Leads4pass > Fortinet > Fortinet Certification > FCNSP.V5 > FCNSP.V5 Online Practice Questions and Answers

FCNSP.V5 Online Practice Questions and Answers

Questions 4

What advantages are there in using a hub-and-spoke IPSec VPN configuration instead of a fully- meshed set of IPSec tunnels? (Select all that apply.)

A. Using a hub and spoke topology is required to achieve full redundancy.

B. Using a hub and spoke topology simplifies configuration because fewer tunnels are required.

C. Using a hub and spoke topology provides stronger encryption.

D. The routing at a spoke is simpler, compared to a meshed node.

Buy Now
Questions 5

Identify the statement which correctly describes the output of the following command:

diagnose ips anomaly list

A. Lists the configured DoS policy.

B. List the real-time counters for the configured DoS policy.

C. Lists the errors captured when compiling the DoS policy.

Buy Now
Questions 6

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.

config router static edit 1 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 10 set device port1 next edit 2 set dst 172.20.168.0 255.255.255.0 set distance 20 set priority 20 set device port2 next end

Which of the following statements correctly describes the static routing configuration provided above?

A. The FortiGate unit will evenly share the traffic to 172.20.168.0/24 through both routes.

B. The FortiGate unit will share the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.

C. The FortiGate unit will send all the traffic to 172.20.168.0/24 through port1.

D. Only the route that is using port1 will show up in the routing table.

Buy Now
Questions 7

Bob wants to send Alice a file that is encrypted using public key cryptography.

Which of the following statements is correct regarding the use of public key cryptography in this scenario?

A. Bob will use his private key to encrypt the file and Alice will use her private key to decrypt the file.

B. Bob will use his public key to encrypt the file and Alice will use Bob's private key to decrypt the file.

C. Bob will use Alice's public key to encrypt the file and Alice will use her private key to decrypt the file.

D. Bob will use his public key to encrypt the file and Alice will use her private key to decrypt the file.

E. Bob will use Alice's public key to encrypt the file and Alice will use Bob's public key to decrypt the file.

Buy Now
Questions 8

When performing a log search on a FortiAnalyzer, it is generally recommended to use the Quick Search

option.

What is a valid reason for using the Full Search option, instead?

A. The search items you are looking for are not contained in indexed log fields.

B. A quick search only searches data received within the last 24 hours.

C. You want the search to include the FortiAnalyzer's local logs.

D. You want the search to include content archive data as well.

Buy Now
Questions 9

In which of the following report templates would you configure the charts to be included in the report?

A. Layout Template

B. Data Filter Template

C. Output Template

D. Schedule Template

Buy Now
Questions 10

An administrator wishes to generate a report showing Top Traffic by service type, but wants to exclude SMTP traffic from the report.

Which of the following statements best describes how to do this?

A. In the Service field of the Data Filter, type 25/smtp and select the NOT checkbox.

B. Add the following entry to the Generic Field section of the Data Filter: service="!smtp".

C. When editing the chart, uncheck mlog to indicate that Mail Filtering data is being excluded when generating the chart.

D. When editing the chart, enter 'dns' in the Exclude Service field.

Buy Now
Questions 11

A FortiClient fails to establish a VPN tunnel with a FortiGate unit.

The following information is displayed in the FortiGate unit logs:

msg="Initiator: sent 192.168.11.101 main mode message #1 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #2 (OK)" msg="Initiator: sent 192.168.11.101 main mode message #3 (OK)" msg="Initiator: parsed 192.168.11.101 main mode message #3 (DONE)" msg="Initiator: sent

192.168.11.101 quick mode message #1 (OK)" msg="Initiator: tunnel 192.168.1.1/192.168.11.101 install ipsec sa" msg="Initiator: sent 192.168.11.101 quick mode message #2 (DONE)" msg="Initiator: tunnel 192.168.11.101, transform=ESP_3DES, HMAC_MD5" msg="Failed to acquire an IP address

Which of the following statements is a possible cause for the failure to establish the VPN tunnel?

A. An IPSec DHCP server is not enabled on the external interface of the FortiGate unit.

B. There is no IPSec firewall policy configured for the policy-based VPN.

C. There is a mismatch between the FortiGate unit and the FortiClient IP addresses in the phase 2 settings.

D. The phase 1 configuration on the FortiGate unit uses Aggressive mode while FortiClient uses Main mode.

Buy Now
Questions 12

Which of the following methods does the FortiGate unit use to determine the availability of a web cache using Web Cache Communication Protocol (WCCP)?

A. The FortiGate unit receives periodic "Here I am" messages from the web cache.

B. The FortiGate unit polls all globally-defined web cache servers at a regular intervals.

C. The FortiGate using uses the health check monitor to verify the availability of a web cache server.

D. The web cache sends an "I see you" message which is captured by the FortiGate unit.

Buy Now
Questions 13

Which of the following represents the method used on a FortiGate unit running FortiOS version 4.2 to apply traffic shaping to P2P traffic, such as BitTorrent?

A. Apply a Traffic Shaper to a BitTorrent entry in an Application Control List.

B. Enable the Shape option in a Firewall policy with a Service set to BitTorrent.

C. Define a DLP Rule to match against BitTorrent traffic and include the rule in a DLP Sensor with Traffic Shaping enabled.

D. Specify the amount of Rate Limiting to be applied to BitTorrent traffic through the P2P settings of the Firewall Policy Protocol Options.

Buy Now
Exam Code: FCNSP.V5
Exam Name: Fortinet Certified Network Security Professional (FCNSP.v5)
Last Update: Jan 01, 2025
Questions: 120
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99