New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Last Attempt NSE8_812 Questions

Page: 4 / 5
Total 60 questions

Network Security Expert 8 Written Exam Questions and Answers

Question 13

Refer to the exhibits, which show a firewall policy configuration and a network topology.

An administrator has configured an inbound SSL inspection profile on a FortiGate device (FG-1) that is protecting a data center hosting multiple web pages-Given the scenario shown in the exhibits, which certificate will FortiGate use to handle requests to xyz.com?

Options:

A.

FortiGate will fall-back to the default Fortinet_CA_SSL certificate.

B.

FortiGate will reject the connection since no certificate is defined.

C.

FortiGate will use the Fortinet_CA_Untrusted certificate for the untrusted connection,

D.

FortiGate will use the first certificate in the server-cert list—the abc.com certificate

Question 14

Refer to the exhibit.

A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.

How will the sessions be load balanced between server 1 and server 2 during normal operation?

Options:

A.

Server 1 will receive 25% of the sessions, Server 2 will receive 75% of the sessions

B.

Server 1 will receive 20% of the sessions, Server 2 will receive 66.6% of the sessions

C.

Server 1 will receive 33.3% of the sessions, Server 2 will receive 66 6% of the sessions

D.

Server 1 will receive 0% of the sessions Server 2 will receive 100% of the sessions

Question 15

Review the following FortiGate-6000 configuration excerpt:

Based on the configuration, which statement is correct regarding SNAT source port partitioning behavior?

Options:

A.

It dynamically distributes SNAT source ports to operating FPCs or FPMs.

B.

It is the default SNAT configuration and preserves active sessions when an FPC or FPM goes down.

C.

It statically distributes SNAT source ports to operating FPCs or FPMs

D.

It equally distributes SNAT source ports across chassis slots.

Question 16

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

Options:

A.

Geographical IP policies are enabled and evaluated after local techniques.

B.

Attackers can be blocked before they target the servers behind the FortiWeb.

C.

The IP Reputation feature has been manually updated

D.

An IP address that was previously used by an attacker will always be blocked

E.

Reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored

Page: 4 / 5
Total 60 questions