لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
The exhibit shows an explicit Web proxy configuration in a FortiGate device. The FortiGate is installed between a client with the IP address 172.16.10.4 and a Web server using port 80 with the IP address 10.10.3.4. The client Web browser is properly sending HTTP traffic to the FortiGate Web proxy IP address 172.16.10.254. Which two sniffer commands will capture this HTTP traffic? (Choose two.)
A. diagnose sniffer packet any ‘host 172
B. diagnose sniffer packet any ‘host 172
C. diagnose sniffer packet any ‘host 172
D. diagnose sniffer packet any ‘host 172
عرض الإجابة
اجابة صحيحة: CD
السؤال #2
Refer to the exhibit. The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met: "¢ 20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices "¢ The FortiGate HA must be in AP mode Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)
A. Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave
B. Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave
C. Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D
D. Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D
عرض الإجابة
اجابة صحيحة: AC
السؤال #3
You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.)
A. Download the WSDL file from FortiManager administration GUI
B. Make a call with the curl utility on your workstation
C. Make a call with the SoapUI API tool on your workstation
D. Make a call with the Web browser on your workstation
عرض الإجابة
اجابة صحيحة: AC
السؤال #4
Click the Exhibit button. You log into FortiManager, look at the Device Manager window and notice that one of your managed devices is not in normal status. Referring to the exhibit, which two statements correctly describe the affected device’s status and result? (Choose two.)
A. The device configuration was changed on the local FoitiGate side only
B. The device configuration was changed on both the local FortiGate side and the FortiManager side, auto-update is disabled
C. The changed configuration on the FortiGate wrt remain the next time that the device configuration is pushed from ForbManager
D. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiMAnager the next time that the device configuration is pushed
عرض الإجابة
اجابة صحيحة: BD
السؤال #5
The dashboard widget indicates that FortiGuard Web Filtering is not reachable. However, AntiVirus, IPS, and Application Control have no problems as shown in the exhibit. You contacted Fortinets customer service and discovered that your FortiGuard Web Filtering contract is still valid for several months. What are two reasons for this problem? (Choose two.)
A. You have another security device in front of FortiGate blocking ports 8888 and 53
B. FortiGuard Web Filtering is not enabled in any firewall policy
C. You did not enable Web Filtering cache under Web Filtering and E-mail Filtering Options
D. You have a firewall policy blocking ports 8888 and 53
عرض الإجابة
اجابة صحيحة: AB
السؤال #6
Click the Exhibit button. [Fortinet-NSE8-810-1.0/xmlfile-9_1.png] Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?
A. Create an IPsec tunnel with transport-mode encapsulation
B. Create an IPsec tunnel with tunnel-mode encapsulation
C. Create an IPsec tunnel with VXLAN encapsulation
D. Create an IPsec tunnel with VLAN encapsulation
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Which two methods are supported for importing user defined Lookup Table Data into the FortiSIEM? (Choose two.)
A. Report
B. FTP
C. API
D. SCP
عرض الإجابة
اجابة صحيحة: AC
السؤال #8
[Fortinet-NSE8-810-1.0/xmlfile-3_1.jpg] Click the Exhibit button. You are working on an entry level model FortiGate that has been configured in flow-based inspection mode with various settings optimized for performance. It default. Your customer has found that some virus samples are not being appears that the main Internet firewall policy is using the antivirus profile labelled caught by the FortiGate. Referring to the exhibit, what is causing the problem? set default-db configuration was set to extreme.
A. The set options scan configuration items should have been changed to set options scan avmonitor
B. The
C. The default AV profile was modified to use quick scan-mode
D. The
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Referring to the configuration shown in the exhibit, which three statements are true? (Choose three.)
A. raffic logging is disabled in policy 96
B. CP handshake is completed and no FIN/RST has been forwarded
C. o packet has hit this session in the last five minutes
D. o QoS is applied to this traffic
E. he traffic goes through a VIP applied to policy 96
عرض الإجابة
اجابة صحيحة: BCE
السؤال #10
Review the Application Control log.Which configuration caused the IPS engine to generate this log?A.C.D.
A. Option A
B. Option B
C. Option C
D. Option D
عرض الإجابة
اجابة صحيحة: D
السؤال #11
Consider the following VDOM configuration: In which two ways can you establish communication between an existing NAT VDOM and a new transparent VDOM? (Choose two.)
