PassLeader just published the NEWEST Fortinet NSE5 exam dumps! And, PassLeader offer two types of the NSE5 dumps — NSE5 VCE dumps and NSE5 PDF dumps, both VCE and PDF contain the NEWEST NSE5 exam questions, they will help you PASSING the Fortinet NSE5 exam easily! Now, get the NEWEST NSE5 dumps in VCE and PDF from PassLeader — http://www.passleader.com/nse5.html (320 Q&As Dumps)
What’s more, part of that PassLeader NSE5 dumps now are free — https://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM
Which of the following DLP actions will always be performed if it is selected?
B. Quarantine Interface
C. Ban Sender
G. Quarantine IP Address
The following ban list entry is displayed through the CLI.
get user ban list
id cause src-ip-addr dst-ip-addr expires created
531 protect_client 10.177.0.21 184.108.40.206 indefinite Wed Dec 24 :21:33 2008
Based on this command output, which of the following statements is correct?
A. The administrator has specified the Attack and Victim Address method for the quarantine.
B. This diagnostic entry results from the administrator running the diag ips log test command. This command has no effect on traffic.
C. A DLP rule has been matched.
D. An attack has been repeated more than once during the holddown period; the expiry time has been reset to indefinite.
The Host Check feature can be enabled on the FortiGate unit for SSL VPN connections. When this feature is enabled, the FortiGate unit probes the remote host computer to verify that it is “safe” before access is granted. Which of the following items is NOT an option as part of the Host Check feature?
A. FortiClient Antivirus software
B. Microsoft Windows Firewall software
C. FortiClient Firewall software
D. Third-party Antivirus software
An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings. Which of the following statements are correct regarding the IPSec VPN configuration?
A. To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network.
B. The virtual IPSec interface is automatically created after the phase1 configuration.
C. The IPSec policies must be placed at the top of the list.
D. This VPN cannot be used as part of a hub and spoke topology.
E. Routes were automatically created based on the address objects in the firewall policies.
A FortiClient fails to establish a VPN tunnel with a FortiGate unit. The following information is displayed in the FortiGate unit logs:
msg=”Initiator: sent 192.168.11.101 main mode message #1 (OK)”
msg=”Initiator: sent 192.168.11.101 main mode message #2 (OK)”
msg=”Initiator: sent 192.168.11.101 main mode message #3 (OK)”
msg=”Initiator: parsed 192.168.11.101 main mode message #3 (DONE)”
msg=”Initiator: sent 192.168.11.101 quick mode message #1 (OK)”
msg=”Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa”
msg=”Initiator: sent 192.168.11.101 quick mode message #2 (DONE)”
msg=”Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5″
msg=”Failed to acquire an IP address
Which of the following statements is a possible cause for the failure to establish the VPN tunnel?
A. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.
B. There is no IPSec firewall policy configured for the policy-based VPN.
C. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.
D. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.
A static route is configured for a FortiGate unit from the CLI using the following commands:
config router static
set device “wan1”
set distance 20
set gateway 192.168.100.1
Which of the following conditions is NOT required for this static default route to be displayed in the FortiGate unit’s routing table?
A. The Administrative Status of the wan1 interface is displayed as Up.
B. The Link Status of the wan1 interface is displayed as Up.
C. All other default routes should have an equal or higher distance.
D. You must disable DHCP client on that interface.
Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?
A. The FortiGate unit receives periodic “Here I am” messages from the web cache.
B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.
C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.
D. The web cache sends an “I see you” message which is captured by the FortiGate unit.
Which of the following statements correctly describes the deepscan option for HTTPS?
A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs.
B. Enabling deepscan will perform further checks on the server certificate.
C. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked.
D. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection.
When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option. What is a valid reason for using the Full Search option, instead?
A. The search items you are looking for are not contained in indexed log fields.
B. A quick search only searches data received within the last 24 hours.
C. You want the search to include the FortiAnalyzer’s local logs.
D. You want the search to include content archive data as well.
Which spam filter is not available on a FortiGate device?
A. Sender IP reputation database.
B. URLs included in the body of known SPAM messages.
C. Email addresses included in the body of known SPAM messages.
D. Spam object checksums.
E. Spam grey listing.
What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully-meshed set of IPSec tunnels? (Select all that apply.)
A. Using a hub and spoke topology is required to achieve full redundancy.
B. Using a hub and spoke topology simplifies configuration.
C. Using a hub and spoke topology provides stronger encryption.
D. Using a hub and spoke topology reduces the number of tunnels.
You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route. Which of the following configuration steps are required to achieve these objectives? (Select all that apply.)
A. Create one firewall policy.
B. Create two firewall policies.
C. Add a route for the remote subnet.
D. Add a route for incoming traffic.
E. Create a phase 1 definition.
F. Create a phase 2 definition.
In a High Availability configuration operating in Active-Active mode, which of the following correctly describes the path taken by a load-balanced HTTP session?
