aiotestking uk

NSE5 Exam Questions - Online Test


NSE5 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 1) 

What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds? 

A. Sessions can be idle for no more than 1800 seconds. 

B. The maximum length of time a session can be open is 1800 seconds. 

C. After 1800 seconds, the end user must reauthenticate. 

D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server. 

Answer:

Q2. - (Topic 1) 

If no firewall policy is specified between two FortiGate interfaces and zones are not used, which of the following statements describes the action taken on traffic flowing between these interfaces? 

A. The traffic is blocked. 

B. The traffic is passed. 

C. The traffic is passed and logged. 

D. The traffic is blocked and logged. 

Answer:

Q3. - (Topic 1) 

Which of the following is true regarding Switch Port Mode? 

A. Allows all internal ports to share the same subnet. 

B. Provides separate routable interfaces for each internal port. 

C. An administrator can select ports to be used as a switch. 

D. Configures ports to be part of the same broadcast domain. 

Answer:

Q4. - (Topic 1) 

Which of the following statements are true of the FortiGate unit’s factory default configuration? 

A. ‘Port1’ or ‘Internal’ interface will have an IP of 192.168.1.99. 

B. ‘Port1’ or ‘Internal’ interface will have a DHCP server set up and enabled (on devices that support DHCP Servers). 

C. Default login will always be the username: admin (all lowercase) and no password. 

D. The implicit firewall action is ACCEPT. 

Answer: A,B,C 

Q5. - (Topic 1) 

You are the administrator in charge of a FortiGate unit which acts as a VPN gateway. You have chosen to use Interface Mode when configuring the VPN tunnel and you want users from either side to be able to initiate new sessions. There is only 1 subnet at either end and the FortiGate unit already has a default route. 

Which of the following configuration steps are required to achieve these objectives? (Select all that apply.) 

A. Create one firewall policy. 

B. Create two firewall policies. 

C. Add a route for the remote subnet. 

D. Add a route for incoming traffic. 

E. Create a phase 1 definition. 

F. Create a phase 2 definition. 

Answer: B,C,E,F 

Q6. - (Topic 1) 

Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode? 

A. The FortiGate unit applies NAT to all traffic. 

B. The FortiGate unit functions as a Layer 3 device. 

C. The FortiGate unit functions as a Layer 2 device. 

D. The FortiGate unit functions as a router and the firewall function is disabled. 

Answer:

Q7. - (Topic 3) 

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. 

Which of the following statements are correct regarding these VDOMs? (Select all that apply.) 

A. The FortiGate unit supports any combination of these VDOMs in NAT/Route and Transparent modes. 

B. The FortiGate unit must be a model 1000 or above to support multiple VDOMs. 

C. A license had to be purchased and applied to the FortiGate unit before VDOM mode could be enabled. 

D. All VDOMs must operate in the same mode. 

E. Changing a VDOM operational mode requires a reboot of the FortiGate unit. 

F. An admin account can be assigned to one VDOM or it can have access to all three VDOMs. 

Answer: A,F 

Q8. - (Topic 3) 

Which of the following statements is correct about how the FortiGate unit verifies username and password during user authentication? 

A. If a remote server is included in a user group, it will be checked before local accounts. 

B. An administrator can define a local account for which the password must be verified by querying a remote server. 

C. If authentication fails with a local password, the FortiGate unit will query the authentication server if the local user is configured with both a local password and an authentication server. 

D. The FortiGate unit will only attempt to authenticate against Active Directory if Fortinet Server Authentication Extensions are installed and configured. 

Answer:

Q9. - (Topic 3) 

A portion of the device listing for a FortiAnalyzer unit is displayed in the exhibit. 

Which of the following statements best describes the reason why the FortiGate 60B unit is unable to archive data to the FortiAnalyzer unit? 

A. The FortiGate unit is considered an unregistered device. 

B. The FortiGate unit has been blocked from sending archive data to the FortiAnalyzer device by the administrator. 

C. The FortiGate unit has insufficient privileges. The administrator should edit the device entry in the FortiAnalyzer and modify the privileges. 

D. The FortiGate unit is being treated as a syslog device and is only permitted to send log data. 

Answer:

Q10. - (Topic 1) 

Which of the following statements are correct regarding logging to memory on a FortiGate unit? (Select all that apply.) 

A. When the system has reached its capacity for log messages, the FortiGate unit will stop logging to memory. 

B. When the system has reached its capacity for log messages, the FortiGate unit overwrites the oldest messages. 

C. If the FortiGate unit is reset or loses power, log entries captured to memory will be lost. 

D. None of the above. 

Answer: B,C