A. et the set ip 10
B. et the set ip 10
C. et type ppp to the vdom-link, vlink2
D. et type ethernet to the vdom-link, vlink2
عرض الإجابة
اجابة صحيحة: BD
السؤال #12
You want to manage a FortiGate with the FortiCloud service. The FortiGate shows up in your list of devices on the FortiCloud Web site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?
A. The management tunnel mode on the managed FortiGate must be changed to normal
B. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud
C. The managed FortiGate requires that a FortiCloud management license be purchased and applied
D. You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Refer to the exhibits.A customer is trying to restore a VPN connection configured on a FortiGate. Exhibits show output during a troubleshooting session when the VPN was working and the current baseline VPN configuration.Which configuration parameters will restore VPN connectivity based on the diagnostic output?A.B.C.D.
A. Option A
B. Option B
C. Option C
D. Option D
عرض الإجابة
اجابة صحيحة: C
السؤال #14
A customer is operating a FortiWeb cluster in a high volume active-active HA group consisting of eight FortiWeb appliances. One of the secondary members is handling traffic for one specific VIP. What will happen with the traffic if that secondary FortiWeb appliance fails?
A. Traffic will be redistributed by the primary appliance to the remaining secondary appliances that are configured to handle traffic for that specific VIP
B. Traffic will be redirected to the secondary member with the least number of sessions
C. Traffic will be redistributed by the primary appliance to the remaining secondary appliances
D. Traffic will be redirected to the next appliance in the same traffic group
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Refer to the exhibit. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?
A. The policy redirects all HTTPS URLs to HTTP
B. The policy redirects all HTTP URLs to HTTPS
C. The policy redirects only HTTP URLs containing the ^/(
D. The policy redirects only HTTPS URLs containing the ^/(
عرض الإجابة
اجابة صحيحة: B
السؤال #16
Refer to the exhibit. What is happening in this scenario?
A. The user is authenticating against a FortiGate Captive Portal
B. The user status changed at FortiClient EMS to off-net
C. The user has not authenticated on their external browser
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Anti-Virus Real-Time Protection is enabled without any exclusions. Referring to the exhibit, which two behaviors will the FortiClient endpoint have after receiving the profile update from the FortiClient EMS? (Choose two.)
A. ccess to a downloaded file will always be allowed after 60 seconds when the FortiSandbox is reachable
B. he user will not be able to access a downloaded file for a maximum of 60 seconds if it is not a virus and the FortiSandbox is reachable
C. iles executed from a mapped network drive will not be inspected by the FortiClient endpoint AntiVirus engine
D. f the Real-Time Protection does not detect a virus, the user will be able to access a downloaded file when the FortiSandbox is unreachable
عرض الإجابة
اجابة صحيحة: AB
السؤال #18
An HA topology is using the following configuration: Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?
A. 600ms
B. 200mscorrect
C. 300ms
D. 100ms
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Refer to the exhibit. [Fortinet-NSE8-811-1.0/xmlfile-7_1.png] You created a custom health-check for your FortiWeb deployment. Given the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server
B. The FortiWeb must receive an HTTP 200 response code from the server
C. The FortiWeb must match the hash value of the page index
D. The FortiWeb must receive an ICMP Echo Request from the server
عرض الإجابة
اجابة صحيحة: B
السؤال #20
Click the Exhibit button. Central NAT was configured on a FortiGate firewall. A sniffer shows ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP(VIP) that was configured. Referring to the exhibit, which configuration will ensure that ICMP traffic is also translated?
A. config firewall central-snat-map edit 1 set orig-addr "all" next end
B. config firewall ippool edit "secondry_ip" set arp-intf 'port1' next end
C. config firewall central-snat-map edit 1 unset protocol next end
D. config firewall central-snat-map edit 1 set protocol 1 next end
عرض الإجابة
اجابة صحيحة: C
السؤال #21
FortiMail configured with the protected domain "internal lab". Which two envelopes addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)
A. MAIL FROM: traming@fortinet com: RCPT TO: student@fortmet com
B. MAIL FROM student@fortinet com: RCPT TO[email?protected]correct
C. MAIL FROM: trainmg@internallab; RCPT TO student@mternallabcorrect
D. MAIL FROM student@internal lab: RCPT TO[email?protected]
عرض الإجابة
اجابة صحيحة: BC
السؤال #22
FortiGate1 has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between FortiGate1 and FortiGate2 is on UDP port 500. A PC on FortuGate2s local area network is sending continuous ping requests over the VPN tunnel to a PC of FortiGate1s local area network. No other traffic is sent over the tunnel. Which statement is true on this scenario?
