Latest Fortinet NSE8_812 Dumps PDF Questions Answers 2025

Network Security Expert 8 Written Exam Questions and Answers

Question 1

Review the Application Control log.

Which configuration caused the IPS engine to generate this log?

Options:

Buy Now

Question 2

Refer to the exhibits.

The exhibit shows a FortiGate model device that will be used for zero touch provisioning and a CLI Template.

To facilitate a more efficient roll out of FortiGate devices, you are tasked with using meta fields with the CLI Template to configure the DHCP server on the "office1" FortiGate.

Given this scenario, what would be the output of the config ip-range section on the CLI Template?

Options:

Question 3

A customer would like to improve the performance of a FortiGate VM running in an Azure D4s_v3 instance, but they already purchased a BYOL VM04 license.

Which two actions will improve performance the most without making a FortiGate license change? (Choose two.)

Options:

Migrate the FortiGate to an Azure F4s_v2.

Enable "Accelerated networking" on the Azure network interfaces.

Enable SR-IOV on the FortiGate.

Migrate the FortiGate to an Azure D8s_v3.

Question 4

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

Options:

Geographical IP policies are enabled and evaluated after local techniques.

Attackers can be blocked before they target the servers behind the FortiWeb.

The IP Reputation feature has been manually updated

An IP address that was previously used by an attacker will always be blocked

Reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored

Answer:

B, E

Explanation:

The CLI output shown in the exhibit indicates that FortiWeb has enabled IP Reputation feature with local techniques enabled and geographical IP policies enabled after local techniques (set geoip-policy-order after-local). IP Reputation feature is a feature that allows FortiWeb to block or allow traffic based on the reputation score of IP addresses, which reflects their past malicious activities or behaviors. Local techniques are methods that FortiWeb uses to dynamically update its own blacklist based on its own detection of attacks or violations from IP addresses (such as signature matches, rate limiting, etc.). Geographical IP policies are rules that FortiWeb uses to block or allow traffic based on the geographical location of IP addresses (such as country, region, city, etc.). Therefore, based on the output, one correct statement is that attackers can be blocked before they target the servers behind the FortiWeb. This is because FortiWeb can use IP Reputation feature to block traffic from IP addresses that have a low reputation score or belong to a blacklisted location, which prevents them from reaching the servers and launching attacks. Another correct statement is that reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored. This is because FortiWeb can use local techniques to remove IP addresses from its own blacklist if they stop sending malicious traffic for a certain period of time (set local-techniques-expire-time), which allows them to regain their reputation and access the servers. This is useful for IP addresses that are dynamically assigned by DHCP or PPPoEand may change frequently. References:

Fortinet compiles a reputation for each public IP address. Clients will have poor reputations if they have been participating in attacks, willingly or otherwise. Because blacklisting innocent clients is equally undesirable, Fortinet also restores the reputations of clients that improve their behavior. This is crucial when an infected computer is cleaned, or in DHCP or PPPoE pools where an innocent client receives an IP address that was previously leased by an attacker.

Question 5

Refer to the exhibit, which shows diagnostic output.

A customer reports that ICMP traffic flow from 192.168.1.11 to 93.190.134.171 is not corresponding to the SD-WAN setup.

What is the problem in this scenario?

Options:

SD-WAN Rule is matching only DNS traffic.

Port1 is used because it has more available bandwidth.

Traffic is matched by policy route.

Route for the destination IP is missing in the routing table.

Question 6

Which two types of interface have built-in active bypass in FortiDDoS devices? (Choose two.)

Options:

SFP

QSFP+

Copper

SFP+

Question 7

You are performing a packet capture on a FortiGate 2600F with the hyperscale licensing installed. You need to display on screen all egress/ingress packets from the port16 interface that have been offloaded to the NP7.

Which three commands need to be run? (Choose three.)

Options:

diagnose npu sniffer filter intf port16

diagnose npu sniffer filter selector 0

diagnose sniffer packet npudbg

diagnose npu sniffer filter dir 2

diagnose sniffer packet port16

Question 8

Refer to the exhibit.

The Company Corp administrator has enabled Workflow mode in FortiManager and has assigned approval roles to the current administrators. However, workflow approval does not function as expected. The CTO is currently unable to approve submitted changes.

Given the exhibit, which two possible solutions will resolve the workflow approval problems with the Workflow_72 ADOM? (Choose two.)

Options:

The CTO must have a defined email address for their admin user account.

The CTO and CISO need to swap Approval Groups so that the highest authority is in Group #1.

The CTO must have Standard access level or higher for FortiManager.

The CISO must have a higher access level than "Read_Only_User" in FortiManager.

The CTO needs to be added to "Email Notification" in the Workflow_72 ADOM.

Question 9

A customer wants to use the FortiAuthenticator REST API to retrieve an SSO group called SalesGroup. The following API call is being made with the 'curl' utility:

Which two statements correctly describe the expected behavior of the FortiAuthenticator REST API? (Choose two.)

