1. Home
  2. Fortinet
  3. FCNSP.V5

Fortinet Certified Network Security Professional (FCNSP.v5)

Exam Details

  • Exam Code
    :FCNSP.V5
  • Exam Name
    :Fortinet Certified Network Security Professional (FCNSP.v5)
  • Certification
    :Fortinet Certification
  • Vendor
    :Fortinet
  • Total Questions
    :120 Q&As
  • Last Updated
    :

Fortinet Fortinet Certification FCNSP.V5 Questions & Answers

  • Question 1:

    A FortiClient fails to establish a VPN tunnel with a FortiGate unit.

    The following information is displayed in the FortiGate unit logs:

    msg="Initiator: sent 192.168.11.101 main mode message #1 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #2 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #3 (OK)" msg="Initiator: parsed 192.168.11.101 main mode message #3 (DONE)" msg="Initiator: sent

    192.168.11.101 quick mode message #1 (OK)" msg="Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa" msg="Initiator: sent 192.168.11.101 quick mode message #2 (DONE)" msg="Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5" msg="Failed to acquire an IP address

    Which of the following statements is a possible cause for the failure to establish the VPN tunnel?

    A. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.

    B. There is no IPSec firewall policy configured for the policy-based VPN.

    C. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.

    D. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.

  • Question 2:

    An administrator sets up a new FTP server on TCP port 2121. A FortiGate unit is located between the FTP clients and the server. The administrator has created a policy for TCP port 2121.

    Users have been complaining that when downloading data they receive a 200 Port command successful message followed by a 425 Cannot build data connection message.

    Which of the following statements represents the best solution to this problem?

    A. Create a new session helper for the FTP service monitoring port 2121.

    B. Enable the ANY service in the firewall policies for both incoming and outgoing traffic.

    C. Place the client and server interface in the same zone and enable intra-zone traffic.

    D. Disable any protection profiles being applied to FTP traffic.

  • Question 3:

    Which of the following Session TTL values will take precedence?

    A. Session TTL specified at the system level for that port number

    B. Session TTL specified in the matching firewall policy

    C. Session TTL dictated by the application control list associated with the matching firewall policy

    D. The default session TTL specified at the system level

  • Question 4:

    Which of the following items is NOT a packet characteristic matched by a firewall service object?

    A. ICMP type and code

    B. TCP/UDP source and destination ports

    C. IP protocol number

    D. TCP sequence number

  • Question 5:

    When configuring a server load balanced virtual IP, which of the following is the best distribution algorithm to be used in applications where the same physical destination server must be maintained between sessions?

    A. Static

    B. Round robin

    C. Weighted round robin

    D. Least connected

  • Question 6:

    A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.

    The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI.

    C:\>ping 10.0.1.1 Pinging 10.0.1.1 with 32 bytes of data: Reply from 10.0.1.1: bytes=32 time=1ms TTL=255 Reply from 10.0.1.1: bytes=32 time<1ms TTL=255

    Reply from 10.0.1.1: bytes=32 time<1ms TTL=255

    Reply from 10.0.1.1: bytes=32 time<1ms TTL=255

    user1 # get system interface

    == [ internal ]

    namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE.

    physical mtu-overridE. disable == [ vlan1 ]

    namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtuoverridE. disable

    user1 # diagnose debug flow trace start 100

    user1 # diagnose debug ena

    user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1

    id=20085 trace_id=274 msg="vd-root received a packet(proto=6, 10.0.1.130:47927- >10.0.1.1:443) from

    internal."

    id=20085 trace_id=274 msg="allocate a new session-00000b1b" id=20085 trace_id=274 msg="find SNAT:

    IP-10.0.1.1, port-43798" id=20085 trace_id=274 msg="iprope_in_check() check failed, drop"

    Based on the output from these commands, which of the following explanations is a possible cause of the

    problem?

    A. The Fortigate unit has no route back to the PC.

    B. The PC has an IP address in the wrong subnet.

    C. The PC is using an incorrect default gateway IP address.

    D. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface.

    E. There is no firewall policy allowing traffic from INTERNAL-> VLAN1.

  • Question 7:

    A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator

    attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of

    10.0.1.1, but gets no connectivity.

    The following troubleshooting commands are executed from the CLI:

    user1 # get system interface

    == [ internal ]

    namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE.

    physical mtu-overridE. disable == [ vlan1 ]

    namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtuoverridE. disable

    user1 # get router info routing-table all

    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area

    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF

    external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

    * - candidate default

    S 10.0.0.0/8 [10/0] is a summary, Null

    C 10.0.1.0/25 is directly connected, vlan1

    C 10.0.1.128/25 is directly connected, internal

    user1 # diagnose debug flow trace start 100

    user1 # diagnose debug ena

    user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1

    id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130 :47922->10.0.1.1:443) from

    internal."

    id=20085 trace_id=277 msg="allocate a new session-00000b21" id=20085 trace_id=277

    msg="iprope_in_check() check failed, drop" Based on the output from these commands, which of the

    following is a possible cause of the problem?

    A. The FortiGate unit has no route back to the PC.

    B. The PC has an IP address in the wrong subnet.

    C. The PC is using an incorrect default gateway IP address.

    D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.

  • Question 8:

    WAN optimization is configured in Active/Passive mode. When will the remote peer accept an attempt to initiate a tunnel?

    A. The attempt will be accepted when the request comes from a known peer and there is a matching WAN optimization passive rule.

    B. The attempt will be accepted when there is a matching WAN optimization passive rule.

    C. The attempt will be accepted when the request comes from a known peer.

    D. The attempt will be accepted when a user on the remote peer accepts the connection request.

  • Question 9:

    Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?

    A. The FortiGate unit receives periodic "Here I am" messages from the web cache.

    B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.

    C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.

    D. The web cache sends an "I see you" message which is captured by the FortiGate unit.

  • Question 10:

    Which of the following must be configured on a FortiGate unit to redirect content requests to remote web cache servers?

    A. WCCP must be enabled on the interface facing the Web cache.

    B. You must enabled explicit Web-proxy on the incoming interface.

    C. WCCP must be enabled as a global setting on the FortiGate unit.

    D. WCCP must be enabled on all interfaces on the FortiGate unit through which HTTP traffic is passing.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your FCNSP.V5 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.