A. ortiGate1 sends an R-U-THERE packet every 300 seconds while ping traffic is flowing
B. ortiGate1 sends an R-U-THERE packet if pings stop for 300 seconds and no IKE packet is received during this period
C. ortiGate1 sends an R-U-THERE packet if pings stop for 60 seconds and no IKE packet is received during this period
D. ortiGate1 sends an R-U-THERE packet every 60 seconds while ping traffic is flowing
عرض الإجابة
اجابة صحيحة: C
السؤال #23
You want to manage a FortiGate with the FortiCloud service. The FortiGate shows up in your list of devices on the FortiCloud Web site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?
A. The management tunnel mode on the managed FortiGate must be changed to normal
B. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud
C. The managed FortiGate requires that a FortiCloud management license be purchased and applied
D. You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard
عرض الإجابة
اجابة صحيحة: D
السؤال #24
You have a customer with a SCADA environmental control device that is triggering a false-positive IPS alert whenever the devicea€?s Web GUI is accessed. You cannot seem to create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support. You need to prevent the false positive IPS alerts from occuring. In this scenario, which two actions would accomplish this task? (Choose two.)
A. Create a very granular firewall policy for that devicea€?s IP address which does not perform IPS scanning
B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based
C. Create a URL filter with the
D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection
عرض الإجابة
اجابة صحيحة: AD
السؤال #25
Your marketing department uncompressed and executed a file that the whole department received using Skype. [Fortinet-NSE8-8.0/Fortinet-NSE8-10_2.png] Reviewing the exhibit, which two details do you determine from your initial analysis of the payload?
A. The payload contains strings that the malware is monitoring to harvest credentials
B. This is a type of Trojan that will download and pirate movies using your Netflix credentials
C. This type of threat of a DDoS attack using instant messaging to send e-mails to further spread the infection
D. This threat payload is uploading private user videos which are then used to extort Bitcoin payments
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Referring to the exhibit, users are reporting that their FortiFones ring but when they pick up, the cannot hear each other. The FortiFones use SIP to communicate with the SIP Proxy Server and RTP between the phones. Which configuration change will resolve the problem?
A.
B.
C.
D.
عرض الإجابة
اجابة صحيحة: C
السؤال #27
Review the VPN configuration shown in the exhibit. What is the Forward Error Correction behavior if the SD-WAN network traffic download is 500 Mbps and has 8% of packet loss in the environment?
A. 1 redundant packet for every 10 base packets
B. 3 redundant packet for every 5 base packets
C. 2 redundant packet for every 8 base packets
D. 3 redundant packet for every 9 base packets
عرض الإجابة
اجابة صحيحة: A
السؤال #28
Consider the following FortiGate configuration: [Fortinet-NSE8-811-1.0/xmlfile-11_1.png] Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate?
A. block
B. inspect
C. allow
D. ignore
عرض الإجابة
اجابة صحيحة: D
السؤال #29
What is the benefit of using FortiGate NAC LAN Segments?
A. It provides support for multiple DHCP servers within the same VLAN
B. It provides physical isolation without changing the IP address of hosts
C. It provides support for IGMP snooping between hosts within the same VLAN
D. It allows for assignment of dynamic address objects matching NAC policy
عرض الإجابة
اجابة صحيحة: B
السؤال #30
A FortOS devices is used for termination of VPNs for number of remote spoke VPN units (designated group A spokes) using a phase 1 main mode dial-up tunnel using pre-shared. Your company recently acquired another organization. You are asked establish VPN correctively for the newly acquired organization's sites which new devices will be provisioned (designated Group B spokes). Both exiting (Group A) and new (Group B) spoke units are dynamically addressed. You are asked to ensure that spokes from the acquired
A. implements a new phase 1 dial-up mode tunnel with preshared keys and XAuth
B. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spokes
C. Implement a new phase 1 dial-up main mode tunnel with certificate authentication
D. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer I
E. Use standard policies to filter traffic for the new dial-up tunnel
عرض الإجابة
اجابة صحيحة: AB

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.