CertsTopics Logo

Big 11.11 Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Last Attempt NSE8_812 Questions

Page: 4 / 8
Total 105 questions
Get NSE8_812 Full Access Download NSE8_812 PDF

Network Security Expert 8 Written Exam Questions and Answers

Question 13

Refer to the exhibit, which shows a Branch1 configuration and routing table.

In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.

In this scenario, which configuration change will meet this requirement?

Options:

A.

Change the load-balance-mode to source-ip-based.

B.

Create a new static route with the internet sdwan-zone only

C.

Configure the cost in each overlay member to 10.

D.

Configure the priority in each overlay member to 10.

Question 14

A retail customer with a FortiADC HA cluster load balancing five webservers in L7 Full NAT mode is receiving reports of users not able to access their website during a sale event. But for clients that were able to connect, the website works fine.

CPU usage on the FortiADC and the web servers is low, application and database servers are still able to handle more traffic, and the bandwidth utilization is under 30%.

Which two options can resolve this situation? (Choose two.)

Options:

A.

Change the persistence rule to LB_PERSIS_SSL_SESSJD.

B.

Add more web servers to the real server poof

C.

Disable SSL between the FortiADC and the web servers

D.

Add a connection-pool to the FortiADC virtual server

Question 15

Refer to the exhibit, which shows the high availability configuration for the FortiAuthenticator (FAC1).

Based on this information, which statement is true about the next FortiAuthenticator (FAC2) member that will join an HA cluster with this FortiAuthenticator (FAC1)?

Options:

A.

FAC2 can only process requests when FAC1 fails.

B.

FAC2 can have its HA interface on a different network than FAC1.

C.

The FortiToken license will need to be installed on the FAC2.

D.

FSSO sessions from FAC1 will be synchronized to FAC2.

Question 16

Refer to the exhibit.

A customer has deployed a FortiGate 300E with virtual domains (VDOMs) enabled in the multi-VDOM mode. There are three VDOMs: Root is for management and internet access, while VDOM 1 and VDOM 2 are used for segregating internal traffic. AccountVInk and SalesVInk are standard VDOM links in Ethernet mode.

Given the exhibit, which two statements below about VDOM behavior are correct? (Choose two.)

Options:

A.

You can apply OSPF routing on the VDOM link in either PPP or Ethernet mode

B.

Traffic on AccountVInk and SalesVInk will not be accelerated.

C.

The VDOM links are in Ethernet mode because they have IP addressed assigned on both sides.

D.

Root VDOM is an Admin type VDOM, while VDOM 1 and VDOM 2 are Traffic type VDOMs.

E.

OSPF routing can be configured between VDOM 1 and Root VDOM without any configuration changes to AccountVInk

Page: 4 / 8
Total 105 questions
Get NSE8_812 Full Access Download NSE8_812 PDF