Fortinet Fortinet Certifications NSE5 Questions & Answers

• Question 51:

  The __________ CLI command is used on the FortiGate unit to run static commands such as ping or to reset the FortiGate unit to factory defaults.

  A. execute

  Correct Answer: A

• Question 52:

  An intermittent connectivity issue is noticed between two devices located behind the FortiGate dmz and internal interfaces. A continuous sniffer trace is run on the FortiGate unit that the administrator will convert into a .cap file for an off-line analysis with a sniffer application.

  

  Given the high volume of global traffic on the network, which of the following CLI commands will best allow the administrator to perform this troubleshooting operation?

  A. diagnose sniffer packet any

  B. diagnose sniffer packet dmz "" 3

  C. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 3

  D. diagnose sniffer packet any "host 192.168.1.100 and host 192.168.10.100 " 4

  Correct Answer: C

• Question 53:

  The Idle Timeout setting on a FortiGate unit applies to which of the following?

  A. Web browsing

  B. FTP connections

  C. User authentication

  D. Administrator access

  E. Web filtering overrides.

  Correct Answer: D

• Question 54:

  Which of the following statements correctly describes the deepscan option for HTTPS?

  A. When deepscan is disabled, only the web server certificate is inspected; no decryption of content occurs.

  B. Enabling deepscan will perform further checks on the server certificate.

  C. Deepscan is only applicable to mail protocols, where all IP addresses in the header are checked.

  D. With deepscan enabled, archived files will be decompressed before scanning for a more comprehensive file inspection.

  Correct Answer: A

• Question 55:

  In which of the following report templates would you configure the charts to be included in the report?

  A. Layout Template

  B. Data Filter Template

  C. Output Template

  D. Schedule Template

  Correct Answer: A

• Question 56:

  Which statement is true regarding the import/export feature?

  A. This is only a feature for reports.

  B. This feature is for reports and charts.

  C. This feature is for reports, charts, and datasets.

  D. This feature is for reports and datasets.

  Correct Answer: B

• Question 57:

  FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory.

  Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.)

  A. An FSSO Collector Agent must be installed on every domain controller.

  B. An FSSO Domain Controller Agent must be installed on every domain controller.

  C. The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit.

  D. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit.

  E. For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client.

  Correct Answer: BD

• Question 58:

  If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)?

  A. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR).

  B. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR).

  C. At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings.

  D. The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP.

  E. By design, BGP cannot redistribute routes learned through OSPF.

  Correct Answer: C

• Question 59:

  An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement?

  A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured.

  B. Enable Traffic Shaping for the appropriate SIP firewall policy.

  C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command.

  D. Run the set udp-idle-timer CLI command and set a lower time value.

  Correct Answer: A

• Question 60:

  Which of the following statements are correct regarding the configuration of a FortiGate unit as an SSL VPN gateway? (Select all that apply.)

  A. Tunnel mode can only be used if the SSL VPN user groups have at least one Host Check option enabled.

  B. The specific routes needed to access internal resources through an SSL VPN connection in tunnel mode from the client computer are defined in the routing widget associated with the SSL VPN portal.

  C. In order to apply a portal to a user, that user must belong to an SSL VPN user group.

  D. The portal settings specify whether the connection will operate in web-only or tunnel mode.

  Correct Answer: CD