Options:

Only users with the "Full permission" role can access the REST API

This API call will fail because it requires that API version 2

If the REST API web service access key is lost, it cannot be retrieved and must be changed.

The syntax is incorrect because the API calls needs the get method.

Question 10

Refer to The exhibit showing a FortiEDR configuration.

Based on the exhibit, which statement is correct?

Options:

The presence of a cryptolocker malware at rest on the filesystem will be detected by the Ransomware Prevention security policy.

FortiEDR Collector will not collect OS Metadata.

If a malicious file is executed and attempts to establish a connection it will generate duplicate events.

If an unresolved file rule is triggered, by default the file is logged but not blocked.

Question 11

Refer to the exhibits.

You are configuring a Let's Encrypt certificate to enable SSL protection to your website. When FortiWeb tries to retrieve the certificate, you receive a certificate status failed, as shown below.

Based on the Server Policy settings shown in the exhibit, which two configuration changes will resolve this issue? (Choose two.)

Options:

Disable Redirect HTTP to HTTPS in the Server Policy.

Remove the Web Protection Profile from this Server Policy.

Enable HTTP service in the Server Policy.

Configure a TXT record of the domain and point to the IP address of the Virtual Server.

Question 12

Refer to the exhibit showing a FortiView monitor screen.

After a Secure SD-WAN implementation a customer reports that in FortiAnalyzer under FortiView Secure SD-WAN Monitor there is No Device for selection.

What can cause this issue?

Options:

Upload option from FortiGate to FortiAnalyzer is not set as a real time.

Extended logging is not enabled on FortiGate.

ADOM 1 is set as a Fabric ADOM.

sla-fail-log-period and sla-pass-log-period on FortiGate health check is not set.

Question 13

You are responsible for recommending an adapter type for NICs on a FortiGate VM that will run on an ESXi Hypervisor. Your recommendation must consider performance as the main concern, cost is not a factor. Which adapter type for the NICs will you recommend?

Options:

Native ESXi Networking with E1000

Virtual Function (VF) PCI Passthrough

Native ESXi Networking with VMXNET3

Physical Function (PF) PCI Passthrough

Question 14

Refer to the exhibit.

A customer has deployed a FortiGate 300E with virtual domains (VDOMs) enabled in the multi-VDOM mode. There are three VDOMs: Root is for management and internet access, while VDOM 1 and VDOM 2 are used for segregating internal traffic. AccountVInk and SalesVInk are standard VDOM links in Ethernet mode.

Given the exhibit, which two statements below about VDOM behavior are correct? (Choose two.)

Options:

You can apply OSPF routing on the VDOM link in either PPP or Ethernet mode

Traffic on AccountVInk and SalesVInk will not be accelerated.

The VDOM links are in Ethernet mode because they have IP addressed assigned on both sides.

Root VDOM is an Admin type VDOM, while VDOM 1 and VDOM 2 are Traffic type VDOMs.

OSPF routing can be configured between VDOM 1 and Root VDOM without any configuration changes to AccountVInk

Question 15

Refer to the exhibit, which shows a VPN topology.

The device IP 10.1.100.40 downloads a file from the FTP server IP 192.168.4.50

Referring to the exhibit, what will be the traffic flow behavior if ADVPN is configured in this environment?

Options:

All the session traffic will pass through the Hub

The TCP port 21 must be allowed on the NAT Device2

ADVPN is not supported when spokes are behind NAT

Spoke1 will establish an ADVPN shortcut to Spoke2

Question 16

An HA topology is using the following configuration:

Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?

Options:

600ms

200ms

300ms

100ms

Question 17

Refer to the exhibits.

An administrator has configured a FortiGate and Forti Authenticator for two-factor authentication with FortiToken push notifications for their SSL VPN login. Upon initial review of the setup, the administrator has discovered that the customers can manually type in their two-factor code and authenticate but push notifications do not work

Based on the information given in the exhibits, what must be done to fix this?

Options:

On FG-1 port1, the ftm access protocol must be enabled.

FAC-1 must have an internet routable IP address for push notifications.

On FG-1 CLI, the ftm-push server setting must point to 100.64.141.

On FAC-1, the FortiToken public IP setting must point to 100.64.1 41

Question 18

An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the OCSP server.

Part of the FortiGate configuration is shown below:

Based on this configuration, which authentication scenario will FortiGate deny?

Options:

The user certificate does not contain the OCSP URL.

FortiAuthenticator responds to an OCSP request that the user certificate authority is untrusted.

FortiAuthenticator responds to an OCSP request that the user certificate status is unknown.

Question 19

SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.

You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.

What should you configure?

Options:

Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server.

Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address.

Configure two DNS servers and use DNS servers recommended by the two internet providers.

Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.

Question 20

Refer to the exhibit.

An HTTPS access proxy is configured to demonstrate its function as a reverse proxy on behalf of the web server it is protecting. It verifies user identity, device identity, and trust context, before granting access to the protected source. It is assumed that the FortiGate EMS fabric connector has already been successfully connected.

