Ensurepass

QUESTION 21

Which of the following are valid components of the Fortinet Server Authentication Extensions (FSAE)? (Select all that apply.)

 

A.

Domain Local Security Agent.

B.

Collector Agent.

C.

Active Directory Agent.

D.

User Authentication Agent.

E.

Domain Controller Agent.

 

Correct Answer: BE

 

 

QUESTION 22

Which of the following statements regarding the firewall policy authentication timeout is true?

 

A.

The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source IP.

B.

The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source IP after this timer has expired.

C.

The authentication timeout is an idle timeout. This means that the FortiGate unit will consider a user to be “idle” if it does not see any packets coming from the user’s source MAC.

D.

The authentication timeout is a hard timeout. This means that the FortiGate unit will remove the temporary policy for this user’s source MAC after this timer has expired.

 

Correct Answer: A

 

 

QUESTION 23

A FortiAnalyzer device could use which security method to secure the transfer of log data from FortiGate devices?

 

A.

SSL

B.

IPSec

C.

direct serial connection

D.

S/MIME

 

Correct Answer: B

QUESTION 24

You wish to create a firewall policy that applies only to traffic intended for your web server. The web server has an IP address of 192.168.2.2 and a /24 subnet mask. When defining the firewall address for use in this policy, which one of the following addresses is correct?

 

A.

192.168.2.0 / 255.255.255.0

B.

192.168.2.2 / 255.255.255.0

C.

192.168.2.0 / 255.255.255.255

D.

192.168.2.2 / 255.255.255.255

 

Correct Answer: D

 

 

QUESTION 25

The ordering of firewall policies is very important. Policies can be re-ordered within the FortiGate unit’s GUI and also using the CLI. The command used in the CLI to perform this function is ______ .

 

A.

set order

B.

edit policy

C.

reorder

D.

move

 

Correct Answer: D

 

 

QUESTION 26

Which of the following email spam filtering features is NOT supported on a FortiGate unit?

 

A.

Multipurpose In
ternet Mail Extensions (MIME) Header Check

B.

HELO DNS Lookup

C.

Greylisting

D.

Banned Word

 

Correct Answer: C

 

 

QUESTION 27

Which of the following statements are true regarding Local User Authentication? (Select all that apply.)

 

A.

Local user authentication is based on usernames and passwords stored locally on the FortiGate unit.

B.

Two-factor authentication can be enabled on a per user basis.

C.

Administrators can create an account for the user locally and specify the remote server to verify the password.

D.

Local users are for administration accounts only and cannot be used for identity policies.

 

Correct Answer: ABC

 

 

 

 

 

QUESTION 28

Which of the following statements regarding Banned Words are correct? (Select all that apply.)

 

A.

The FortiGate unit can scan web pages and email messages for instances of banned words.

B.

When creating a banned word list, an administrator can indicate either specific words or patterns.

C.

Banned words can be expressed as wildcards or regular expressions.

D.

Content is automatically blocked if a single instance of a banned word appears.

E.

The FortiGate unit includes a pre-defined library of common banned words.

 

Correct Answer: ABC

 

 

QUESTION 29

Encrypted backup files provide which of the following benefits? (Select all that apply.)

 

A.

Integrity of the backup file is protected since it cannot be easily modified when encrypted.

B.

Prevents the backup file from becoming corrupted.

C.

Protects details of the device’s configuration settings from being discovered while the backup file is in transit. For example, transferred to a data centers for system recovery.

D.

A copy of the encrypted backup file is automatically pushed to the FortiGuard Distribution Service (FDS) for disaster recovery purposes. If the backup file becomes corrupt it can be retrieved through FDS.

E.

Fortinet Technical Support can recover forgotten passwords with a backdoor passphrase.

 

Correct Answer: AC

 

 

QUESTION 30

When browsing to an internal web server using a web-mode SSL VPN bookmark, from which of the following source IP addresses would the web server consider the HTTP request to be initiated?

 

A.

The remote user’s virtual IP address.

B.

The FortiGate unit’s internal IP address.

C.

The remote user’s public IP address.

D.

The FortiGate unit’s external IP address.

 

Correct Answer: B

 

Free VCE & PDF File for Fortinet NSE5 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.