New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Download Latest NSE8_812 Questions

Page: 3 / 5
Total 60 questions

Network Security Expert 8 Written Exam Questions and Answers

Question 9

Which two statements are correct on a FortiGate using the FortiGuard Outbreak Protection Service (VOS)? (Choose two.)

Options:

A.

The FortiGuard VOS can be used only with proxy-base policy inspections.

B.

If third-party AV database returns a match the scanned file is deemed to be malicious.

C.

The antivirus database queries FortiGuard with the hash of a scanned file

D.

The AV engine scan must be enabled to use the FortiGuard VOS feature

E.

The hash signatures are obtained from the FortiGuard Global Threat Intelligence database.

Question 10

A remote IT Team is in the process of deploying a FortiGate in their lab. The closed environment has been configured to support zero-touch provisioning from the FortiManager, on the same network, via DHCP options. After waiting 15 minutes, they are reporting that the FortiGate received an IP address, but the zero-touch process failed.

The exhibit below shows what the IT Team provided while troubleshooting this issue:

Which statement explains why the FortiGate did not install its configuration from the FortiManager?

Options:

A.

The FortiGate was not configured with the correct pre-shared key to connect to the FortiManager

B.

The DHCP server was not configured with the FQDN of the FortiManager

C.

The DHCP server used the incorrect option type for the FortiManager IP address.

D.

The configuration was modified on the FortiGate prior to connecting to the FortiManager

Question 11

Refer to the exhibits.

A customer is looking for a solution to authenticate the clients connected to a hardware switch interface of a FortiGate 400E.

Referring to the exhibits, which two conditions allow authentication to the client devices before assigning an IP address? (Choose two.)

Options:

A.

FortiGate devices with NP6 and hardware switch interfaces cannot support 802.1X authentication.

B.

Devices connected directly to ports 3 and 4 can perform 802 1X authentication.

C.

Ports 3 and 4 can be part of different switch interfaces.

D.

Client devices must have 802 1X authentication enabled

Question 12

Refer to the exhibits.

The exhibits show a diagram of a requested topology and the base IPsec configuration.

A customer asks you to configure ADVPN via two internet underlays. The requirement is that you use one interface with a single IP address on DC FortiGate.

In this scenario, which feature should be implemented to achieve this requirement?

Options:

A.

Use network-overlay id

B.

Change advpn2 to IKEv1

C.

Use local-id

D.

Use peer-id

Page: 3 / 5
Total 60 questions