It is impossible to pass Fortinet NSE5 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Fortinet NSE5 practice questions. You will get a surprising result by our Refresh Fortinet Network Security Expert 5 Written Exam (500) practice guides.

Q121. - (Topic 2) 

Review the configuration for FortiClient IPsec shown in the Exhibit below. 

Which of the following statements is correct regarding this configuration? 

A. The connecting VPN client will install a route to a destination corresponding to the STUDENT_INTERNAL address object 

B. The connecting VPN client will install a default route 

C. The connecting VPN client will install a route to the 172.20.1.[1-5] address range 

D. The connecting VPN client will connect in web portal mode and no route will be installed 


Q122. - (Topic 1) 

The FortiGate unit’s GUI provides a link to update the firmware. 

Clicking this link will perform which of the following actions? 

A. It will connect to the Fortinet Support site where the appropriate firmware version can be selected. 

B. It will send a request to the FortiGuard Distribution Network so that the appropriate firmware version can be pushed down to the FortiGate unit. 

C. It will present a prompt to allow browsing to the location of the firmware file. 

D. It will automatically connect to the Fortinet Support site to download the most recent firmware version for the FortiGate unit. 


Q123. - (Topic 1) 

Which of the following email spam filtering features is NOT supported on a FortiGate unit? 

A. Multipurpose Internet Mail Extensions (MIME) Header Check 

B. HELO DNS Lookup 

C. Greylisting 

D. Banned Word 


Q124. - (Topic 2) 

With FSSO, a domain user could authenticate either against the domain controller running the Collector Agent and Domain Controller Agent, or a domain controller running only the Domain Controller Agent. 

If you attempt to authenticate with the Secondary Domain Controller running only the Domain Controller Agent, which of the following statements are correct? (Select all that apply.) 

A. The login event is sent to the Collector Agent. 

B. The FortiGate unit receives the user information from the Domain Controller Agent of the Secondary Controller. 

C. The Collector Agent performs the DNS lookup for the authenticated client’s IP address. 

D. The user cannot be authenticated with the FortiGate device in this manner because each Domain Controller Agent requires a dedicated Collector Agent. 

Answer: A,C 

Q125. - (Topic 1) 

Which of the following components are contained in all FortiGate units from the FG50 models and up? (Select all that apply.) 

A. FortiASIC content processor. 

B. Hard Drive. 

C. Gigabit network interfaces. 

D. Serial console port. 

Answer: A,D 

Q126. - (Topic 3) 

What is the effect of using CLI "config system session-ttl" to set session_ttl to 1800 seconds? 

A. Sessions can be idle for no more than 1800 seconds. 

B. The maximum length of time a session can be open is 1800 seconds. 

C. After 1800 seconds, the end user must reauthenticate. 

D. After a session has been open for 1800 seconds, the FortiGate unit will send a keepalive packet to both client and server. 


Q127. - (Topic 3) 

A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of, but gets no connectivity. 

The following troubleshooting commands are executed from the DOS prompt on the PC and from the CLI. 


Pinging with 32 bytes of data: 

Reply from bytes=32 time=1ms TTL=255 

Reply from bytes=32 time<1ms TTL=255 

Reply from bytes=32 time<1ms TTL=255 

Reply from bytes=32 time<1ms TTL=255 

user1 # get system interface 

== [ internal ] 

namE. internal modE. static ip: status: up 

netbios-forwarD. disable typE. physical mtu-overridE. disable 

== [ vlan1 ] 

namE. vlan1 modE. static ip: status: up netb 

ios-forwarD. disable typE. vlan mtu-overridE. disable 

user1 # diagnose debug flow trace start 100 

user1 # diagnose debug ena 

user1 # diagnose debug flow filter daddr 

id=20085 trace_id=274 msg="vd-root received a packet(proto=6,> from internal." 

id=20085 trace_id=274 msg="allocate a new session-00000b1b" 

id=20085 trace_id=274 msg="find SNAT: IP-, port-43798" 

id=20085 trace_id=274 msg="iprope_in_check() check failed, drop" 

Based on the output from these commands, which of the following explanations is a possible cause of the problem? 

A. The Fortigate unit has no route back to the PC. 

B. The PC has an IP address in the wrong subnet. 

C. The PC is using an incorrect default gateway IP address. 

D. The FortiGate unit does not have the HTTPS service configured on the VLAN1 interface. 

E. There is no firewall policy allowing traffic from INTERNAL-> VLAN1. 


Q128. - (Topic 3) 

Which of the following DLP actions will override any other action? 

A. Exempt 

B. Quarantine Interface 

C. Block 

D. None 


Q129. - (Topic 1) 

The command structure of the FortiGate CLI consists of commands, objects, branches, tables, and parameters. Which of the following items describes user? 

A. A command. 

B. An object. 

C. A table. 

D. A parameter. 


Q130. - (Topic 1) 

Which of the following network protocols are supported for administrative access to a FortiGate unit? 





E. Telnet, UDP, NNTP, SMTP