Our pass rate is high to 98.9% and the similarity percentage between our NSE5 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE5 exam in just one try? I am currently studying for the Fortinet NSE5 exam. Latest Fortinet NSE5 Test exam practice questions and answers, Try Fortinet NSE5 Brain Dumps First.

Q71. - (Topic 1) 

If a FortiGate unit has a dmz interface IP address of with a subnet mask of, what is a valid dmz DHCP addressing range? 

A. - 

B. - 

C. - 

D. All of the above. 


Q72. - (Topic 3) 

A FortiGate unit is configured with three Virtual Domains (VDOMs) as illustrated in the exhibit. 

Which of the following statements are true if the network administrator wants to route traffic between all the VDOMs? (Select all that apply.) 

A. The administrator should configure inter-VDOM links to avoid using external interfaces and routers. 

B. As with all FortiGate unit interfaces, firewall policies must be in place for traffic to be allowed to pass through any interface, including inter-VDOM links. This provides the same level of security internally as externally. 

C. This configuration requires the use of an external router. 

D. Inter-VDOM routing is automatically provided if all the subnets that need to be routed are locally attached. 

E. As each VDOM has an independant routing table, routing rules need to be set (for example, static routing, OSPF) in each VDOM to route traffic between VDOMs. 

Answer: A,B,E 

Q73. - (Topic 1) 

A firewall policy has been configured for the internal email server to receive email from external parties through SMTP. Exhibits A and B show the antivirus and email filter profiles applied to this policy. 

Exhibit A: 

Exhibit B: 

What is the correct behavior when the email attachment is detected as a virus by the FortiGate antivirus engine? 

A. The FortiGate unit will remove the infected file and deliver the email with a replacement message to alert the recipient that the original attachment was infected. 

B. The FortiGate unit will reject the infected email and the sender will receive a failed delivery message. 

C. The FortiGate unit will remove the infected file and add a replacement message. Both sender and recipient are notified that the infected file has been removed. 

D. The FortiGate unit will reject the infected email and notify the sender. 


Q74. - (Topic 1) 

Which of the following statements is correct regarding a FortiGate unit operating in NAT/Route mode? 

A. The FortiGate unit requires only a single IP address for receiving updates and configuring from a management computer. 

B. The FortiGate unit must use public IP addresses on both the internal and external networks. 

C. The FortiGate unit commonly uses private IP addresses on the internal network but hides them using network address translation. 

D. The FortiGate unit uses only DHCP-assigned IP addresses on the internal network. 


Q75. - (Topic 3) 

An administrator configures a VPN and selects the Enable IPSec Interface Mode option in the phase 1 settings. 

Which of the following statements are correct regarding the IPSec VPN configuration? 

A. To complete the VPN configuration, the administrator must manually create a virtual IPSec interface in Web Config under System > Network. 

B. The virtual IPSec interface is automatically created after the phase1 configuration. 

C. The IPSec policies must be placed at the top of the list. 

D. This VPN cannot be used as part of a hub and spoke topology. 

E. Routes were automatically created based on the address objects in the firewall policies. 


Q76. - (Topic 1) 

By default the Intrusion Protection System (IPS) on a FortiGate unit is set to perform which action? 

A. Block all network attacks. 

B. Block the most common network attacks. 

C. Allow all traffic. 

D. Allow and log all traffic. 


Q77. - (Topic 1) 

You wish to create a firewall policy that applies only to traffic intended for your web server. The server has an IP address of and belongs to a class C subnet. When defining the firewall address for use in this policy, which one of the following addressing formats is correct? 

A. / 

B. / 

C. / 

D. / 


Q78. - (Topic 3) 

In the Tunnel Mode widget of the web portal, the administrator has configured an IP Pool and enabled split tunneling. 

Which of the following statements is true about the IP address used by the SSL VPN client? 

A. The IP pool specified in the SSL-VPN Tunnel Mode Widget Options will override the IP address range defined in the SSL-VPN Settings. 

B. Because split tunneling is enabled, no IP address needs to be assigned for the SSL VPN tunnel to be established. 

C. The IP address range specified in SSL-VPN Settings will override the IP address range in the SSL-VPN Tunnel Mode Widget Options. 


Q79. - (Topic 2) 

Which of the following statements are TRUE for Port Pairing and Forwarding Domains? (Select all that apply.) 

A. They both create separate broadcast domains. 

B. Port Pairing works only for physical interfaces. 

C. Forwarding Domains only apply to virtual interfaces. 

D. They may contain physical and/or virtual interfaces. 

E. They are only available in high-end models. 

Answer: A,D 

Q80. - (Topic 3) 

Which of the following Session TTL values will take precedence? 

A. Session TTL specified at the system level for that port number 

B. Session TTL specified in the matching firewall policy 

C. Session TTL dictated by the application control list associated with the matching firewall policy 

D. The default session TTL specified at the system level