A. Request: Internal Host -> Master FG -> Slave FG -> Internet -> Web Server
B. Request: Internal Host -> Master FG -> Slave FG -> Master FG -> Internet -> Web Server
C. Request: Internal Host -> Slave FG -> Internet -> Web Server
D. Request: Internal Host -> Slave FG -> Master FG -> Internet -> Web Server
A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the AntiVirus and Email Filter profiles applied to this policy.
What is the correct behavior when the email attachment is detected as a virus by the FortiGate AntiVirus engine?
A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected.
B. The FortiGate unit will reject the infected email and notify both the sender and recipient.
C. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed.
D. The FortiGate unit will reject the infected email and notify the sender.
A. Users can access both the www.google.com site and the www.fortinet.com site.
B. When a user attempts to access the www.google.com site, the FortiGate unit will not perform web filtering on the content of that site.
C. When a user attempts to access the www.fortinet.com site, any remaining web filtering will be bypassed.
D. Downloaded content from www.google.com will be scanned for viruses if antivirus is enabled.
Which of the following statements is not correct regarding virtual domains (VDOMs)?
A. VDOMs divide a single FortiGate unit into two or more virtual units that function as multiple, independent units.
B. A management VDOM handles SNMP, logging, alert email, and FDN-based updates.
C. A backup management VDOM will synchronize the configuration from an active management VDOM.
D. VDOMs share firmware versions, as well as antivirus and IPS databases.
E. Only administrative users with a super_admin profile will be able to enter all VDOMs to make configuration changes.
An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report. Which of the following statements best describes how to do this?
A. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.
B. Add the following entry to the Generic Field section of the Data Filter: service=”!smtp”.
C. When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.
D. When editing the chart, enter ‘dns’ in the Exclude Service field.
In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling. Which of the following statements is true about the IP address used by the SSL VPN client?
A. The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings.
B. Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established.
C. The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options.
Which of the following items are considered to be advantages of using the application control features on the FortiGate unit? Application control allows an administor to:
A. set a unique session-ttl for select applications.
B. customize application types in a similar way to adding custom IPS signatures.
C. check which applications are installed on workstations attempting to access the network.
D. enable AV scanning per application rather than per policy.
An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121. Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message. Which of the following statements represents the best solution to this problem?
A. Create a new session helper for the FTP service monitoring port 2121.
B. Enable the ANY service in the firewall policies for both incoming and outgoing traffic.
C. Place the client and server interface in the same zone and enable intra-zone traffic.
D. Disable any protection profiles being applied to FTP traffic.
Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?
A. Antivirus scanning provides end-to-end virus protection for client workstations.
B. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols.
C. Antivirus scanning supports banned word checking.
D. Antivirus scanning supports grayware protection.
An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN. The tunnel will start up for a few seconds, then shut down. Which of the following statements best describes how to resolve this issue?
A. This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user’s web portal.
B. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface.
C. Check the SSL adaptor on the host machine. If necessary, uninstall and reinstall the adaptor from the tunnel mode portal.
D. Make sure that only Internet Explorer is used. All other browsers are unsupported.
WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?
A. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule.
B. The attempt will be accepted when there is a matching WAN optimization passive rule.
C. The attempt will be accepted when the request comes from a known peer.
D. The attempt will be accepted when a user on the remote peer accepts the connection request.
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI.
Pinging 10.0.1.1 with 32 bytes of data:
Reply from 10.0.1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
user1 # get system interface
== [ internal ]
name. internal mode. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forwarD. disable type. physical mtu-overridE. disable
== [ vlan1 ]
name. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forwarD. disable type. vlan mtu-overridE. disable
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=274 msg=”vd-root received a packet(proto=6, 10.0.1.130:47927- >10.0.1.1:443) from internal.”
id=20085 trace_id=274 msg=”allocate a new session-00000b1b”
id=20085 trace_id=274 msg=”find SNAT: IP-10.0.1.1, port-43798″
id=20085 trace_id=274 msg=”iprope_in_check() check failed, drop”
Based on the output from these commands, which of the following explanations is a possible cause of the problem?
A. The Fortigate unit has no route back to the PC.
B. The PC has an IP address in the wrong subnet.
C. The PC is using an incorrect default gateway IP address.
D. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface.
E. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.
When the SSL proxy inspects the server certificate for Web Filtering only in SSL Handshake mode, which certificate field is being used to determine the site rating?
A. Common Name
C. Organizational Unit
D. Serial Number
Learning the PassLeader NSE5 dumps with VCE and PDF for 100% passing Fortinet certification — http://www.passleader.com/nse5.html (320 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE5 dumps for free — https://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM