When creating administrative users which of the following configuration objects determines access rights on the FortiGate unit?
A. profile
B. allowaccess interface settings
C. operation mode
D. local-in policy
A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?
A. SSL
B. IPSec
C. direct serial connection
D. S/MIME
Refer to the output below. Which statement is correct concerning the duplicate objects?
Start to import config from device (STUDENT-2) vdom (root) to adom (root), package (STUDENT-2)
"firewall service category", SUCCESS, "(name=General, oid=370, DUPLICATE)"
"firewall schedule recurring", SUCCESS, "(name=always, oid=466, DUPLICATE)"
"firewall address", SUCCESS, "(name=all, oid=358, DUPLICATE)"
"firewall service custom", SUCCESS, "(name=ALL, oid=419, DUPLICATE)"
"firewall vip", SUCCESS, "(name=FTP, oid=468, DUPLICATE)"
A. These duplicate objects exist on the same FortiGate device.
B. FortiManager does not import duplicate objects for entries already in the ADOM configuration database.
C. FortiManager is attempting to install these duplicate objects to the managed FortiGate device.
D. FortiManager creates the duplicate objects in the ADOM configuration database.
A FortiClient fails to establish a VPN tunnel with a FortiGate unit.
The following information is displayed in the FortiGate unit logs:
msg="Initiator: sent 192.168.11.101 main mode message #1 (OK)"
msg="Initiator: sent 192.168.11.101 main mode message #2 (OK)"
msg="Initiator: sent 192.168.11.101 main mode message #3 (OK)"
msg="Initiator: parsed 192.168.11.101 main mode message #3 (DONE)"
msg="Initiator: sent 192.168.11.101 quick mode message #1 (OK)"
msg="Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa"
msg="Initiator: sent 192.168.11.101 quick mode message #2 (DONE)"
msg="Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5"
msg="Failed to acquire an IP address
Which of the following statements is a possible cause for the failure to establish the VPN tunnel?
A. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.
B. There is no IPSec firewall policy configured for the policy-based VPN.
C. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.
D. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the
feature will function.
An administrator must assign a set of UTM features to a group of users.
Which of the following is the correct method for doing this?
A. Enable a set of unique UTM features under "Edit User Group".
B. The administrator must enable the UTM features in an identify-based policy applicable to the user group.
C. When defining the UTM objects, the administrator must list the user groups which will use the UTM object.
D. The administrator must apply the UTM features directly to a user object.
File blocking rules are applied before which of the following?
A. Firewall policy processing
B. Virus scanning
C. Web URL filtering
D. White/Black list filtering
In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate unit when searching for a suitable gateway?
A. A look-up is done only when the first packet coming from the client (SYN) arrives.
B. A look-up is done when the first packet coming from the client (SYN) arrives, and a second is performed when the first packet coming from the server (SYNC/ACK) arrives.
C. A look-up is done only during the TCP 3-way handshake (SYNC, SYNC/ACK, ACK).
D. A look-up is always done each time a packet arrives, from either the server or the client side.
Workflow mode includes which new permissions for Super_Admin administrative users?
A. Self-approval, Approval, Reject
B. Self-disapproval, Approval, Accept
C. Approval, Self-approval, Change Notification
D. Change Notification, Self-disapproval, Submit
Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)
A. Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto- negotiated.
B. Must establish an IPsec tunnel ID and pre-shared key.
C. IPsec cannot be enabled if SSL is enabled as well.
D. IPsec is only enabled through the CLI on FortiAnalyzer.
An administrator configures a FortiGate unit in Transparent mode on the 192.168.11.0 subnet. Automatic Discovery is enabled to detect any available FortiAnalyzers on the network.
Which of the following FortiAnalyzers will be detected? (Select all that apply.)
A. 192.168.11.100
B. 192.168.11.251
C. 192.168.10.100
D. 192.168.10.251
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE5 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.