Fortinet NSE5 실제 시험문제 및 답변

문제1
Which of the following is an advantage of using SNMP v3 instead of SNMP v1/v2 when querying the FortiGate unit?

A. Packet encryption

B. Running SNMP service on a non-standard port is possible

C. MIB-based report uploads

D. SNMP access limits through access lists

정답: A

문제2
What is 'hot swapping'?

A. Hot swapping means administrators can ensure the parity data of a redundant drive is valid while the device is still running.

B. Hot swapping means administrators can configure FortiAnalyzer to write to all hard drives in the device in order to make the array fault tolerant.

C. Hot swapping means administrators can replace a failed disk on devices that support hardware RAID while the device is still running.

D. Hot swapping means administrators can replace a failed disk on devices that support software RAID while the device is still running.

정답: C

문제3
Which of the following statements are correct about the HA diag command diagnose sys ha reset-uptime? (Select all that apply.)

A. This command resets the uptime variable used in the HA algorithm so it may cause a new master to become elected.

B. This command has no impact on the HA algorithm.

C. The device this command is executed on is likely to switch from master to slave status if master override is enabled.

D. The device this command is executed on is likely to switch from master to slave status if master override is disabled.

정답: A,D

문제4
The FortiGate Web Config provides a link to update the firmware in the System > Status window. Clicking this link will perform which of the following actions?

A. It will connect to the Fortinet support site where the appropriate firmware version can be selected.

B. It will present a prompt to allow browsing to the location of the firmware file.

C. It will automatically connect to the Fortinet support site to download the most recent firmware version for the FortiGate unit.

D. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit.

정답: B

문제5
Each UTM feature has configurable UTM objects such as sensors, profiles or lists that define how the feature will function.
An administrator must assign a set of UTM features to a group of users.
Which of the following is the correct method for doing this?

A. The administrator must enable the UTM features in an identify-based policy applicable to the user group.

B. The administrator must apply the UTM features directly to a user object.

C. Enable a set of unique UTM features under "Edit User Group".

D. When defining the UTM objects, the administrator must list the user groups which will use the UTM object.

정답: A

문제6
Caching improves performance by reducing FortiGate unit requests to the FortiGuard server.
Which of the following statements are correct regarding the caching of FortiGuard responses? (Select all that apply.)

A. The cache uses a small portion of the FortiGate system memory.

B. The size of the cache will increase to accomodate any number of cached queries.

C. An administrator can configure the number of seconds to store information in the cache before the FortiGate unit contacts the FortiGuard server again.

D. When the cache is full, the least recently used IP address or URL is deleted from the cache.

E. Caching is available for web filtering, antispam, and IPS requests.

정답: A,C,D

문제7
Which of the following statements regarding Banned Words are correct? (Select all that apply.)

A. When creating a banned word list, an administrator can indicate either specific words or patterns.

B. Banned words can be expressed as simple text, wildcards or regular expressions.

C. The FortiGate unit updates banned words on a periodic basis.

D. The FortiGate unit can scan web pages and email messages for instances of banned words.

E. Content is automatically blocked if a single instance of a banned word appears.

정답: A,B,D

문제8
A network administrator connects his PC to the INTERNAL interface on a FortiGate unit.
The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of 10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
user1 # get system interface
= = [ internal ]
name. internal mode. static ip: 10.0.1.254 255.255.255.128 status: up
netbios-forward. disable type. physical mtu-override. disable
= = [ vlan1 ]
name. vlan1 mode. static ip: 10.0.1.1 255.255.255.128 status: up netb
ios-forward. disable type. vlan mtu-override. disable
user1 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S 10.0.0.0/8 [10/0] is a summary, Null
C 10.0.1.0/25 is directly connected, vlan1
C 10.0.1.128/25 is directly connected, internal
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130
:47922->10.0.1.1:443) from internal."
id=20085 trace_id=277 msg="allocate a new session-00000b21"
id=20085 trace_id=277 msg="iprope_in_check() check failed, drop"
Based on the output from these commands, which of the following is a possible cause of the problem?

A. The PC has an IP address in the wrong subnet.

B. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.

C. The FortiGate unit has no route back to the PC.

D. The PC is using an incorrect default gateway IP address.

정답: B

최신Fortinet Network Security Expert 5 Written Exam (500) - NSE5무료샘플문제

자격증의 중요성:

ExamPassdump 제품의 가치:

무료샘플 받아보기:

완벽한 서비스 제공: