Fortinet Fortinet Certifications NSE5 Questions & Answers

• Question 141:

  Which of the following methods can be used to access the CLI? (Select all that apply.)

  A. By using a direct connection to a serial console.

  B. By using the CLI console window in the GUI.

  C. By using an SSH connection.

  D. By using a Telnet connection.

  Correct Answer: ABCD

• Question 142:

  Refer to the exhibit. An administrator created a new interface object named Dev and configured dynamic mapping for the wan2 interface on the HeadOffice FortiGate. A new policy from internal to Dev is configured.

  Which statement is correct regarding the installation of the HeadOffice policy package?

  

  A. A new zone named Dev with member interface wan2 and a policy from internal to Dev will be created on the FortiGate device.

  B. A new policy from internal to wan2 will be created locally on the FortiGate.

  C. Dev is a FortiManager reference for interface wan2 on the HeadOffice FortiGate. No zone is created on the FortiGate.

  D. The install will fail because wan2 cannot be mapped to Dev. This is not a valid configuration.

  Correct Answer: C

• Question 143:

  Which two statements are correct regarding recovery logic used by FortiGate-FortiManager (FGFM) protocol when a configuration install is performed from the FortiManager to the managed FortiGate? (Choose two.)

  A. FortiGate devices receive set and unset commands for each configuration change FortiManager sends.

  B. FortiGate writes configuration changes to the configuration file, it then tests communication to the FortiManager via the FGFM protocol.

  C. FortiGate applies configuration changes to the running configuration, it then tests communication to the FortiManager via the FGFM protocol.

  D. FortiGate will shut down if configuration changes render FortiManager unreachable via the FGFM protocol.

  Correct Answer: AC

• Question 144:

  Which of the following email spam filtering features is NOT supported on a FortiGate unit?

  A. Multipurpose Internet Mail Extensions (MIME) Header Check

  B. HELO DNS Lookup

  C. Greylisting

  D. Banned Word

  Correct Answer: C

• Question 145:

  Which of the following statements describes the method of creating a policy to block access to an FTP site?

  A. Enable Web Filter URL blocking and add the URL of the FTP site to the URL Block list.

  B. Create a firewall policy with destination address set to the IP address of the FTP site, the Service set to FTP, and the Action set to Deny.

  C. Create a firewall policy with a protection profile containing the Block FTP option enabled.

  D. None of the above.

  Correct Answer: B

• Question 146:

  What statements are true regarding disk log quota? (Choose two.)

  A. The FortiAnalyzer stops logging once the disk log quota is met.

  B. The FortiAnalyzer automatically sets the disk log quota based on the device.

  C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

  D. The FortiAnalyzer disk quota is configurable, but has a minimum of 100MB and a maximum based on the reserved system space.

  Correct Answer: CD

• Question 147:

  An administrator is examining the attack logs and notices the following entry:

  device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52 dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect- servers ref=http://www.fortinet.com/ids/VID100663402 msg="anomaly: tcp_src_session, 2 > threshold 1" policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A

  user=N/A group=N/A

  Based solely upon this log message, which of the following statements is correct?

  A. This attack was blocked by the HTTP protocol decoder.

  B. This attack was caught by the DoS sensor "protect-servers".

  C. This attack was launched against the FortiGate unit itself rather than a host behind the FortiGate unit.

  D. The number of concurrent connections to destination IP address 64.64.64.64 has exceeded the configured threshold.

  Correct Answer: B

• Question 148:

  Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?

  A. Packet encryption

  B. MIB-based report uploads

  C. SNMP access limits through access lists

  D. Running SNMP service on a non-standard port is possible

  Correct Answer: A

• Question 149:

  An administrator has formed a High Availability cluster involving two FortiGate 310B units.

  [ Multiple upstream Layer 2 switches ] -- [ FortiGate HA Cluster ] -- [ Multiple downstream Layer 2 switches ] The administrator wishes to ensure that a single link failure will have minimal impact upon the overall

  throughput of traffic through this cluster.

  Which of the following options describes the best step the administrator can take?

  The administrator should...

  A. set up a full-mesh design which uses redundant interfaces.

  B. increase the number of FortiGate units in the cluster and configure HA in Active-Active mode.

  C. enable monitoring of all active interfaces.

  D. configure the HA ping server feature to allow for HA failover in the event that a path is disrupted.

  Correct Answer: A

• Question 150:

  How does the Log View page display logs when ADOMs are enabled?

  A. The Log View page displays logs in ADOMs together so they appear as a single device.

  B. The Log View page displays logs per ADOM.

  C. The Log View page cannot display raw logs when ADOMs are enabled.

  D. The Log View page cannot display logs in real-time when ADOMs are enabled.

  Correct Answer: B