1. Home
  2. Fortinet
  3. NSE5

Fortinet Network Security Expert 5 Written Exam (500)

Exam Details

  • Exam Code
    :NSE5
  • Exam Name
    :Fortinet Network Security Expert 5 Written Exam (500)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :320 Q&As
  • Last Updated
    :Jul 12, 2025

Fortinet Fortinet Certifications NSE5 Questions & Answers

  • Question 21:

    When a FortiManager HA primary device fails, which two statements are correct for promoting a secondary device to the primary role? (Choose two.)

    A. Must manually reconfigure one of the secondary devices to become the master device.

    B. Reboot is required when promoting from secondary to primary.

    C. All other secondary devices must be reconfigured to point to new primary device.

    D. The FortiManager HA supports IP takeover where an HA state transition does not require manual intervention.

  • Question 22:

    Review the IKE debug output for IPsec shown in the Exhibit below.

    Which one of the following statements is correct regarding this output?

    A. The output is a Phase 1 negotiation.

    B. The output is a Phase 2 negotiation.

    C. The output captures the Dead Peer Detection messages.

    D. The output captures the Dead Gateway Detection packets.

  • Question 23:

    Which of the following items is NOT a packet characteristic matched by a firewall service object?

    A. ICMP type and code

    B. TCP/UDP source and destination ports

    C. IP protocol number

    D. TCP sequence number

  • Question 24:

    Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit.

    Which of the following statements is correct regarding this output? (Select one answer).

    A. One tunnel is rekeying

    B. Two tunnels are rekeying

    C. Two tunnels are up

    D. One tunnel is up

  • Question 25:

    Which statements are true about Offline mode on the FortiManager? (Choose two.)

    A. Enabled by default.

    B. Devices cannot be managed when offline mode is enabled.

    C. Enabling offline mode enables fgfm protocol (TCP 541).

    D. Offline mode is enabled by default when backup is restored on FortiManager.

  • Question 26:

    The FortiGate Server Authentication Extensions (FSAE) provide a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.

    Which of the following statements are correct regarding FSAE in a Windows domain environment when NTLM is not used? (Select all that apply.)

    A. An FSAE Collector Agent must be installed on every domain controller.

    B. An FSAE Domain Controller Agent must be installed on every domain controller.

    C. The FSAE Domain Controller Agent will regularly update user logon information on the FortiGate unit.

    D. The FSAE Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.

    E. For non-domain computers, an FSAE client must be installed on the computer to allow FSAE authentication.

  • Question 27:

    A client can create a secure connection to a FortiGate device using SSL VPN in web-only mode. Which one of the following statements is correct regarding the use of web-only mode SSL VPN?

    A. Web-only mode supports SSL version 3 only.

    B. A Fortinet-supplied plug-in is required on the web client to use web-only mode SSL VPN.

    C. Web-only mode requires the user to have a web browser that supports 64-bit cipher length.

    D. The JAVA run-time environment must be installed on the client to be able to connect to a web-only mode SSL VPN.

  • Question 28:

    Which one of the following statements is correct about raw log messages?

    A. Logs have a header and a body section. The header will have the same layout for every log message. The body section will change layout from one type of log message to another.

    B. Logs have a header and a body section. The header and body will change layout from one type of log message to another.

    C. Logs have a header and a body section. The header and body will have the same layout for every log message.

  • Question 29:

    What are the limitations when creating a chart using the Custom Chart wizard? (Choose two.)

    A. You cannot search multiple log types (for example, $log-traffic, $log-webfilter).

    B. You cannot select the format of the data ?all charts are table charts by default.

    C. You can only create custom charts within the root ADOM only.

    D. You can only select from two variable charts.

  • Question 30:

    An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings.

    Which of the following statements are correct regarding the IPSec VPN configuration?

    A. To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network.

    B. The virtual IPSec interface is automatically created after the phase1 configuration.

    C. The IPSec policies must be placed at the top of the list.

    D. This VPN cannot be used as part of a hub and spoke topology.

    E. Routes were automatically created based on the address objects in the firewall policies.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE5 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.