[High quality] NSE5 Fortinet study guide 61-70 (Sep 2017)

NSE5 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

http://www.2passeasy.com/dumps/NSE5/

Your success in Fortinet NSE5 is our sole target and we develop all our NSE5 braindumps in a way that facilitates the attainment of this target. Not only is our NSE5 study material the best you can find, it is also the most detailed and the most updated. NSE5 Practice Exams for Fortinet NSE5 are written to the highest standards of technical accuracy.


This Testaimer.com web site will certainly provide you with credible info concerning NSE5 exam dumps.

Q61. - (Topic 2) 

Identify the statement which correctly describes the output of the following command: diagnose ips anomaly list 

A. Lists the configured DoS policy. 

B. List the real-time counters for the configured DoS policy. 

C. Lists the errors captured when compiling the DoS policy. 

Answer:


Q62. - (Topic 3) 

Which of the following must be configured on a FortiGate unit to redirect content requests to remote web cache servers? 

A. WCCP must be enabled on the interface facing the Web cache. 

B. You must enabled explicit Web-proxy on the incoming interface. 

C. WCCP must be enabled as a global setting on the FortiGate unit. 

D. WCCP must be enabled on all interfaces on the FortiGate unit through which HTTP traffic is passing. 

Answer:


Q63. - (Topic 1) 

Which of the following pieces of information can be included in the Destination Address field of a firewall policy? (Select all that apply.) 

A. An IP address pool. 

B. A virtual IP address. 

C. An actual IP address or an IP address group. 

D. An FQDN or Geographic value(s). 

Answer: B,C,D 


Q64. - (Topic 3) 

An organization wishes to protect its SIP Server from call flooding attacks. Which of the following configuration changes can be performed on the FortiGate unit to fulfill this requirement? 

A. Apply an application control list which contains a rule for SIP and has the "Limit INVITE Request" option configured. 

B. Enable Traffic Shaping for the appropriate SIP firewall policy. 

C. Reduce the session time-to-live value for the SIP protocol by running the configure system session-ttl CLI command. 

D. Run the set udp-idle-timer CLI command and set a lower time value. 

Answer:


Q65. - (Topic 3) 

If Open Shortest Path First (OSPF) has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through OSPF need to be announced by Border Gateway Protocol (BGP)? 

A. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Autonomous System Boundary Router (ASBR). 

B. The FortiGate unit will automatically announce all routes learned through OSPF to its BGP peers if the FortiGate unit is configured as an OSPF Area Border Router (ABR). 

C. At a minimum, the network administrator needs to enable Redistribute OSPF in the BGP settings. 

D. The BGP local AS number must be the same as the OSPF area number of the routes learned that need to be redistributed into BGP. 

E. By design, BGP cannot redistribute routes learned through OSPF. 

Answer:


Q66. - (Topic 3) 

When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search option. 

What is a valid reason for using the Full Search option, instead? 

A. The search items you are looking for are not contained in indexed log fields. 

B. A quick search only searches data received within the last 24 hours. 

C. You want the search to include the FortiAnalyzer's local logs. 

D. You want the search to include content archive data as well. 

Answer:


Q67. - (Topic 1) 

Which of the following statements are correct regarding URL filtering on the FortiGate unit? (Select all that apply.) 

A. The allowed actions for URL Filtering include Allow, Block and Exempt. 

B. The allowed actions for URL Filtering are Allow and Block. 

C. The FortiGate unit can filter URLs based on patterns using text and regular expressions. 

D. Any URL accessible by a web browser can be blocked using URL Filtering. 

E. Multiple URL Filter lists can be added to a single protection profile. 

Answer: A,C 


Q68. - (Topic 3) 

If Routing Information Protocol (RIP) version 1 or version 2 has already been configured on a FortiGate unit, which of the following statements is correct if the routes learned through RIP need to be advertised into Open Shortest Path First (OSPF)? 

A. The FortiGate unit will automatically announce all routes learned through RIP v1 or v2 to its OSPF neighbors. 

B. The FortiGate unit will automatically announce all routes learned only through RIP v2 to its OSPF neighbors. 

C. At a minimum, the network administrator needs to enable Redistribute RIP in the OSPF Advanced Options. 

D. The network administrator needs to configure a RIP to OSPF announce policy as part of the RIP settings. 

E. At a minimum, the network administrator needs to enable Redistribute Default in the OSPF Advanced Options. 

Answer:


Q69. - (Topic 3) 

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity. 

The following troubleshooting commands are executed from the CLI: 

user1 # get system interface 

== [ internal ] 

namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up 

netbios-forwarD. disable typE. physical mtu-overridE. disable 

== [ vlan1 ] 

namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb 

ios-forwarD. disable typE. vlan mtu-overridE. disable 

user1 # get router info routing-table all 

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP 

O - OSPF, IA - OSPF inter area 

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 

E1 - OSPF external type 1, E2 - OSPF external type 2 

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area 

* - candidate default 

S 10.0.0.0/8 [10/0] is a summary, Null 

C 10.0.1.0/25 is directly connected, vlan1 

C 10.0.1.128/25 is directly connected, internal 

user1 # diagnose debug flow trace start 100 

user1 # diagnose debug ena 

user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1 

id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130 

:47922->10.0.1.1:443) from internal." 

id=20085 trace_id=277 msg="allocate a new session-00000b21" 

id=20085 trace_id=277 msg="iprope_in_check() check failed, drop" 

Based on the output from these commands, which of the following is a possible cause of the problem? 

A. The FortiGate unit has no route back to the PC. 

B. The PC has an IP address in the wrong subnet. 

C. The PC is using an incorrect default gateway IP address. 

D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1. 

Answer:


Q70. - (Topic 1) 

When creating administrative users which of the following configuration objects determines access rights on the FortiGate unit. 

A. profile 

B. allowaccess interface settings 

C. operation mode 

D. local-in policy 

Answer: