NSE5 Study Guides

Question 1

What output profiles can you limit for reporting event notifications? (Choose two)

A. SMS

B. Forward to another FortiAnaiyzer device

C. Upload to a server

D. Email

Answer: C, D

Question 2

Which statements are true regarding the content file, also known as a data leak prevention (DLP) file? (Choose two)

A. Allow full and summary file

B. It is globally configured for all policies.

C. The default behavior is to do a full archive.

D. The DLP engine examines email, FTP, NNTP, and web traffic.

Answer: A, D

Question 3

Since the Antivirus and IPS update service is enabled, and the FortiGuard settings as shown in the exhibit. The desired behavior is for managed devices to use public servers for these updates in case FortiManager becomes inaccessible, which is not the case with the current configuration. What two actions are necessary to correct this? (Choose two)

A. Change the server override mode from strict to loose.

B. Change the pattern from 8890 to 443 in the Use override server address setting for FortiGate / FortiMail.

C. Uncheck the Use override server address for FortiGate / FortiMail option.

D. Change the IP address to a public FDS server and connect to 443 n the Use Override Server Address for FortiGate / FortiMail setting.

Answer: A, C

Question 4

What remote authentication servers can you configure to validate your FortiAnalyzer administrator logins? (Choose three)

A. RADIO

B. Local

C. LDAP

D. PKI

E. TACACS +

Answer: A, C, E

Question: 5

Which two statements are correct regarding the synchronization between primary and secondary devices in a FortManager HA duster? (Choose two)

A. All device configurations that ncbdng global databases are synchronized in the HA cluster,

B. FortiGuard databases are downloaded separately for each cluster appliance.

C. FortiGuard databases are downloaded by the primary device from FortManager and then synchronized with all secondary devices.

D. Local logs and log configuration settings are synchronized across the HA cluster.

Answer: A, B

Question: 6

What new permissions does workflow mode introduce for Super_Admin administrative users?

A. Self-approval, approval, rejection

B. Self-disapproval, approval, acceptance

C. Approval, self-approval, change notification

D. Change notification, self-disapproval, send

Answer: C

Question 7

Which two statements are correct regarding header and footer policies? (Choose two)

A. Header and footer policies can only be created on the root ADOM.

B. Header and footer policies can only be created in global ADOM.

C. Header and footer policies are created in policy packages and mapped to ADOM policy packages.

D. The header and footer policies can be modified in the assigned ADOM policy package.

Answer: B, C

Question 8

Which two statements are correct regarding administrative users and accounts? (Choose two)

A. Administrative user accounts can exist locally or remotely.

B. Administrative user login information is available to all administrators through the website.

C. Administrative users must be assigned an administrative profile.

D. Administrative user access is restricted only by administrative profiles.

Answer: A, C

Question 9

Which statement correctly compares FortiManager physical and virtual devices?

A. Physical and virtual FortiManger devices can consume unlimited devices and have unrestricted storage.

B. Physical and virtual FortiManger appliances use licenses to increase the limits of managed devices and storage capacity.

C. Physical and virtual FortiManger appliances have an unrestricted daily registration rate.

D. Physical and virtual FortiManger appliances use model and license types, respectively, to differentiate between managed appliance and storage capacity limits.

Answer: D

Question 10

What is the purpose of blocking an ADOM review?

A. To avoid further changes from Device Manager,

B. To disable revision history.

C. To avoid automatic erasure.

D. To lock the Policy and Objects tab.

Answer: C

Question 11

Which two statements describe a “changed” device configuration status in the Configuration and Installation Status widget of a FortiGate managed device?

A. Configuration changes were made directly on the managed device,

B. Configuration changes were made from Device Imager for a FortiGate and managed device.

C. Confusion changes were installed on a managed FortiGate device.

D. Confusing changes in Device Manager no longer calculate the latest revision in the device revision history.

Answer: B

Question 12

What effect do administrative domains (ADCM) have on reporting settings? (Choose two)

A. Hone. ADOMs cannot be used with reports.

B. Reports must be configured with (your own ADOM.

C. The Graphics Library, Macro Library, Dataset Library, and Output Profile become ADOM specific.

D. The dataset library becomes global for all ADOMs.

Answer: B, C

Question 13

Which statements are true regarding the disk log quota? (Choose two)

A. FortiAnalyzer stops logging once the disk log quota is reached.

B. FortiAnalyzer automatically sets disk log quota based on device.

C. FortiAnalyzer can overwrite older logs or stop logging once the disk log quota is reached.

D. The FortiAnalyzer disk log quota is configurable, but is 100MB minimum and maximum based on reserved system space.

Answer: C, D

Question 14

What ports does FortWanager commonly use? (Choose two)

A. TCP 541 for remote management of a ForUGate unit.

B. TCP 5199 HA (FortMaTager HA cluster) sync or heartbeat.

C. TCP 703 HA timing or heartbeat (FortiManager HA duster).

D. TCP 514 for remote management of a FortiGate urat.

Answer: A, B

Question 15

Which statements are true regarding the treatment of FortiAnalyzer High Availability (HA) Dusters? (Choose two)

A. FortiAnalyzer distinguishes different devices by their serial number.

B. FortiAnalyzer receives records from d devices in a duster.

C. FortiAnalyzer receives bgs only from the primary device in the cluster.

D. FortiAnalyzer only needs to know (the serial number of the main device in the cluster automatically detects the other devices.

Answer: A, B

Question 16

If RAID is not supported, what are other types of backup mechanisms (that is, methods to preserve log data in the event of disk failure, deletion, or corruption? Choose three options).

A. Back up the logs via the web-based manager or CLI.

B. Forwarding logs to the syslog server.

C. Upload records to an FTP, SFTP or SCP server.

D. Archive records.

E. Enabling the full archive.

Answer: A, B, C

Question 17

Which statement correctly names the supported administrative domain modes in FortiManager?

A. Normal and analyzer

B. Backup and analyzer

C. Normal, Backup, and Collector

D. Normal and backup,

Answer: D

Question 18

What tabs are available in the FortiManger web-based manager? (Choose two)

A. Device manager

B. Policy and objects

C. FortiGate

D. Database

Answer: A, B

Question 19

What are the FortiAnalyzer modes of operation? (Choose two)

A. Independent

B. Manager

C. Analyzer

D. Collector

Answer: C, D

Question 20

What are the three different methods you can use to send event notifications when an event occurs that matches a configured that matches a configured event handler?

A. Email

B. SMS

C. SNMP

SUN

E. Syslog

Answer: A, C, E

Question 21

What is ‘hot swapping’?

A. Hot swapping means that administrators can limit FortiAnalyzer to write to all hard devices to make the array fault tolerant.

B. Hot swapping means that administrators can replace a faulty disk in devices that support software RAID while the device is still running.

C. Hot swapping means that administrators can ensure that the parity data for a redundant drive is valid while the device is still running.

D. Hot swapping means that administrators can replace a predestined d * on devices that support hardware RAID while the device is still running.

Answer: D

Question 22

See the presentation. What does the clock icon next to App and Bandwidth Report indicate?

A. It is a personalized report.

B. It is a report delivered from a different FortiAnalyzer device or from a different (but compatible) ADOM.

C. It is the process of generating.

D. It is a scheduled report.

Answer: D