This page was exported from Exam Dumps With VCE and PDF Updated By PassLeader [ https://www.vce4cert.com ] Export date:Thu Mar 28 13:31:03 2024 / +0000 GMT ___________________________________________________ Title: [2016-NEW!] New NSE5 Study Guide With Updated Exam Questions From PassLeader (Question 121 – Question 140) --------------------------------------------------- Want to pass your NSE5 exam? Why not trying PassLeader's NSE5 VCE or PDF dumps? We PassLeader now are offering the accurate 240q NSE5 exam questions and answers, you can get all the real exam questions from our NSE5 exam dumps. All our 240q NSE5 practice tests are the newest and same with the real test. We ensure that you can pass NSE5 exam easily with our premium NSE5 study guide! Now visit passleader.com to get the valid NSE5 braindumps with free version VCE Player! keywords: NSE5 exam,240q NSE5 exam dumps,240q NSE5 exam questions,NSE5 pdf dumps,NSE5 vce dumps,NSE5 braindumps,NSE5 practice tests,NSE5 study guide,Fortinet Network Security Analyst Exam P.S. Download Free NSE5 PDF Dumps and Get Premium PassLeader NSE5 VCE Dumps At The End Of This Post!!! (Ctrl+End) QUESTION 121Examine the static route configuration shown below; then answer the question following it.config router staticedit 1set dst 172.20.1.0 255.255.255.0set device port1set gateway 172.11.12.1set distance 10set weight 5nextedit 2set dst 172.20.1.0 255.255.255.0set blackhole enableset distance 5set weight 10nextendWhich of the following statements correctly describes the static routing configuration provided? (Select all that apply.) A.    All traffic to 172.20.1.0/24 will always be dropped by the FortiGate unit.B.    As long as port1 is up, all the traffic to 172.20.1.0/24 will be routed by the static route number 1. If the interface port1 is down, the traffic will be routed using the blackhole route.C.    The FortiGate unit will NOT create a session entry in the session table when the traffic is being routed by the blackhole route.D.    The FortiGate unit will create a session entry in the session table when the traffic is being routed by the blackhole route.E.    Traffic to 172.20.1.0/24 will be shared through both routes. Answer: AC QUESTION 122Review the IKE debug output for IPsec shown in the Exhibit below.Which one of the following statements is correct regarding this output? A.    The output is a Phase 1 negotiation.B.    The output is a Phase 2 negotiation.C.    The output captures the Dead Peer Detection messages.D.    The output captures the Dead Gateway Detection packets. Answer: C QUESTION 123In Transparent Mode, forward-domain is an attribute of ______________. A.    an interfaceB.    a firewall policyC.    a static routeD.    a virtual domain Answer: A QUESTION 124Examine the Exhibit shown below; then answer the question following it.The Vancouver FortiGate unit initially had the following information in its routing table:S 172.20.0.0/16 [10/0] via 172.21.1.2, port2C 172.21.0.0/16 is directly connected, port2C 172.11.11.0/24 is directly connected, port1Afterwards, the following static route was added:config router staticedit 6set dst 172.20.1.0 255.255.255.0set pririoty 0set device port1set gateway 172.11.12.1nextendSince this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem? A.    The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.B.    The 'gateway' IP address is NOT in the same subnet as the IP address of port1.C.    The priority is 0, which means that the route will remain inactive.D.    The static route configuration is missing the distance setting. Answer: B QUESTION 125Examine the exhibit shown below then answer the question that follows it.Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following: A.    FortiGate unit's encryption certificate used by the SSL proxy.B.    FortiGate unit's signing certificate used by the SSL proxy.C.    FortiGuard's signing certificate used by the SSL proxy.D.    FortiGuard's encryption certificate used by the SSL proxy. Answer: A QUESTION 126The eicar test virus is put into a zip archive, which is given the password of "Fortinet" in order to open the archive. Review the configuration in the exhibits shown below; then answer the question that follows.Exhibit A - Antivirus Profile:Exhibit B - Non-default UTM Proxy Options Profile:Exhibit C - DLP Profile:Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol? A.    Only Exhibit AB.    Only Exhibit BC.    Only Exhibit C with default UTM Proxy settings.D.    All of the Exhibits (A, B and C)E.    Only Exhibit C with non-default UTM Proxy settings (Exhibit B). Answer: C QUESTION 127Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.) A.    SNMPB.    IPSecC.    SMTPD.    POP3E.    HTTP Answer: CDE QUESTION 128Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it.Which one of the following statements is correct regarding this output? A.    OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2.B.    OSPF Hello packets will be sent on all interfaces of the FortiGate device.C.    OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.D.    OSPF Hello packets are not sent on point-to-point networks. Answer: C QUESTION 129In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit? A.    Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web ServerB.    Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web ServerC.    Request: Internal Host; Slave FortiGate; Internet; Web ServerD.    Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server Answer: A QUESTION 130Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of 'show system ha' for the STUDENT device. Exhibit B shows the command output of 'show system ha' for the REMOTE device.Exhibit A:Exhibit BWhich one of the following is the most likely reason that the cluster fails to form? A.    PasswordB.    HA modeC.    HearbeatD.    Override Answer: B QUESTION 131In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit. A.    The HA mode changes to standalone.B.    Port3 is configured with an IP address for management access.C.    The Firewall rules are purged on the disconnected unit.D.    All other interface IP settings are maintained. Answer: AB QUESTION 132Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.) A.    The device this command is executed on is likely to switch from master to slave status if master override is disabled.B.    The device this command is executed on is likely to switch from master to slave status if master override is enabled.C.    This command has no impact on the HA algorithm.D.    This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected. Answer: AD QUESTION 133Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below.Which of the following statements are correct regarding this output? (Select all that apply.) A.    The connecting client has been allocated address 172.20.1.1.B.    In the Phase 1 settings, dead peer detection is enabled.C.    The tunnel is idle.D.    The connecting client has been allocated address 10.200.3.1. Answer: AB QUESTION 134Review the output of the command get router info routing-table database shown in the Exhibit below; then answer the question following it.Which of the following statements are correct regarding this output? (Select all that apply). A.    There will be six routes in the routing table.B.    There will be seven routes in the routing table.C.    There will be two default routes in the routing table.D.    There will be two routes for the 10.0.2.0/24 subnet in the routing table. Answer: AC QUESTION 135Review the static route configuration for IPsec shown in the Exhibit below; then answer the question following it.Which of the following statements are correct regarding this configuration? (Select all that apply). A.    Remote_1 is a Phase 1 object with interface mode enabledB.    The gateway address is not required because the interface is a point-to-point connectionC.    The gateway address is not required because the default route is usedD.    Remote_1 is a firewall zone Answer: AB QUESTION 136Examine the Exhibit shown below; then answer the question following it.In this scenario, the Fortigate unit in Ottawa has the following routing table:S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2C 172.20.167.0/24 is directly connected, port1C 172.20.170.0/24 is directly connected, port2Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets? A.    The forward policy check.B.    The reverse path forwarding check.C.    The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit's routing table.D.    The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table. Answer: B QUESTION 137Examine the following log message for IPS and identify the valid responses below. (Select all that apply.)2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity="critical" src="192.168.3.168" dst="192.168.3.170" src_int="port2" serial=0 status="detected" proto=1 service="icmp" count=1 attack_name="icmp_flood" icmp_id="0xa8a4" icmp_type="0x08" icmp_code="0x00" attack_id=16777316 sensor="1" ref="http://www.fortinet.com/ids/VID16777316" msg="anomaly: icmp_flood, 51 > threshold 50" A.    The target is 192.168.3.168.B.    The target is 192.168.3.170.C.    The attack was detected and blocked.D.    The attack was detected only.E.    The attack was TCP based. Answer: BD QUESTION 138Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it.Which of the following statements are correct regarding this configuration? (Select all that apply). A.    The phase1 is for a route-based VPN configuration.B.    The phase1 is for a policy-based VPN configuration.C.    The local gateway IP is the address assigned to port1.D.    The local gateway IP address is 10.200.3.1. Answer: AC QUESTION 139Review the configuration for FortiClient IPsec shown in the Exhibit below.Which of the following statements is correct regarding this configuration? A.    The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address objectB.    The connecting VPN client will install a default routeC.    The connecting VPN client will install a route to the 172.20.1.[1-5] address rangeD.    The connecting VPN client will connect in web portal mode and no route will be installed Answer: A QUESTION 140Identify the statement which correctly describes the output of the following command:diagnose ips anomaly list A.    Lists the configured DoS policy.B.    List the real-time counters for the configured DoS policy.C.    Lists the errors captured when compiling the DoS policy. Answer: B Download Free NSE5 PDF Dumps From Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpU0FrbTh1X3JMSmM Download New NSE5 VCE Dumps From PassLeader: http://www.passleader.com/nse5.html (New Questions Are 100% Available and Wrong Answers Have Been Corrected!!!) --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2016-05-13 06:53:37 Post date GMT: 2016-05-13 06:53:37 Post modified date: 2016-05-13 06:53:37 Post modified date GMT: 2016-05-13 06:53:37 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com