Implement Network Security Management and Analytics Exam / NSE5 Dumps / NSE5 Exam Questions / NSE5 PDF Dumps / NSE5 VCE Dumps

New Fortinet NSE5 Exam Dumps with VCE and PDF from PassLeader (Question 226 – Question 250)

PassLeader just published the NEWEST Fortinet NSE5 exam dumps! And, PassLeader offer two types of the NSE5 dumps — NSE5 VCE dumps and NSE5 PDF dumps, both VCE and PDF contain the NEWEST NSE5 exam questions, they will help you PASSING the Fortinet NSE5 exam easily! Now, get the NEWEST NSE5 dumps in VCE and PDF from PassLeaderhttp://www.passleader.com/nse5.html (320 Q&As Dumps)

What’s more, part of that PassLeader NSE5 dumps now are freehttps://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM

QUESTION 226
An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform?

A.    They can delete logged-in users who are also assigned the super_admin access profile.
B.    They can make changes to the super_admin profile.
C.    They can delete the admin account if the default admin user is not logged in.
D.    They can view all the system configuration settings but can not make changes.
E.    They can access configuration options for only the VDOMs to which they have been assigned.

Answer: C

QUESTION 227
Which of the following statements is correct regarding the FortiGuard Services Web Filtering Override configuration as illustrated in the exhibit?
passleader-nse5-dumps-2271

A.    Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/.
B.    A client with an IP of address 10.10.10.12 is allowed access to any subdirectory that is part of the www.yahoo.com web site.
C.    A client with an IP address of 10.10.10.12 is allowed access to the www.yahoo.com/images/ web site and any of its offsite URLs.
D.    A client with an IP address of 10.10.10.12 is allowed access to any URL under the www.yahoo.com web site, including any subdirectory URLs, until August 7, 2009.
E.    Any client on the same subnet as the authenticated user is allowed to access www.yahoo.com/images/ until August 7, 2009.

Answer: C

QUESTION 228
Which of the following statements is correct regarding the NAC Quarantine feature?

A.    With NAC quarantine, files can be quarantined not only as a result of antivirus scanning, but also for other forms of content inspection such as IPS and DLP.
B.    NAC quarantine does a client check on workstations before they are permitted to have administrative access to FortiGate.
C.    NAC quarantine allows administrators to isolate clients whose network activity poses a security risk.
D.    If you chose the quarantine action, you must decide whether the quarantine type is NAC quarantine or File quarantine.

Answer: C

QUESTION 229
When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit.
passleader-nse5-dumps-2291
Which of the following statements is correct regarding this entry?

A.    The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.
B.    The entry displays a ban that was triggered by HTTP traffic matching an IPS signature. This client is banned from receiving or sending any traffic through the FortiGate.
C.    The entry displays a quarantine, which could have been added by either IPS or DLP.
D.    This entry displays a ban entry that was added manually by the administrator on June 11th.

Answer: A

QUESTION 230
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?

A.    Packet encryption
B.    MIB-based report uploads
C.    SNMP access limits through access lists
D.    Running SNMP service on a non-standard port is possible

Answer: A

QUESTION 231
A FortiGate unit can create a secure connection to a client using SSL VPN in tunnel mode. Which of the following statements are correct regarding the use of tunnel mode SSL VPN? (Select all that apply.)

A.    Split tunneling can be enabled when using tunnel mode SSL VPN.
B.    Software must be downloaded to the web client to be able to use a tunnel mode SSL VPN.
C.    Users attempting to create a tunnel mode SSL VPN connection must be members of a configured user group on the FortiGate unit.
D.    Tunnel mode SSL VPN requires the FortiClient software to be installed on the user’s computer.
E.    The source IP address used by the client for the tunnel mode SSL VPN is assigned by the FortiGate unit.

Answer: ABCE

QUESTION 232
By default the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action?

A.    Block all network attacks.
B.    Block the most common network attacks.
C.    Allow all traffic.
D.    Allow and log all traffic.

Answer: C

QUESTION 233
Because changing the operational mode to Transparent resets device (or vdom) to all defaults, which precautions should an Administrator take prior to performing this? (Select all that apply.)

A.    Backup the configuration.
B.    Disconnect redundant cables to ensure the topology will not contain layer 2 loops.
C.    Set the unit to factory defaults.
D.    Update IPS and AV files.

Answer: AB

QUESTION 234
Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type. Which of the following are some of the available event types in Web Config? (Select all that apply.)

A.    Intrusion detected.
B.    Successful firewall authentication.
C.    Oversized file detected.
D.    DHCP address assigned.
E.    FortiGuard Web Filtering rating error detected.

