP and has the “Limit INVITE Request” option configured.
B.    Enable Traffic Shaping for the appropriate SIP firewall policy.
C.    Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command.
D.    Run the set udp-idle-timer CLI command and set a lower time value.

Answer: A

QUESTION 200
Which of the following report templates must be used when scheduling report generation?

A.    Layout Template
B.    Data Filter Template
C.    Output Template
D.    Chart Template

Answer: A


Learning the PassLeader NSE5 dumps with VCE and PDF for 100% passing Fortinet certificationhttp://www.passleader.com/nse5.html (320 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE5 dumps for freehttps://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM