最新的Network Security認證 NSE5考試題庫

問題1

An end user logs into the full-access SSL VPN portal and selects the Tunnel Mode option by clicking on the "Connect" button. The administrator has enabled split tunneling.

Given that the user authenticates against the SSL VPN policy shown in the image below, which statement below identifies the route that is added to the client's routing table.

A. A route to destination matching the 'WIN2K3' address object.

B. A route to the destination matching the 'all' address object.

C. A default route.

D. No route is added.

正確答案: A

問題2

Which of the following pieces of information can be included in the Destination Address field of a firewall policy?

A. A virtual IP address, an actual IP address, and an IP address group.

B. An IP address pool, a virtual IP address, an actual IP address, and an IP address group.

C. Only an actual IP address.

D. An actual IP address and an IP address group.

正確答案: A

問題3

Which two statements are correct for configuration changes made by FortiManager scripts?
(Choose two.)

A. When run on the device database, changes are automatically installed to the managed FortiGate devices.

B. When run on managed devices directly, you can install changes to the managed FortiGate devices using the installation wizard.

C. When run on managed devices directly, changes are automatically installed to the managed FortiGate devices.

D. When run on the device database, you can install changes to the managed FortiGate devices using the installation wizard.

正確答案: A,C

問題4

Which statements are true regarding securing communications between FortiAnalyzer and FortiGate with IPsec? (Choose two.)

A. IPsec is only enabled through the CLI on FortiAnalyzer.

B. Must configure the FortiAnalyzer end of the tunnel only--the FortiGate end is auto- negotiated.

C. IPsec cannot be enabled if SSL is enabled as well.

D. Must establish an IPsec tunnel ID and pre-shared key.

正確答案: C

問題5

In which order are firewall policies processed on the FortiGate unit?

A. They are processed from the top down according to their sequence number.

B. They are processed based on a priority value assigned through the priority column in the policy window.

C. They are processed on best match.

D. They are processed based on the policy ID number shown in the left hand column of the policy window.

正確答案: A

問題6

Which of the following statements best decribes the proxy behavior on a FortiGate unit during an FTP client upload when FTP splice is disabled?

A. If the file being scanned is determined to be clean, the proxy terminates the connection and leaves the file on the server.

B. The proxy removes the infected file from the server by sending a delete command on behalf of the client.

C. The proxy sends the file to the server while simultaneously buffering it.

D. The proxy buffers the entire file from the client, only sending the file to the server if the file is clean. One possible consequence of buffering is that the server could time out.

正確答案: D

問題7

Data Leak Prevention archiving gives the ability to store files and message data onto a FortiAnalyzer unit for which of the following types of network traffic? (Select all that apply.)

A. SNMP

B. HTTP

C. SMTP

D. IPSec

E. POP3

正確答案: B,C,E

問題8

Review the CLI configuration below for an IPS sensor and identify the correct statements regarding this configuration from the choices below. (Select all that apply.) config ips sensor edit "LINUX_SERVER" set comment '' set replacemsg-group '' set log enable config entries edit 1 set action default set application all set location server
set log enable
set log-packet enable
set os Linux
set protocol all
set quarantine none
set severity all
set status default
next
end
next
end

A. The sensor only filters which IPS signatures to apply to the selected firewall policy.

B. The sensor will include a PCAP file with a trace of the matching packets in the log message of any matched signature.

C. The sensor will log all server attacks for all operating systems.

D. The sensor will reset all connections that match these signatures.

E. The sensor will match all traffic from the address object "LINUX_SERVER".

正確答案: A,B

問題9

When viewing the Banned User monitor in Web Config, the administrator notes the entry illustrated in the exhibit.

Which of the following statements is correct regarding this entry?

A. The entry displays a quarantine, which could have been added by either IPS or DLP.

B. The entry displays a ban that has been added as a result of traffic triggering a configured DLP rule.

C. The entry displays a ban that was triggered by HTTP traffic matching an IPS signature.
This client is banned from receiving or sending any traffic through the FortiGate.

D. This entry displays a ban entry that was added manually by the administrator on June11th.

正確答案: B

問題10

Which of the following logging options are supported on a FortiGate unit? (Select all that apply.)

A. Local

B. FortiAnalyzer

C. LDAP

D. Syslog

正確答案: A,B,D

問題11

Review the IPsec diagnostics output of the command diag vpn tunnel list shown in the Exhibit.

Which of the following statements is correct regarding this output? (Select one answer).

A. Two tunnels are up

B. One tunnel is rekeying

C. One tunnel is up

D. Two tunnels are rekeying

正確答案: A

問題12

Which Fortinet products & features could be considered part of a comprehensive solution to monitor and prevent the leakage of senstive data? (Select all that apply.)

A. Configure FortiClient to prevent files flagged as sensitive from being copied to a USB disk.

B. Archive non-compliant outgoing e-mails using FortiMail.

C. Apply a DLP sensor to a firewall policy.

D. Restrict unofficial methods of transferring files such as P2P using Application Control lists on a FortiGate.

E. Monitor database activity using FortiAnalyzer.

正確答案: B,C,D

最新的Fortinet Network Security Expert 5 Written Exam (500) - NSE5免費考試真題

最新更新

站內鏈接

聯系我們