Ensurepass

QUESTION 141

Review the IKE debug output for IPsec shown in the Exhibit below. Which one of the following statements is correct regarding this output?

 

clip_image002

 

A.

The output is a Phase 1 negotiation.

B.

The output is a Phase 2 negotiation.

C.

The output captures the Dead Peer Detection messages.

D.

The output captures the Dead Gateway Detection packets.

 

Correct Answer: C

 

 

QUESTION 142

In Transparent Mode, forward-domain is an attribute of ______________.

 

A.

an interface

B.

a firewall policy

C.

a static route

D.

a virtual domain

 

Correct Answer: A

 

 

QUESTION 143

Examine the Exhibit shown below; then answer the question following it.

 

clip_image004

 

The Vancouver FortiGate unit initially had the following information in its routing table:

 

S 172.20.0.0/16 [10/0] via 172.21.1.2, port2

 

C 172.21.0.0/16 is directly connected, port2

 

C 172.11.11.0/24 is directly connected, port1

 

Afterwards, the following static route was added:

 

config router static

 

edit 6

 

set dst 172.20.1.0 255.255.255.0

 

set pririoty 0

 

set device port1

 

set gateway 172.11.12.1

 

next

 

end

 

Since this change, the new static route is NOT showing up in the routing table. Given the information provided, which of the following describes the cause of this problem?

 

A.

The subnet 172.20.1.0/24 is overlapped with the subnet of one static route that is already in the routing table (172.20.0.0/16), so, we need to enable allow-subnet-overlap first.

B.

The ‘gateway’ IP address is NOT in the same subnet as the IP address of port1.

C.

The priority is 0, which means that the route will remain inactive.

D.

The static route configuration is missing the distance setting.

 

Correct Answer: B

 

 

QUESTION 144

Examine the exhibit shown below then answer the question that follows it. Within the UTM Proxy Options, the CA certificate Fortinet_CA_SSLProxy defines which of the following:

 

clip_image006

 

A.

FortiGate unit’s encryption certificate used by the SSL proxy.

B.

FortiGate unit’s signing certificate used by the SSL proxy.

C.

FortiGuard’s signing certificate used by the SSL proxy.

D.

FortiGuard’s encryption certificate used by the SSL proxy.

 

Correct Answer: A

 

 

 

 

QUESTION 145

Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)

 

A.

SNMP

B.

IPSec

C.

SMTP

D.

POP3

E.

HTTP

 

Correct Answer: CDE

 

 

QUESTION 146

The eicar test virus is put into a zip archive, which is given the password of “Fortinet” in order to open the archive. Review the configuration in the exhibits shown below; then answer the question that follows.

 

Exhibit A – Antivirus Profile:

clip_image008

 

Exhibit B – Non-default UTM Proxy Options Profile:

clip_image010

 

Exhibit C – DLP Profile:

clip_image012

 

Which of one the following profiles could be enabled in order to prevent the file from passing through the FortiGate device over HTTP on the standard port for that protocol?

 

A.

Only Exhibit A

B.

Only Exhibit B

C.

Only Exhibit C with default UTM Proxy settings.

D.

All of the Exhibits (A, B and C)

E.

Only Exhibit C with non-default UTM Proxy settings (Exhibit B).

 

Correct Answer: C

 

 

QUESTION 147

In a High Availability cluster operating in Active-Active mode, which of the following correctly describes the path taken by the SYN packet of an HTTP session that is offloaded to a subordinate unit?

 

A.

Request: Internal Host; Master FortiGate; Slave FortiGate; Internet; Web Server

B.

Request: Internal Host; Master FortiGate; Slave FortiGate; Master FortiGate; Internet; Web Server

C.

Request: Internal Host; Slave FortiGate; Internet; Web Server

D.

Request: Internal Host; Slave FortiGate; Master FortiGate; Internet; Web Server

 

Correct Answer: A

 

 

 

 

 

 

 

QUESTION 148

Review the output of the command config router ospf shown in the Exhibit below; then answer the question following it. Which one of the following statements is correct regarding this output?

 

clip_image014

 

A.

OSPF Hello packets will only be sent on interfaces configured with the IP addresses 172.16.1.1 and 172.16.1.2.

B.

OSPF Hello packets will be sent on all interfaces of the FortiGate device.

C.

OSPF Hello packets will be sent on all interfaces configured with an address matching the 10.0.1.0/24 and 172.16.0.0/12 networks.

D.

OSPF Hello packets are not sent on point-to-point networks.

 

Correct Answer: C

 

 

QUESTION 149

Two FortiGate devices fail to form an HA cluster, the device hostnames are STUDENT and REMOTE. Exhibit A shows the command output of ‘show system ha’ for the STUDENT device. Exhibit B shows the command output of ‘show system ha’ for the REMOTE device. Which one of the following is the most likely reason that the cluster fails to form?

 

Exhibit A:

clip_image015

 

Exhibit B

clip_image017

 

A.

Password

B.

HA mode

C.

Hearbeat

D.

Override

 

Correct Answer: B

 

 

QUESTION 150

In HA, what is the effect of the Disconnect Cluster Member command as given in the Exhibit.

 

clip_image019

 

A.

The HA mode changes to standalone.

B.

Port3 is configured with an IP address for management access.

C.

The Firewall rules are purged on the disconnected unit.

D.

All other interface IP settings are maintained.

 

Correct Answer: AB

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.