New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE8_812 Dumps Questions Answers

Page: 1 / 5
Total 60 questions

Network Security Expert 8 Written Exam Questions and Answers

Question 1

Refer to the exhibit, which shows a VPN topology.

The device IP 10.1.100.40 downloads a file from the FTP server IP 192.168.4.50

Referring to the exhibit, what will be the traffic flow behavior if ADVPN is configured in this environment?

Options:

A.

All the session traffic will pass through the Hub

B.

The TCP port 21 must be allowed on the NAT Device2

C.

ADVPN is not supported when spokes are behind NAT

D.

Spoke1 will establish an ADVPN shortcut to Spoke2

Buy Now
Question 2

Review the VPN configuration shown in the exhibit.

What is the Forward Error Correction behavior if the SD-WAN network traffic download is 500 Mbps and has 8% of packet loss in the environment?

Options:

A.

1 redundant packet for every 10 base packets

B.

3 redundant packet for every 5 base packets

C.

2 redundant packet for every 8 base packets

D.

3 redundant packet for every 9 base packets

Question 3

An automation stitch was configured using an incoming webhook as the trigger named 'my_incoming_webhook'. The action is configured to execute the CLI Script shown:

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 4

An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the Online Certificate Status Protocol (OCSP) server.

Part of the FortiGate configuration is shown below:

Based on this configuration, which two statements are true? (Choose two.)

Options:

A.

OCSP checks will always go to the configured FortiAuthenticator

B.

The OCSP check of the certificate can be combined with a certificate revocation list.

C.

OCSP certificate responses are never cached by the FortiGate.

D.

If the OCSP server is unreachable, authentication will succeed if the certificate matches the CA.

Question 5

Refer to the exhibit, which shows a Branch1 configuration and routing table.

In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.

In this scenario, which configuration change will meet this requirement?

Options:

A.

Change the load-balance-mode to source-ip-based.

B.

Create a new static route with the internet sdwan-zone only

C.

Configure the cost in each overlay member to 10.

D.

Configure the priority in each overlay member to 10.

Question 6

You are responsible for recommending an adapter type for NICs on a FortiGate VM that will run on an ESXi Hypervisor. Your recommendation must consider performance as the main concern, cost is not a factor. Which adapter type for the NICs will you recommend?

Options:

A.

Native ESXi Networking with E1000

B.

Virtual Function (VF) PCI Passthrough

C.

Native ESXi Networking with VMXNET3

D.

Physical Function (PF) PCI Passthrough

Question 7

Refer to the exhibit showing the history logs from a FortiMail device.

Which FortiMail email security feature can an administrator enable to treat these emails as spam?

Options:

A.

DKIM validation in a session profile

B.

Sender domain validation in a session profile

C.

Impersonation analysis in an antispam profile

D.

Soft fail SPF validation in an antispam profile

Question 8

Refer to the exhibit.

The exhibit shows the forensics analysis of an event detected by the FortiEDR core

In this scenario, which statement is correct regarding the threat?

Options:

A.

This is an exfiltration attack and has been stopped by FortiEDR.

B.

This is an exfiltration attack and has not been stopped by FortiEDR

C.

This is a ransomware attack and has not been stopped by FortiEDR.

D.

This is a ransomware attack and has been stopped by FortiEDR

Question 9

Which two statements are correct on a FortiGate using the FortiGuard Outbreak Protection Service (VOS)? (Choose two.)

Options:

A.

The FortiGuard VOS can be used only with proxy-base policy inspections.

B.

If third-party AV database returns a match the scanned file is deemed to be malicious.

C.

The antivirus database queries FortiGuard with the hash of a scanned file

D.

The AV engine scan must be enabled to use the FortiGuard VOS feature

E.

The hash signatures are obtained from the FortiGuard Global Threat Intelligence database.

Question 10

A remote IT Team is in the process of deploying a FortiGate in their lab. The closed environment has been configured to support zero-touch provisioning from the FortiManager, on the same network, via DHCP options. After waiting 15 minutes, they are reporting that the FortiGate received an IP address, but the zero-touch process failed.

The exhibit below shows what the IT Team provided while troubleshooting this issue:

Which statement explains why the FortiGate did not install its configuration from the FortiManager?

