[2016-Fortinet-Official]Free Braindump2go NSE5 New Questions Download[NQ1-NQ20]
2016 May News: Fortinet Network Security Analyst NSE5 Exam Querstions New Released Today in Braindump2go.com Online IT Certification Exams Study Website!
Exam Code: NSE5
Exam Name: Fortinet Network Security Analyst
NEW QUESTIONS 1 – NEW QUESTYION 20
When creating administrative users, the assigned _____________determines user rights on the FortiGate unit.
Answer: access profile
Which of the following are valid FortiGate device interface methods for handling DNS requests? (Select all that apply.)
Which of the following is true regarding Switch Port Mode?
A. Allows all internal ports to share the same subnet.
B. Provides separate routable interfaces for each internal port.
C. An administrator can select ports to be used as a switch.
D. Configures ports to be part of the same broadcast domain.
A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?
C. direct serial connection
You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct?
A. 192.168.2.0 / 255.255.255.0
B. 192.168.2.2 / 255.255.255.0
C. 192.168.2.0 / 255.255.255.255
D. 192.168.2.2 / 255.255.255.255
The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit’s GUI and also using the CLI. The command used in the CLI to perform this function is ______ .
A. set order
B. edit policy
Which of the following email spam filtering features is NOT supported on a FortiGate unit?
A. Multipurpose Internet Mail Extensions (MIME) Header Check
B. HELO DNS Lookup
D. Banned Word
Which of the following statements are true regarding Local User Authentication? (Select all that apply.)
A. Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.
B. Two-factor authentication can be enabled on a per user basis.
C. Administrators can create an account for the user locally and specify the remote server to verify the password.
D. Local users are for administration accounts only and cannot be used for identity policies.
Which of the following statements regarding Banned Words are correct? (Select all that apply.)
A. The FortiGate unit can scan web pages and email messages for instances of banned words.
B. When creating a banned word list, an administrator can indicate either specific words or patterns.
C. Banned words can be expressed as wildcards or regular expressions.
D. Content is automatically blocked if a single instance of a banned word appears.
E. The FortiGate unit includes a pre-defined library of common banned words.
Encrypted backup files provide which of the following benefits? (Select all that apply.)
A. Integrity of the backup file is protected since it cannot be easily modified when encrypted.
B. Prevents the backup file from becoming corrupted.
C. Protects details of the device’s configuration settings from being discovered while the backup file is in transit. For example, transferred to a data centers for system recovery.
D. A copy of the encrypted backup file is automatically pushed to the FortiGuard Distribution Service (FDS) for disaster recovery purposes. If the backup file becomes corrupt it can be retrieved through FDS.
E. Fortinet Technical Support can recover forgotten passwords with a backdoor passphrase.
When browsing to an internal web server using a web-mode SSL VPN bookmark, from which of the following source IP addresses would the web server consider the HTTP request to be initiated?
A. The remote user’s virtual IP address.
B. The FortiGate unit’s internal IP address.
C. The remote user’s public IP address.
D. The FortiGate unit’s external IP address.
Which of the following antivirus and attack definition update features are supported by FortiGate units? (Select all that apply.)
A. Manual, user-initiated updates from the FortiGuard Distribution Network.
B. Hourly, daily, or weekly scheduled antivirus and attack definition and antivirus engine updates from the FortiGuard Distribution Network.
C. Push updates from the FortiGuard Distribution Network.
D. Update status including version numbers, expiry dates, and most recent update dates and times.
SSL content inspection is enabled on the FortiGate unit. Which of the following steps is required to prevent a user from being presented with a web browser warning when accessing an SSL-encrypted website?
A. The root certificate of the FortiGate SSL proxy must be imported into the local certificate store on the user’s workstation.
B. Disable the strict server certificate check in the web browser under Internet Options.
C. Enable transparent proxy mode on the FortiGate unit.
D. Enable NTLM authentication on the FortiGate unit. NTLM authentication suppresses the certificate warning messages in the web browser.
Two-factor authentication is supported using the following methods? (Select all that apply.)
C. SMS phone message
D. Code books
Which statement is correct regarding virus scanning on a FortiGate unit?
A. Virus scanning is enabled by default.
B. Fortinet Customer Support enables virus scanning remotely for you.
C. Virus scanning must be enabled in a protection profile and the protection profile must be assigned to a firewall policy.
D. Enabling virus scanning in a protection profile enables virus scanning for all traffic flowing through the FortiGate.
An issue could potentially occur when clicking Connect to start tunnel mode SSL VPN.
The tunnel will start up for a few seconds, then shut down.
Which of the following statements best describes how to resolve this issue?
A. This user does not have permission to enable tunnel mode. Make sure that the tunnel mode widget has been added to that user’s web portal.
B. This FortiGate unit may have multiple Internet connections. To avoid this problem, use the appropriate CLI command to bind the SSL VPN connection to the original incoming interface.
C. Check the SSL adaptor on the host machine. If necessary, uninstall and reinstall the adaptor from the tunnel mode portal.
D. Make sure that only Internet Explorer is used. All other browsers are unsupported.
Users may require access to a web site that is blocked by a policy. Administrators can give users the ability to override the block. Which of the following statements regarding overrides are correct? (Select all that apply.)
A. A protection profile may have only one user group defined as an override group.
B. A firewall user group can be used to provide override privileges for FortiGuard Web Filtering.
C. Authentication to allow the override is based on a user’s membership in a user group.
D. Overrides can be allowed by the administrator for a specific period of time.
If a FortiGate unit has a dmz interface IP address of 184.108.40.206 with a subnet mask of 255.255.255.0, what is a valid dmz DHCP addressing range?
A. 220.127.116.11 – 18.104.22.168
B. 22.214.171.124 – 126.96.36.199
C. 188.8.131.52 – 184.108.40.206
D. All of the above.
What are the valid sub-types for a Firewall type policy? (Select all that apply)
A. Device Identity
C. User Identity
E. SSL VPN
If no firewall policy is specified between two FortiGate interfaces and zones are not used, which of the following statements describes the action taken on traffic flowing between these interfaces?
A. The traffic is blocked.
B. The traffic is passed.
C. The traffic is passed and logged.
D. The traffic is blocked and logged.
2016 Valid NSE5 Exam Preparation Materials:
1.| Latest NSE5 PDF Dumps and NSE5 VCE Dumps 240Q&As – 100% Exam Pass Guaranteed: http://www.braindump2go.com/nse5.html
2.| Newest NSE5 Exam Questions PDF – Google Drive: https://drive.google.com/folderview?id=0B75b5xYLjSSNRGszMUtRSkg5VHc&usp=sharing