NSE5 study guides

Question 1

What output profiles can you limit for reporting event notifications? (Choose two)

A. SMS

B. Forward to another FortiAnaiyzer device

C. Upload to a server

The mail

Answer: C, D

Question: 2

Which statements are true regarding content archiving, also known as Data Leak Prevention (DLP) archiving? (Choose two)

A. Allows full and concise filing

B. It is configured worldwide for all policies.

C. The default behavior is full archiving.

D. The DLP engine examines email, FTP, NNTP and web traffic.

Answer: A, D

Question: 3

Considering the antivirus and IPS update service is enabled and the FortiGuard settings as shown in the exhibition. The desired behavior is that managed devices use public servers for these updates if FortiManager becomes unreachable, which is not the case with the current configuration. Which two actions are needed to correct this? (Choose two)

A. Change the server ignore mode from strict to loose.

B. Change the patch from 8890 to 443 n the Use Override Server Address for FortiGate / FortiMail settings.

C. Deselect the Use Override Server Address for FortiGate / FortiMail option.

D. Change the IP address to a public FDS server and pat to 443 n the Use Override Server Address for FortiGate / FortiMail settings.

Answer: A, C

Question: 4

Which external authentication servers can you configure to validate your FortiAnalyzer administrator logins? (Choose three)

A. RADIUS

B. Local

C. LDAP

D. PKI

E. TACACS +

Answer: A, C, E.

Question: 5

Which two statements are correct regarding synchronization between primary and secondary devices in a FortManager HA duster? (Choose two)

A. All device configurations and global databases are synchronized in the HA cluster,

B. FortiGuard databases are downloaded separately by each cluster device.

C. FortiGuard databases are downloaded by the primary FortManager device and then synchronized with all secondary devices.

D. Local logs and log configuration settings are synchronized in the HA cluster.

Answer: A, B

Question: 6

Workflow mode introduces what new permissions for Super_Admin administrators?

A. Self-approval, approval, rejection

B. Self-rejection, approval, acceptance

C. Approval, self-approval, change notification

D. Change notification, self-rejection, submit

Answer: C

Question: 7

Which two statements are correct regarding the header and footer policies? (Choose two)

A. Header and footer policies can only be created with the root ADOM.

B. Header and footer policies can only be created in the global ADOM.

C. Header and Footer Policies are created in policy packages and mapped to ADOM policy packages.

D. Header and footer policies can be changed with the assigned ADOM policy package.

Answer: B, C

Question: 8

Which two statements are correct regarding administrative users and accounts? (Choose two)

A. Administrative user accounts can exist locally or remotely.

B. Administrator login information is available to all administrators via the web

C. Administrative users must be assigned an administrative profile.

D. Administrator access is limited only by administrator profiles.

Answer: A, C

Question: 9

Which statement correctly compares FortiManager’s physical and virtual devices?

A. Physical and virtual FortiManger devices can manage unlimited devices and have unlimited storage.

B. Physical and virtual FortiManger devices use licenses to increase the limits for managed devices and storage capacity.

C. Physical and virtual FortiManger devices have an unlimited daily logging speed.

D. Physical and virtual FortiManger devices use model types and licenses, respectively, to distinguish between managed device limits and storage capacity.

Answer: D

Question: 10

What is the purpose of locking an ADOM revision?

A. To prevent further changes from Device Manager,

B. To disable the revision history.

C. To avoid automatic removal.

D. To lock the Policies and Objects tab.

Answer: C

Question: 11

Which two statements describe the status of “changed” device settings in the Configuration and Installation Status widget of a managed FortiGate device?

A. configuration changes have been made directly to the managed device,

B. Configuration changes have been made from Device Imager for a managed FortiGate e-device.

C. Changes have been made to a managed FortiGate device.

D. Device changes in Device Manager no longer calculate the latest revision in the revision history of the device.

Answer: B

Question: 12

What effect do administrative domains (ADCMs) have on report settings? (Choose two)

A. Grind. ADOMs cannot be used with reports.

B. Reports must be configured with (its own ADOM.

C. Map library, macro library, dataset library and output profile become ADOM specific.

D. Dataset Library becomes global for the ADOMs.

Answer: B, C

Question: 13

Which statements are true regarding disk log quotas? (Choose two)

A. The FortiAnalyzer stops logging when the disk log quota is reached.

B. The FortiAnalyzer automatically sets the disk log quota based on the device.

C. The FortiAnalyzer can overwrite the oldest logs or stop logging once the disk log quota has been reached.

D. The FortiAnalyzer disk log quota is configurable, but has a minimum or 100 MB maximum based on the system space reserved.

Answer: C, D

Question: 14

Which ports are often used by FortWanager? (Choose two)

A. TCP 541 for remote management of a ForUGate unit.

B. TCP 5199 HA heart rate or synchronization (FortMaTager HA cluster).

C. TCP 703 HA heart rate or synchronization (FortiManager HA duster).

D. TCP 514 for remote management of a FortiGate urat.

Answer: A, B

Question: 15

Which statements are true about FortiAnalyzer’s treatment of High Availability Vacuum Cleaners (HA)? (Choose two)

A. FortiAnalyzer distinguishes different devices by their serial number.

B. FortiAnalyzer receives logs from the devices in a duster.

C. FortiAnalyzer only receives bgs from the primary device in the cluster.

D. FortiAnalyzer just need to know (the serial number of the primary device in the cluster – it will automatically detect the other devices.

Answer: A, B

Question: 16

If RAID is not supported, what are other types of backup mechanisms (i.e. methods to keep your log data in case of disk failure, deletion or corruption? (Choose three)

A. Backing up logs via the web-based manager or CLI.

B. Forward logs to the syslog server.

C. Uplaoding logs to an FTP, SFTP or SCP server.

D. Archiving of logs.

E. Enable full filing.

Answer: A, B, C

Question: 17

What statement correctly names the Administrative Domains modes supported on FortiManager?

A. Normal and Analyzer

B. Backup and analysis program

C. Normal, Backup and Collector

D. Normal and backup,

Answer: D

Question: 18

Which tabs are available on the FortiManger web-based manager? (Choose two)

A. Device management

B. Policy and objects

C. FortiGate

D. Database

Answer: A, B

Question: 19

What are the operating modes of FortiAnalyzer? (Choose two)

A. Standalone

B. Manager

C. Analyzer

D. Collector

Answer: C, D

Question: 20

What are three different methods you can use to send event notifications when an event that matches a configured one matches a configured event handler?

A. Email

B. SMS

C. SNMP

D. IM

E. Syslog

Answer: A, C, E.

Question: 21

What is hot swapping?

A. Hot swapping means administrators can restrict FortiAnalyzer to write to all hard devices to make the array fault tolerant.

B. Hot swapping means administrators can replace a failed disk on devices that support software RAID while the device is still running.

C. Hot swapping means that administrators can ensure that the parity information of a redundant disk is valid while the device is still running.

D. Hot swapping means administrators can replace a fatal d * on devices that support hardware RAID while the device is still active.

Answer: D

Question: 22

Consult the exhibition. What does the clock icon next to the bandwidth and application report mean.

A. It is an adapted report.

B. It is a transferred report from another FortiAnalyzer device or another (but supported) ADOM.

C. It is h the process of generating.

D. It is a planned report.

Answer: D



Source by Patrick McPherson