NSE5 Study Guides

NSE5 Study Guides




Question: 1

What output profiles can you limit for report event notifications? (Choose two)

A. SMS

B. Forward to another FortiAnaiyzer device

C. Upload to a server

D. Email

Answer: C, D

Question: 2

Which statements are true regarding content archiving, also known as Data Leak Prevention (DLP) archiving? (Choose two)

A. Allows complete and summary archiving

B. It is configured globally for all policies.

C. The default behavior is to do complete archiving.

D. The DLP engine examines email, FTP, NNTP, and web traffic.

Answer: A, D

Question: 3

Given the Antivirus and IPS update service is enabled, and the FortiGuard settings as shown in the characterize. The desired behavior is for managed devices to use public servers for these updates should FortiManager become unreachable, which is not the case with the current configuration. What two actions are necessary to correct this? (Choose two)

A. Change the server override mode from strict to loose.

B. Change the pat from 8890 to 443 n the Use Override Server Address for FortiGate/FortiMail settings.

C. Uncheck the option Use Override Server Address for FortiGate/FortiMail.

D. Change the IP address to a pubic FDS server and pat to 443 n the Use Override Server Address for FortiGate/FortiMail settings.

Answer: A, C

Question: 4

What far away authentication servers can you configure to validate your FortiAnalyzer administrator logons? (Choose three)

A. RADIUS

B. Local

C. LDAP

D. PKI

E. TACACS+

Answer: A, C, E

Question: 5

Which two statements are correct regarding synchronization between dominant and secondary devices in a FortManager HA duster? (Choose two)

A. Al device configurations ncbdng global databases are synchrorized in the HA cluster,

B. FortiGuard databases are downloaded separately by each cluster device.

C. FortiGuard databases are downloaded by the dominant FortManager device and then synchronized with al secondary devices.

D. Local logs and log configuration settings are synchronized in the HA cluster.

Answer: A, B

Question: 6

Workflow mode introduces which new permissions for Super_Admin administrative users?

A. Self-approval, Approval, Reject

B. Self-disapproval, Approval, Accept

C. Approval, Self-approval, Change Notification

D. Change Notification, Self-disapproval, Submit

Answer: C

Question: 7

Which two statements are correct regarding header and footer policies? (Choose two)

A. Header and footer policies can only be produced h the root ADOM.

B. Header and footer policies can only be produced in the global ADOM.

C. Header and footer policies are produced in policy packages and stated to ADOM policy packages.

D. Header and footer policies can be alternation h the stated ADOM policy package.

Answer: B, C

Question: 8

What two statements are correct regarding administrative users and accounts? (Choose two)

A. Administrative user accounts can exist locally or remotely.

B. Administrative user login information is obtainable to all administrators by the Web-based

C. Administrative users must be stated an administrative profile.

D. Administrative user access is restricted by administrative profiles only.

Answer: A, C

Question: 9

What statement correctly compares FortiManager physical and virtual appliances?

A. Physical and virtual FortiManger appliances may mange unlimited devices and have unlimited storage.

B. Physical and virtual FortiManger appliances use licenses to increase managed device and storage capacity limits.

C. Physical and virtual FortiManger appliances have unlimited daily logging rate.

D. Physical and virtual FortiManger appliances use form types and licenses respectively, to differentiate managed device and storage capacity limits.

Answer: D

Question: 10

What is the purpose of locking an ADOM revision?

A. To prevent further changes from Device Manager,

B. To disable revision history.

C. To prevent auto deletion.

D. To lock the Policy and Objects tab.

Answer: C

Question: 11

Which two statements describe a “alternation” device settings’ position in the Configuration and Installation position widget of a managed FortiGate device?

A. Configuration changes were made directly on the managed device,

B. Configuration changes were made from Device Imager for a managed FortiGate e device.

C. Confutation changes were instated to a managed FortiGate device.

D. Confutation changes in Device Manager no longer math the latest revision in the device’s revision history.

Answer: B

Question: 12

What effect do administrative domains (ADCMs) have on report settings? (Choose two)

A. Hone. ADOMs cannot be used with reports.

B. Reports must be configured with (her own ADOM.

C. Chart Library, Macro Library, Dataset Library, and Output Profile become ADOM- specific.

D. Dataset Library becomes global for al ADOMs.

Answer: B, C

Question: 13

What statements are true regarding disk log quota? (Choose two)

A. The FortiAnalyzer stops logging once the disk log quota is met.

B. The FortiAnalyzer automatically sets the disk log quota based on the device.

C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota is met.

D. The FortiAnalyzer disk log quota is configurable, but has a minimum o 100mb a maximum based on the reserved system space.

Answer: C, D

Question: 14

Which ports are commonly used by FortWanager? (Choose two)

A. TCP 541 for far away management of a ForUGate unit.

B. TCP 5199 HA heartbeat or synchronization (FortMaTager HA cluster).

C. TCP 703 HA heartbeat or synchronization (FortiManager HA duster).

D. TCP 514 for far away management of a FortiGate urat.

Answer: A, B

Question: 15

What statements are true regarding FortiAnalyzer ‘s treatment of high availability (HA) dusters? (Choose two)

A. FortiAnalyzer distinguishes different devices by their serial number.

B. FortiAnalyzer receives logs from d devices in a duster.

C. FortiAnalyzer receives bgs only from the dominant device in the cluster.

D. FortiAnalyzer only needs to know (he serial number of the dominant device in the cluster-it automaticaly learns the other devices.

Answer: A, B

Question: 16

If RAID isn’t supported, what are other types of backup mechanisms (ie.methods to preserve your log data in the event of disk failure, deletion, or corruption?(Choose three)

A. Backing up logs by the Web-based manager or CLI.

B. Forwarding logs a syslog server.

C. Uplaoding logs to an FTP, SFTP, or SCP server.

D. Archiving logs.

E. Enabling complete archiving.

Answer: A, B, C

Question: 17

Which statement correctly names the Administrative Domains modes supported on FortiManager?

A. Normal and Analyzer

B. Backup and Analyzer

C. Normal, Backup, and Collector

D. Normal and Backup,

Answer: D

Question: 18

Which tabs are obtainable on the FortiManger Web-based manager? (Choose two)

A. Device Manager

B. Policy & Objects

C. FortiGate

D. Database

Answer: A, B

Question: 19

What are the operating modes of FortiAnalyzer? (Choose two)

A. Standalone

B. Manager

C. Analyzer

D. Collector

Answer: C, D

Question: 20

What are three different methods you can use to send event notifications when an event occurs that matches a configured that matches a configured event handler?

A. Email

B. SMS

C. SNMP

D. IM

E. Syslog

Answer: A, C, E

Question: 21

What is ‘hot swapping’?

A. Hot swapping method administrators can limit FortiAnalyzer to write to all hard device in order to make the range fault tolerant.

B. Hot swapping method administrators can replace a failed disk on devices that sustain software RAID while the device is nevertheless running.

C. Hot swapping method administrators can be later to the parity data of a redundant excursion is valid while the device is nevertheless running.

D. Hot swapping method administrators can replace a fated d* on devices that sustain hardware RAID while the device is nevertheless running.

Answer: D

Question: 22

Refer to the characterize. What does the clock icon denote beside the Bandwidth and Application Report.

A. It is a custom report.

B. It is an imparted report from either a different FortiAnalyzer device or a different (but supported) ADOM.

C. It is h the time of action of generating.

D. It is a scheduled report.

Answer: D




leave your comment

Top