Answer: A

QUESTION 235
When firewall policy authentication is enabled, only traffic on supported protocols will trigger an authentication challenge. Select all supported protocols from the following:

A.    SMTP
B.    SSH
C.    HTTP
D.    FTP
E.    SCP

Answer: CD

QUESTION 236
What is the effect of using CLI “config system session-ttl” to set session_ttl to 1800 seconds?

A.    Sessions can be idle for no more than 1800 seconds.
B.    The maximum length of time a session can be open is 1800 seconds.
C.    After 1800 seconds, the end user must reauthenticate.
D.    After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server.

Answer: A

QUESTION 237
The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate Web Config and also using the CLI. The command used in the CLI to perform this function is ____.

A.    set order
B.    edit policy
C.    reorder
D.    move

Answer: D

QUESTION 238
Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)

A.    Domain Local Security Agent.
B.    Collector Agent.
C.    Active Directory Agent.
D.    User Authentication Agent.
E.    Domain Controller Agent.

Answer: BE

QUESTION 239
Which of the following statements regarding the firewall policy authentication timeout is true?

A.    The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source IP.
B.    The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source IP after this timer has expired.
C.    The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source MAC.
D.    The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source MAC after this timer has expired.

Answer: A

QUESTION 240
A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office. The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers. What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?

A.    Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
B.    Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
C.    Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.
D.    Dynamic routing protocols cannot be used over IPSec VPN tunnels.

Answer: A

QUESTION 241
When creating administrative users, the assigned ____ determines user rights on the FortiGate unit.

Answer: access profile

QUESTION 242
Which of the following are valid FortiGate device interface methods for handling DNS requests? (Select all that apply.)

A.    Forward-only
B.    Non-recursive
C.    Recursive
D.    Iterative
E.    Conditional-forward

Answer: ABC

QUESTION 243
Which of the following is true regarding Switch Port Mode?

A.    Allows all internal ports to share the same subnet.
B.    Provides separate routable interfaces for each internal port.
C.    An administrator can select ports to be used as a switch.
D.    Configures ports to be part of the same broadcast domain.

Answer: A

QUESTION 244
A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?

A.    SSL
B.    IPSec
C.    direct serial connection
D.    S/MIME

Answer: B

QUESTION 245
You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct?

A.    192.168.2.0 / 255.255.255.0
B.    192.168.2.2 / 255.255.255.0
C.    192.168.2.0 / 255.255.255.255
D.    192.168.2.2 / 255.255.255.255

Answer: D

QUESTION 246
The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit’s GUI and also using the CLI. The command used in the CLI to perform this function is ____.

A.    set order
B.    edit policy
C.    reorder
D.    move

Answer: D

QUESTION 247
Which of the following email spam filtering features is NOT supported on a FortiGate unit?

A.    Multipurpose Internet Mail Extensions (MIME) Header Check
B.    HELO DNS Lookup
C.    Greylisting
D.    Banned Word

Answer: C

QUESTION 248
Which of the following statements are true regarding Local User Authentication? (Select all that apply.)

A.    Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.
B.    Two-factor authentication can be enabled on a per user basis.
C.    Administrators can create an account for the user locally and specify the remote server to verify the password.
D.    Local users are for administration accounts only and cannot be used for identity policies.

Answer: ABC

QUESTION 249
Which of the following statements regarding Banned Words are correct? (Select all that apply.)

A.    The FortiGate unit can scan web pages and email messages for instances of banned words.
B.    When creating a banned word list, an administrator can indicate either specific words or patterns.
C.    Banned words can be expressed as wildcards or regular expressions.
D.    Content is automatically blocked if a single instance of a banned word appears.
E.    The FortiGate unit includes a pre-defined library of common banned words.

Answer: ABC

QUESTION 250
Encrypted backup files provide which of the following benefits? (Select all that apply.)

A.    Integrity of the backup file is protected since it cannot be easily modified when encrypted.
B.    Prevents the backup file from becoming corrupted.
C.    Protects details of the device’s configuration settings from being discovered while the backup file is in transit. For example, transferred to a data centers for system recovery.
D.    A copy of the encrypted backup file is automatically pushed to the FortiGuard Distribution Service (FDS) for disaster recovery purposes. If the backup file becomes corrupt it can be retrieved through FDS.
E.    Fortinet Technical Support can recover forgotten passwords with a backdoor passphrase.

Answer: AC


Learning the PassLeader NSE5 dumps with VCE and PDF for 100% passing Fortinet certificationhttp://www.passleader.com/nse5.html (320 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE5 dumps for freehttps://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM