aiotestking uk

NSE5 Exam Questions - Online Test


NSE5 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. - (Topic 3) 

A DLP rule with an action of Exempt has been matched against traffic passing through the FortiGate unit. Which of the following statements is correct regarding how this transaction will be handled by the FortiGate unit? 

A. Any other matched DLP rules will be ignored with the exception of Archiving. 

B. Future files whose characteristics match this file will bypass DLP scanning. 

C. The traffic matching the DLP rule will bypass antivirus scanning. 

D. The client IP address will be added to a white list. 

Answer:

Q2. - (Topic 3) 

Which of the following statements is correct based on the firewall configuration illustrated in the exhibit? 

A. A user can access the Internet using only the protocols that are supported by user authentication. 

B. A user can access the Internet using any protocol except HTTP, HTTPS, Telnet, and FTP. These require authentication before the user will be allowed access. 

C. A user must authenticate using the HTTP, HTTPS, SSH, FTP, or Telnet protocol before they can access any services. 

D. A user cannot access the Internet using any protocols unless the user has passed firewall authentication. 

Answer:

Q3. - (Topic 1) 

Users may require access to a web site that is blocked by a policy. Administrators can give 

users the ability to override the block. Which of the following statements regarding overrides is NOT correct? 

A. A web filter profile may only have one user group defined as an override group. 

B. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering. 

C. When requesting an override, the matched user must belong to a user group for which the override capabilty has been enabled. 

D. Overrides can be allowed by the administrator for a specific period of time. 

Answer:

Q4. - (Topic 1) 

Which of the following email spam filtering features is NOT supported on a FortiGate unit? 

A. Multipurpose Internet Mail Extensions (MIME) Header Check 

B. HELO DNS Lookup 

C. Greylisting 

D. Banned Word 

Answer:

Q5. - (Topic 2) 

FSSO provides a single sign on solution to authenticate users transparently to a FortiGate unit using credentials stored in Windows Active Directory. 

Which of the following statements are correct regarding FSSO in a Windows domain environment when NTLM and Polling Mode are not used? (Select all that apply.) 

A. An FSSO Collector Agent must be installed on every domain controller. 

B. An FSSO Domain Controller Agent must be installed on every domain controller. 

C. The FSSO Domain Controller Agent will regularly update user logon information on the FortiGate unit. 

D. The FSSO Collector Agent will retrieve user information from the Domain Controller Agent and will send the user logon information to the FortiGate unit. 

E. For non-domain computers, the only way to allow FSSO authentication is to install an FSSO client. 

Answer: B,D 

Q6. - (Topic 1) 

Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode? 

A. The FortiGate unit requires only a single IP address for receiving updates and configuring from a management computer. 

B. The FortiGate unit must use public IP addresses on both the internal and external networks. 

C. The FortiGate unit commonly uses private IP addresses on the internal network but hides them using network address translation. 

D. The FortiGate unit uses only DHCP-assigned IP addresses on the internal network. 

Answer:

Q7. - (Topic 1) 

The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate Web Config and also using the CLI. The command used in the CLI to perform this function is __________. 

A. set order 

B. edit policy 

C. reorder 

D. move 

Answer:

Q8. - (Topic 3) 

Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled? 

A. The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out. 

B. The proxy sends the file to the server while simultaneously buffering it. 

C. The proxy removes the infected file from the server by sending a delete command on behalf of the client. 

D. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server. 

Answer:

Q9. - (Topic 1) 

You wish to create a firewall policy that applies only to traffic intended for your web server. The server has an IP address of 192.168.2.2 and belongs to a class C subnet. When defining the firewall address for use in this policy, which one of the following addressing formats is correct? 

A. 192.168.2.0 / 255.255.255.0 

B. 192.168.2.2 / 255.255.255.0 

C. 192.168.2.0 / 255.255.255.255 

D. 192.168.2.2 / 255.255.255.255 

Answer:

Q10. - (Topic 1) 

What are the valid sub-types for a Firewall type policy? (Select all that apply) 

A. Device Identity 

B. Address 

C. User Identity 

D. Schedule 

E. SSL VPN 

Answer: A,B,C