Real Fortinet NSE5 dumps

Examcollection offers free demo for NSE5 exam. "Fortinet Network Security Expert 5 Written Exam (500)", also known as NSE5 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE5 exam, will help you answer those questions. The NSE5 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE5 exams and revised by experts!


2024 Fortinet Official New Released NSE5 ♥♥
https://www.certleader.com/NSE5-dumps.html


Q1. - (Topic 1) 

In which order are firewall policies processed on the FortiGate unit? 

A. They are processed from the top down according to their sequence number. 

B. They are processed based on the policy ID number shown in the left hand column of the policy window. 

C. They are processed on best match. 

D. They are processed based on a priority value assigned through the priority column in the policy window. 

Answer:

Q2. - (Topic 1) 

A FortiGate unit can act as which of the following? (Select all that apply.) 

A. Antispam filter 

B. Firewall 

C. VPN gateway 

D. Mail relay 

E. Mail server 

Answer: A,B,C 

Q3. - (Topic 1) 

Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.) 

A. Firewall 

B. Directory Service 

C. Local 

D. LDAP 

E. PKI 

Answer: A,B 

Q4. - (Topic 2) 

With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent. 

If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.) 

A. The login event is sent to the Collector Agent. 

B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller. 

C. The Collector Agent performs the DNS lookup for the authenticated client’s IP address. 

D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent. 

Answer: A,C 

Q5. - (Topic 1) 

Which of the following regular expression patterns will make the terms "confidential data" case insensitive? 

A. [confidential data] 

B. /confidential data/i 

C. i/confidential data/ 

D. "confidential data" 

E. /confidential data/c 

Answer:

Q6. - (Topic 3) 

Which of the following Session TTL values will take precedence? 

A. Session TTL specified at the system level for that port number 

B. Session TTL specified in the matching firewall policy 

C. Session TTL dictated by the application control list associated with the matching firewall policy 

D. The default session TTL specified at the system level 

Answer:

Q7. - (Topic 2) 

Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domains only apply to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

E. They are only available in high-end models. 

Answer: A,D 

Q8. - (Topic 1) 

Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function. How are UTM features applied to traffic? 

A. One or more UTM features are enabled in a firewall policy. 

B. In the system configuration for that UTM feature, you can identify the policies to which the feature is to be applied. 

C. Enable the appropriate UTM objects and identify one of them as the default. 

D. For each UTM object, identify which policy will use it. 

Answer:

Q9. - (Topic 1) 

The FortiGate unit’s GUI provides a link to update the firmware. 

Clicking this link will perform which of the following actions? 

A. It will connect to the Fortinet Support site where the appropriate firmware version can be selected. 

B. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit. 

C. It will present a prompt to allow browsing to the location of the firmware file. 

D. It will automatically connect to the Fortinet Support site to download the most recent firmware version for the FortiGate unit. 

Answer:

Q10. - (Topic 3) 

An administrator is configuring a DLP rule for FTP traffic. When adding the rule to a DLP sensor, 

the administrator notes that the Ban Sender action is not available (greyed-out), as shown in the exhibit. 

Which of the following is the best explanation for the Ban Sender action NOT being available? 

A. The Ban Sender action is never available for FTP traffic. 

B. The Ban Sender action needs to be enabled globally for FTP traffic on the FortiGate unit before configuring the sensor. 

C. Firewall policy authentication is required before the Ban Sender action becomes available. 

D. The Ban Sender action is only available for known domains. No domains have yet been added to the domain list. 

Answer: