Unlock
Page: 1
/
9
Total 42 questions
Master FCP_FSA_AD-5.0: Fortinet NSE 5 - FortiSandbox 5.0 Practice Materials
Question 1
Refer to the exhibit.
Which command must you use to configure the worker node? (Choose one answer)
Correct : B
From the High Availability and Management lesson, the Study Guide states:
'You must configure the HA group name, password, and the cluster virtual IP. The worker nodes provide load balancing. The primary node distributes scan jobs to the worker nodes.'
'You must configure the HA group name, password, and the virtual IP only on the primary node... Devices will interact with the cluster using this virtual IP.'
From the exhibit topology:
Cluster Virtual IP address = 10.25.1.50
Primary Node port1 = 10.25.1.30
Secondary Node port1 = 10.25.1.40
Worker Node port1 = 10.75.1.10
The worker node must be configured to point to the Cluster Virtual IP (10.25.1.50), not the individual primary node IP. This is because worker nodes join the cluster by connecting to the cluster virtual IP address.
Therefore the correct command is: hc-worker -a -sI0.25.1.50 -p
Start a Discussions
Submit Your Answer:
Question 2
To assign a file to a VM image, which two conditions must be true? (Choose two answers)
Correct : B, C
From the Scanning and Rating Components lesson, the Study Guide explicitly states:
'The second section of the Scan Profile, VM Association, allows you to define file extensions and VM image associations. This means that specific files are sandboxed by the associated VM image. To assign a file to a VM image, the following conditions must be true:
The file type must be configured to enter the job queue (first section of the scan profile).
The VM image clone value cannot be a non-zero number.'
This directly confirms:
Option B --- The VM image clone value must be a non-zero number (clones must be allocated)
Option C --- The file type must be configured to enter the job queue via the scan profile Pre-Filter section
Options A and D, while potentially relevant in practice, are not listed as the two required conditions in the Study Guide.
Start a Discussions
Submit Your Answer:
Question 3
You are configuring an integration between FortiWeb and FortiSandbox. On FortiWeb, where must you define the settings to submit files to FortiSandbox? (Choose one answer)
Correct : A
From the FortiWeb Integration lesson, the Study Guide explicitly states:
'You can configure FortiSandbox file submission in a file security policy. Any files not detected by the FortiGuard antivirus engine will be uploaded to FortiSandbox.'
'You can configure FortiWeb to send attachments to FortiSandbox for additional scans to detect advanced persistent threats or zero-day attacks.'
From the Lab Guide (Exercise 1 - FortiWeb Integration):
'Click Web Protection > Input Validation > File Security. In the File Security Policy section, click Create New. Configure Send Files to FortiSandbox: Enabled.'
This confirms that File Security (Option A) is the correct location on FortiWeb to configure FortiSandbox file submission settings.
Start a Discussions
Submit Your Answer:
Question 4
Refer to the exhibits.
You are unable to download guest VMs on a new FortiSandbox VM. What is the reason for this? (Choose one answer)
Correct : B
From the Scanning and Rating Components lesson, the Study Guide explicitly states:
'VM images are downloaded from FortiGuard, using port1. So, you must ensure FortiSandbox has a default route and internet connectivity for port1.'
The exhibit confirms this --- the test-network output shows:
System DNS resolve: Failed for both bing.com and fsavm.fortinet.net
fsavm.fortinet.net is the FortiGuard VM image download server
This DNS failure on the system side (port1) confirms there is no internet connectivity on port1, preventing VM image downloads. Note that port3 internet shows 'Warning: VM to access internet: Disabled' --- but port3 is only for VM sandboxing traffic, not for downloading VM images.
Start a Discussions
Submit Your Answer:
Question 5
A security analyst is reviewing a scan job report that indicates a true positive match. The job report displays that the malware attempts to replace vital system executables. Which type of malware is the analyst observing? (Choose one answer)
Correct : D
The Results Analysis section gives direct malware-type definitions. It says: ''A downloader attempts to download malicious content from a remote system'', ''A dropper installs malicious content'', ''A trojan appears to be a legitimate software application'', and most importantly, ''A rootkit attempts to hide its components by replacing valid system files.''
That exact wording matches the question statement about malware attempting to replace vital system executables. Replacing valid system files is classic rootkit behavior because the purpose is concealment and persistence by hiding malicious components behind trusted operating-system files. A dropper's main role is delivering payloads. A trojan is mainly deceptive software that appears legitimate. An exploit takes advantage of a vulnerability. None of those definitions match the described behavior as precisely as the rootkit definition in the Study Guide. Therefore, the malware type being observed is Rootkit.
Start a Discussions
Submit Your Answer:
Want to Unlock Everything for
Fortinet FCP_FSA_AD-5.0 Exam?
Fortinet FCP_FSA_AD-5.0 Exam?
By upgrading to Premium Access, you’ll instantly unlock:
Unlock 42 Premium Questions
- Exam Name: Fortinet NSE 5 - FortiSandbox 5.0 Administrator
- Exam Code: FCP_FSA_AD-5.0
- Last Update: 08-Apr-2026
- Formats: PDF, Web-based,
Desktop Practice - 24/7 Customer Support
Price: $59 (PDF Format)