Ensurepass

QUESTION 151

Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.)

 

A.

The device this command is executed on is likely to switch from master to slave status if master override is disabled.

B.

The device this command is executed on is likely to switch from master to slave status if master override is enabled.

C.

This command has no impact on the HA algorithm.

D.

This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

 

Correct Answer: AD

 

 

QUESTION 152

Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit below. Which of the following statements are correct regarding this output? (Select all that apply.)

 

clip_image002

 

A.

The connecting client has been allocated address 172.20.1.1.

B.

In the Phase 1 settings, dead peer detection is enabled.

C.

The tunnel is idle.

D.

The connecting client has been allocated address 10.200.3.1.

 

Correct Answer: AB

 

 

QUESTION 153

Review the output of the command get router info routing-table database shown in the Exhibit below; then answer the question following it. Which of the following statements are correct regarding this output? (Select all that apply).

 

clip_image004

 

A.

There will be six routes in the routing table.

B.

There will be seven routes in the routing table.

C.

There will be two default routes in the routing table.

D.

There will be two routes for the 10.0.2.0/24 subnet in the routing table.

 

Correct Answer: AC

 

 

 

QUESTION 154

Review the static route configuration for IPsec shown in the Exhibit below; then answer the question following it. Which of the following statements are correct regarding this configuration? (Select all that apply).

 

clip_image006

 

A.

Remote_1 is a Phase 1 object with interface mode enabled

B.

The gateway address is not required because the interface is a point-to-point connection

C.

The gateway address is not required because the default route is used

D.

Remote_1 is a firewall zone

 

Correct Answer: AB

 

 

QUESTION 155

Examine the Exhibit shown below; then answer the question following it.

 

clip_image008

 

In this scenario, the Fortigate unit in Ottawa has the following routing table:

 

S* 0.0.0.0/0 [10/0] via 172.20.170.254, port2

 

C 172.20.167.0/24 is directly connected, port1

 

C 172.20.170.0/24 is directly connected, port2

 

Sniffer tests show that packets sent from the Source IP address 172.20.168.2 to the Destination IP address 172.20.169.2 are being dropped by the FortiGate unit located in Ottawa. Which of the following correctly describes the cause for the dropped packets?

A.

The forward policy check.

B.

The reverse path forwarding check.

C.

The subnet 172.20.169.0/24 is NOT in the Ottawa FortiGate unit’s routing table.

D.

The destination workstation 172.20.169.2 does NOT have the subnet 172.20.168.0/24 in its routing table.

 

Correct Answer: B

 

 

QUESTION 156

Review the IPsec phase1 configuration in the Exhibit shown below; then answer the question following it. Which of the following statements are correct regarding this configuration? (Select all that apply).

 

clip_image009

 

A.

The phase1 is for a route-based VPN configuration.

B.

The phase1 is for a policy-based VPN configuration.

C.

The local gateway IP is the address assigned to port1.

D.

The local gateway IP address is 10.200.3.1.

 

Correct Answer: AC

 

QUESTION 157

Examine the following log message for IPS and identify the valid responses below. (Select all that apply.)

 

2012-07-01 09:54:28 oid=2 log_id=18433 type=ips subtype=anomaly pri=alert vd=root severity=”critical” src=”192.168.3.168″ dst=”192.168.3.170″ src_int=”port2″ serial=0 status=”detected” proto=1 service=”icmp” count=1 attack_name=”icmp_flood” icmp_id=”0xa8a4″ icmp_type=”0x08″ icmp_code=”0x00″ attack_id=16777316 sensor=”1″ ref=”http://www.fortinet.com/ids/VID16777316″ msg=”anomaly: icmp_flood, 51 > threshold 50″

 

A.

The target is 192.168.3.168.

B.

The target is 192.168.3.170.

C.

The attack was detected and blocked.

D.

The attack was detected only.

E.

The attack was TCP based.

 

Correct Answer: BD

 

 

QUESTION 158

Review the configuration for FortiClient IPsec shown in the Exhibit below. Which of the following statements is correct regarding this configuration?

 

clip_image011

 

A.

The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object

B.

The connecting VPN client will install a default route

C.

The connecting VPN client will install a route to the 172.20.1.[1-5] address range

D.

The connecting VPN client will connect in web portal mode and no route will be installed

 

Correct Answer: A

 

 

QUESTION 159

Identify the statement which correctly describes the output of the following command:

< p class="MsoNormal" style="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left"> 

diagnose ips anomaly list

 

A.

Lists the configured DoS policy.

B.

List the real-time counters for the configured DoS policy.

C.

Lists the errors captured when compiling the DoS policy.

 

Correct Answer: B

 

 

QUESTION 160

Which of the following statements correctly describe Transparent Mode operation? (Select all that apply.)

 

A.

The FortiGate unit acts as transparent bridge and routes traffic using Layer-2 forwarding.

B.

Ethernet packets are forwarded based on destination MAC addresses NOT IPs.

C.

The device is transparent to network hosts.

D.

Permits inline traffic inspection and firewalling without changing the IP scheme of the network.

E.

All interfaces must be on different IP subnets.

 

Correct Answer: ABCD

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.