You need to ensure that ZTNA access through the FortiGate will redirect users to the FortiAuthenticator to perform username/password and multifactor authentication to validate access prior to accessing resources behind the FortiGate.

In this scenario, which two further steps need to be taken on the FortiGate? (Choose two.)

Options:

Create a SAML user/server object referring to the FortiAuthenticator.

Create an authentication rule that sets the sso-auth-method to the FortiAuthenticator.

Create an authentication scheme with the "method" as SAML.

Create a firewall rule that allows access from the remote endpoint to the resources behind the FortiGate.

Question 21

Refer to the exhibit.

You need to create a base SD-WAN configuration that includes SD-WAN rules and Performance SLAs for spoke sites with various connectivity types. It needs to be done in a way that can be easily applied to new sites with a minimum amount of change. How should you create the SD-WAN zones?

Options:

With members and assign overlay interfaces

With members without interface assignments

With no members configured

With members and assign interfaces but do not specify a gateway

Question 22

Refer to the exhibits.

The exhibits show a diagram of a requested topology and the base IPsec configuration.

A customer asks you to configure ADVPN via two internet underlays. The requirement is that you use one interface with a single IP address on DC FortiGate.

In this scenario, which feature should be implemented to achieve this requirement?

Options:

Use network-overlay id

Change advpn2 to IKEv1

Use local-id

Use peer-id

Question 23

Which feature must you enable on the BGP neighbors to accomplish this goal?

Options:

Graceful-restart

Deterministic-med

Synchronization

Soft-reconfiguration

Question 24

An administrator discovers that CPU utilization of a FortiGate-200F is high and determines that no traffic is being accelerated by hardware.

Why is no traffic being accelerated by hardware?

Options:

Oper-session-accounting is enabled under np6xlite config.

strict-dirty-session-check is enabled in global config.

check-protocol-header is set to strict in the global config.

delay-tcp-npu-session is enabled under the firewall policy.

Question 25

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit C

A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C Referring to the exhibits, which configuration will restore VPN connectivity?

Options:

Option A

Option B

Option C

Option D

Question 26

A FortiGate deployment contains the following configuration:

What is the result of this configuration?

Options:

Route-maps are not configurable in VDOM SERVICES

Route-maps from the Root VDOM configuration are available in VDOM SERVICES

Route-maps from VDOM SERVICES are available in all other VDOMs

Route-maps for VDOM SERVICES are excluded from HA configuration synchronization

Question 27

Refer to the exhibit.

What is happening in this scenario?

Options:

The user status changed at FortiClient EMS to off-net.

The user is authenticating against a FortiGate Captive Portal.

C The user is authenticating against an IdP.

The user has not authenticated on their external browser.

Question 28

Refer to the exhibit.

A customer needs to create a multi-tier MCLAG set up with the topology as shown in the exhibit.

A1/A2

B1/B2

C1/C2

Which command snippet should be applied to it, to allow active/active links in this topology?

Options:

Question 29

A customer is operating a FortiWeb cluster in a high volume active-active HA group consisting of eight FortiWeb appliances. One of the secondary members is handling traffic for one specific VIP.

What will happen with the traffic if that secondary FortiWeb appliance fails?

Options:

Traffic will be redirected to the next appliance in the same traffic group.

Traffic will be redistributed by the primary appliance to the remaining secondary appliances.

Traffic will be redistributed by the primary appliance to the remaining secondary appliances that are configured to handle traffic for that specific VIP.

Traffic will be redirected to the secondary member with the least number of sessions.

Question 30

A FortiGate running FortiOS 7.2.0 GA is configured in multi-vdom mode with a vdom set to vdom type Admin and another vdom set to vdom type Traffic.

Which two GUI sections are available on both VDOM types? (Choose two.)

Options:

Interface configuration

Packet capture

Security Fabric topology and external connectors

Certificates

FortiClient configuration

Question 31

You are migrating the branches of a customer to FortiGate devices. They require independent routing tables on the LAN side of the network.

After reviewing the design, you notice the firewall will have many BGP sessions as you have two data centers (DC) and two ISPs per DC while each branch is using at least 10 internal segments.

Based on this scenario, what would you suggest as the more efficient solution, considering that in the future the number of internal segments, DCs or internet links per DC will increase?

Options:

No change in design is needed as even small FortiGate devices have a large memory capacity.

Acquire a FortiGate model with more capacity, considering the next 5 years growth.

Implement network-id, neighbor-group and increase the advertisement-interval

Redesign the SD-WAN deployment to only use a single VPN tunnel and segment traffic using VRFs on BGP

Exam Detail

Vendor: Fortinet

Certification: Fortinet Network Security Expert

Exam Code: NSE8_812

Exam Name: Network Security Expert 8 Written Exam

Last Update: Apr 19, 2025

NSE8_812 Question Answers

Easter Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE8_812 Dumps Questions Answers

Network Security Expert 8 Written Exam Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet