Fortinet NSE5 ExamFortinet Network Security Expert 5 Written Exam (500)

Total Question: 320 Last Updated: Jul 13,2019
  • Updated NSE5 Dumps
  • Based on Real NSE5 Exams Scenarios
  • Free NSE5 pdf Demo Available
  • Check out our NSE5 Dumps in a new PDF format
  • Instant NSE5 download
  • Guarantee NSE5 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $39.99

Buy Now Free Trial

15 tips on How to NSE5 Test Like a Badass [61 to 75]

Simulation of NSE5 exam answers materials and preparation labs for Fortinet certification for IT professionals, Real Success Guaranteed with Updated NSE5 pdf dumps vce Materials. 100% PASS Fortinet Network Security Expert 5 Written Exam (500) exam Today!

2016 Mar NSE5 Study Guide Questions:

Q61. - (Topic 1) 

When browsing to an internal web server using a web-mode SSL VPN bookmark, from which of the following source IP addresses would the web server consider the HTTP request to be initiated? 

A. The remote user's virtual IP address. 

B. The FortiGate unit's internal IP address. 

C. The remote user's public IP address. 

D. The FortiGate unit's external IP address. 

Answer: B 


Q62. - (Topic 3) 

Which of the following DLP actions will always be performed if it is selected? 

A. Archive 

B. Quarantine Interface 

C. Ban Sender 

D. Block 

E. None 

F. Ban 

G. Quarantine IP Address 

Answer: A 


Q63. - (Topic 1) 

A FortiGate unit can provide which of the following capabilities? (Select all that apply.) 

A. Email filtering 

B. Firewall 

C. VPN gateway 

D. Mail relay 

E. Mail server 

Answer: A,B,C 


Q64. - (Topic 3) 

An administrator logs into a FortiGate unit using an account which has been assigned a super_admin profile. Which of the following operations can this administrator perform? 

A. They can delete logged-in users who are also assigned the super_admin access profile. 

B. They can make changes to the super_admin profile. 

C. They can delete the admin account if the default admin user is not logged in. 

D. They can view all the system configuration settings but can not make changes. 

E. They can access configuration options for only the VDOMs to which they have been assigned. 

Answer: C 


Q65. - (Topic 3) 

Which of the following tasks fall under the responsibility of the SSL proxy in a typical HTTPS connection? (Select all that apply.) 

A. The web client SSL handshake. 

B. The web server SSL handshake. 

C. File buffering. 

D. Communication with the urlfilter process. 

Answer: A,B 


NSE5 test preparation

Rebirth NSE5 practice test:

Q66. - (Topic 3) 

Which of the following statements is correct regarding the antivirus scanning function on the FortiGate unit? 

A. Antivirus scanning provides end-to-end virus protection for client workstations. 

B. Antivirus scanning provides virus protection for the HTTP, Telnet, SMTP, and FTP protocols. 

C. Antivirus scanning supports banned word checking. 

D. Antivirus scanning supports grayware protection. 

Answer: D 


Q67. - (Topic 2) 

Which of the following statements are correct regarding Application Control? 

A. Application Control is based on the IPS engine. 

B. Application Control is based on the AV engine. 

C. Application Control can be applied to SSL encrypted traffic. 

D. Application Control cannot be applied to SSL encrypted traffic. 

Answer: A,C 


Q68. - (Topic 2) 

In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit? 

A. Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server 

B. Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server 

C. Request: Internal Host; Slave FortiGate; Internet; Web Server 

D. Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server 

Answer: A 


Q69. - (Topic 1) 

Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.) 

A. An IP address pool. 

B. A virtual IP address. 

C. An actual IP address or an IP address group. 

D. An FQDN or Geographic value(s). 

Answer: B,C,D 


Q70. - (Topic 3) 

Which of the following Session TTL values will take precedence? 

A. Session TTL specified at the system level for that port number 

B. Session TTL specified in the matching firewall policy 

C. Session TTL dictated by the application control list associated with the matching firewall policy 

D. The default session TTL specified at the system level 

Answer: C 


NSE5 exam

Actual NSE5 practice exam:

Q71. - (Topic 2) 

Review the static route configuration for IPsec shown in the Exhibit below; then answer the question following it. 


Which of the following statements are correct regarding this configuration? (Select all that apply). 

A. Remote_1 is a Phase 1 object with interface mode enabled 

B. The gateway address is not required because the interface is a point-to-point connection 

C. The gateway address is not required because the default route is used 

D. Remote_1 is a firewall zone 

Answer: A,B 


Q72. - (Topic 1) 

Which of the following components are contained in all FortiGate units from the FG50 models and up? (Select all that apply.) 

A. FortiASIC content processor. 

B. Hard Drive. 

C. Gigabit network interfaces. 

D. Serial console port. 

Answer: A,D 


Q73. - (Topic 3) 

In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling. 

Which of the following statements is true about the IP address used by the SSL VPN client? 

A. The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings. 

B. Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established. 

C. The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options. 

Answer: A 


Q74. - (Topic 2) 

Review the output of the command get router info routing-table all shown in the Exhibit below; then answer the question following it. 


Which one of the following statements correctly describes this output? 

A. The two routes to the 10.0.2.0/24 subnet are ECMP routes and traffic will be load balanced based on the configured ECMP settings. 

B. The route to the 10.0.2.0/24 subnet via interface Remote_1 is the active and the route via Remote_2 is the backup. 

C. OSPF does not support ECMP therefore only the first route to subnet 10.0.1.0/24 is used. 

D. 172.16.2.1 is the preferred gateway for subnet 10.0.2.0/24. 

Answer: A 


Q75. - (Topic 2) 

Review the IKE debug output for IPsec shown in the Exhibit below. 


Which one of the following statements is correct regarding this output? 

A. The output is a Phase 1 negotiation. 

B. The output is a Phase 2 negotiation. 

C. The output captures the Dead Peer Detection messages. 

D. The output captures the Dead Gateway Detection packets. 

Answer: C 


Related NSE5 Articles