Options:

A.

The FortiGate was not configured with the correct pre-shared key to connect to the FortiManager

B.

The DHCP server was not configured with the FQDN of the FortiManager

C.

The DHCP server used the incorrect option type for the FortiManager IP address.

D.

The configuration was modified on the FortiGate prior to connecting to the FortiManager

Question 11

Refer to the exhibits.

A customer is looking for a solution to authenticate the clients connected to a hardware switch interface of a FortiGate 400E.

Referring to the exhibits, which two conditions allow authentication to the client devices before assigning an IP address? (Choose two.)

Options:

A.

FortiGate devices with NP6 and hardware switch interfaces cannot support 802.1X authentication.

B.

Devices connected directly to ports 3 and 4 can perform 802 1X authentication.

C.

Ports 3 and 4 can be part of different switch interfaces.

D.

Client devices must have 802 1X authentication enabled

Question 12

Refer to the exhibits.

The exhibits show a diagram of a requested topology and the base IPsec configuration.

A customer asks you to configure ADVPN via two internet underlays. The requirement is that you use one interface with a single IP address on DC FortiGate.

In this scenario, which feature should be implemented to achieve this requirement?

Options:

A.

Use network-overlay id

B.

Change advpn2 to IKEv1

C.

Use local-id

D.

Use peer-id

Question 13

Refer to the exhibits, which show a firewall policy configuration and a network topology.

An administrator has configured an inbound SSL inspection profile on a FortiGate device (FG-1) that is protecting a data center hosting multiple web pages-Given the scenario shown in the exhibits, which certificate will FortiGate use to handle requests to xyz.com?

Options:

A.

FortiGate will fall-back to the default Fortinet_CA_SSL certificate.

B.

FortiGate will reject the connection since no certificate is defined.

C.

FortiGate will use the Fortinet_CA_Untrusted certificate for the untrusted connection,

D.

FortiGate will use the first certificate in the server-cert list—the abc.com certificate

Question 14

Refer to the exhibit.

A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.

How will the sessions be load balanced between server 1 and server 2 during normal operation?

Options:

A.

Server 1 will receive 25% of the sessions, Server 2 will receive 75% of the sessions

B.

Server 1 will receive 20% of the sessions, Server 2 will receive 66.6% of the sessions

C.

Server 1 will receive 33.3% of the sessions, Server 2 will receive 66 6% of the sessions

D.

Server 1 will receive 0% of the sessions Server 2 will receive 100% of the sessions

Question 15

Review the following FortiGate-6000 configuration excerpt:

Based on the configuration, which statement is correct regarding SNAT source port partitioning behavior?

Options:

A.

It dynamically distributes SNAT source ports to operating FPCs or FPMs.

B.

It is the default SNAT configuration and preserves active sessions when an FPC or FPM goes down.

C.

It statically distributes SNAT source ports to operating FPCs or FPMs

D.

It equally distributes SNAT source ports across chassis slots.

Question 16

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

Options:

A.

Geographical IP policies are enabled and evaluated after local techniques.

B.

Attackers can be blocked before they target the servers behind the FortiWeb.

C.

The IP Reputation feature has been manually updated

D.

An IP address that was previously used by an attacker will always be blocked

E.

Reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored

Question 17

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.

Which two statements are true regarding the requirements? (Choose two.)

Options:

A.

FortiGate can perform SSH access proxy host-key validation.

B.

You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.

C.

SSH traffic is tunneled between the client and the access proxy over HTTPS

D.

Traffic is discarded as ZTNA does not support SSH connection rules

Question 18

Refer to the exhibit.

You are deploying a FortiGate 6000F. The device should be directly connected to a switch. In the future, a new hardware module providing higher speed will be installed in the switch, and the connection to the FortiGate must be moved to this higher-speed port.

You must ensure that the initial FortiGate interface connected to the switch does not affect any other port when the new module is installed and the new port speed is defined.

How should the initial connection be made?

Options:

A.

Connect the switch on any interface between ports 21 to 24

B.

Connect the switch on any interface between ports 25 to 28

C.

Connect the switch on any interface between ports 1 to 4

D.

Connect the switch on any interface between ports 5 to 8.

Page: 1 / 5
Total 60 questions