1. Home
  2. Fortinet
  3. NSE5

Fortinet Network Security Expert 5 Written Exam (500)

Exam Details

  • Exam Code
    :NSE5
  • Exam Name
    :Fortinet Network Security Expert 5 Written Exam (500)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :320 Q&As
  • Last Updated
    :Jul 12, 2025

Fortinet Fortinet Certifications NSE5 Questions & Answers

  • Question 231:

    A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit.

    Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit?

    A. Any other matched DLP rules will be ignored with the exception of Archiving.

    B. Future files whose characteristics match this file will bypass DLP scanning.

    C. The traffic matching the DLP rule will bypass antivirus scanning.

    D. The client IP address will be added to a white list.

  • Question 232:

    Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.)

    A. They both create separate broadcast domains.

    B. Port Pairing works only for physical interfaces.

    C. Forwarding Domains only apply to virtual interfaces.

    D. They may contain physical and/or virtual interfaces.

    E. They are only available in high-end models.

  • Question 233:

    An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor, the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit.

    Which of the following is the best explanation for the Ban Sender action NOT being available?

    A. The Ban Sender action is never available for FTP traffic.

    B. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor.

    C. Firewall policy authentication is required before the Ban Sender action becomes available.

    D. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list.

  • Question 234:

    Which of the following items does NOT support the Logging feature?

    A. File Filter

    B. Application control

    C. Session timeouts

    D. Administrator activities

    E. Web URL filtering

  • Question 235:

    A FortiGate AntiVirus profile can be configured to scan for viruses on SMTP, FTP, POP3, and SMB protocols using which inspection mode?

    A. Proxy

    B. DNS

    C. Flow-based

    D. Man-in-the-middle

  • Question 236:

    Select the answer that describes what the CLI command diag debug authd fsso list is used for.

    A. Monitors communications between the FSSO Collector Agent and FortiGate unit.

    B. Displays which users are currently logged on using FSSO.

    C. Displays a listing of all connected FSSO Collector Agents.

    D. Lists all DC Agents installed on all Domain Controllers.

  • Question 237:

    When configuring FortiGuard on FortiManager, which two statements are correct regarding Allow Push Update settings configured in the FortiGuard Antivirus and IPS Settings? (Choose two.)

    A. If an urgent or critical FortiGuard Antivirus and/or IPS update becomes available, the FortiManager built-in FDS will send push update notifications to each managed device.

    B. If an urgent or critical FortiGuard Antivirus and/or IPS update becomes available, the FortiManager built-in FDS will receive push update notifications.

    C. FortiManager's built-in FDS service may not correctly receive push updates if the external facing IP address of any intermediary NAT device is dynamic.

    D. FortiManager's built-in FDS service does not allow an administrator to override the default FortiManager IP address and port used by the FDN to send update messages.

  • Question 238:

    A firewall policy has been configured such that traffic logging is disabled and a UTM function is enabled. In addition, the system setting `utm-incident-traffic-log' has been enabled.

    In which log will a UTM event message be stored?

    A. Traffic

    B. UTM

    C. System

    D. None

  • Question 239:

    Which of the following statements correctly describes how a FortiGate unit functions in Transparent mode?

    A. To manage the FortiGate unit, one of the interfaces must be designated as the management interface. This interface may not be used for forwarding data.

    B. An IP address is used to manage the FortiGate unit but this IP address is not associated with a specific interface.

    C. The FortiGate unit must use public IP addresses on the internal and external networks.

    D. The FortiGate unit uses private IP addresses on the internal network but hides them using address translation.

  • Question 240:

    Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit?

    A. Antivirus scanning provides end-to-end virus protection for client workstations.

    B. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols.

    C. Antivirus scanning supports banned word checking.

    D. Antivirus scanning supports grayware protection.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE5 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.