DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Fortinet NSE8_812 Exam Questions and Answers, Fortinet Network Security Expert 8 Written Exam | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
A retail customer with a FortiADC HA cluster load balancing five webservers in L7 Full NAT mode is receiving reports of users not able to access their website during a sale event. But for clients that were able to connect, the website works fine. CPU usage on the FortiADC and the web servers is low, application and database servers are still able to handle more traffic, and the bandwidth utilization is under 30%. Which two options can resolve this situation? (Choose two.)
A. Change the persistence rule to LB_PERSIS_SSL_SESSJcorrect
B. Add more web servers to the real server poof
C. Disable SSL between the FortiADC and the web serverscorrect
D. Add a connection-pool to the FortiADC virtual server
View answer
Correct Answer: AC
Question #2
What is the benefit of using FortiGate NAC LAN Segments?
A. It provides support for multiple DHCP servers within the same VLA
B. It provides physical isolation without changing the IP address of hosts
C. It provides support for IGMP snooping between hosts within the same VLANcorrect
D. It allows for assignment of dynamic address objects matching NAC policy
View answer
Correct Answer: C
Question #3
Your colleague has enabled virtual clustering to load balance traffic between the cluster units. You notice that all traffic is currently directed to a single FortiGate unit. Your colleague has applied the configuration shown in the exhibit. Which step would you perform to load balance traffic within the virtual cluster?
A. Issue the diagnose sys ha reset-uptime command on the unit that is currently processing traffic to enable load balancing
B. Add an additional virtual cluster high-availability link to enable cluster load balancing
C. Input Virtual Cluster domain 1 and Virtual Cluster domain 2 device priorities for each cluster unit
D. Use the set override enable command on both units to allow the secondary unit to load balance traffic
View answer
Correct Answer: C
Question #4
The Company Corp administrator has enabled Workflow mode in FortiManager and has assigned approval roles to the current administrators. However, workflow approval does not function as expected. The CTO is currently unable to approve submitted changes.Given the exhibit, which two possible solutions will resolve the workflow approval problems with the Workflow_72 ADOM? (Choose two.)
A. The CTO must have a defined email address for their admin user account
B. The CTO and CISO need to swap Approval Groups so that the highest authority is in Group #1
C. The CTO must have Standard access level or higher for FortiManager
D. The CISO must have a higher access level than 'Read_Only_User' in FortiManager
E. The CTO needs to be added to 'Email Notification' in the Workflow_72 ADOM
View answer
Correct Answer: AC
Question #5
Refer to the exhibit. FortiManager is configured with the Jinja Script under CLI Templates shown in the exhibit. Which two statements correctly describe the expected behavior when running this template? (Choose two.)
A. The Jinja template will automatically map the interface with "WAN" role on the managed FortiGate
B. The template will work if you change the variable format to $(WAN)
C. The template will work if you change the variable format to {{WAN}}
D. The administrator must first manually map the interface for each device with a meta field
E. The template will fail because this configuration can only be applied with a CLI or TCL script
View answer
Correct Answer: ADE
Question #6
How would you apply security to the network shown in the exhibit?
A. eplace RW1 with a ruggedized FortiGate and RW2 with a normal FortiGate
B. eplace RW1 with a normal FortiGate and RW2 with a ruggedized FortiGate
C. eplace RW1 with a normal FortiGate and RW2 with a ruggedized FortiGate
D. eplace RW1 with a normal FortiGate and RW2 with a ruggedized FortiGate
View answer
Correct Answer: D
Question #7
Refer to the exhibit. You have two data centers with a FortiGate 7000-series chassis connected by VPN. All traffic flows over an established generic routing encapsulation (GRE) tunnel between them. You are troubleshooting traffic that is traversing between Server VLAN A and Server VLAN B. The performance is lower than expected and you notice all traffic is only going through the FPM in slot 3 while nothing through the FPM in slot 4. Referring to the exhibit, which statement is true?
A. emoving traffic shaping from the firewall policy allowing this traffic will allow for load-balancing to the other module
B. hanging the algorithm to take source IP, destination IP and port into account will load balance this traffic to the other module
C. here is no way to load-balance the traffic in this scenario
D. onfiguring a load-balance flow-rule in the CLI will load-balance this traffic
View answer
Correct Answer: D
Question #8
Review the VPN configuration shown in the exhibit. What is the Forward Error Correction behavior if the SD-WAN network traffic download is 500 Mbps and has 8% of packet loss in the environment?
A. 1 redundant packet for every 10 base packets
B. 3 redundant packet for every 5 base packets
C. 2 redundant packet for every 8 base packets
D. 3 redundant packet for every 9 base packets
View answer
Correct Answer: A
Question #9
Which feature must you enable on the BGP neighbors to accomplish this goal?
A. Graceful-restartcorrect
B. Deterministic-med
C. Synchronization
D. Soft-reconfiguration
View answer
Correct Answer: A
Question #10
Exhibit
A. The set default-db configure was set to extreme
B. The set options scan configuration items should have been changed to not option scan avmonitor
C. The default AV profile was modified to use quick scan-mode
D. The mobile-malware-db configuration was set to enable
View answer
Correct Answer: C
Question #11
You are running a diagnose command continuously as traffic flows through a platform with NP6 and you obtain the following output: Given the information shown in the output, which two statements are true? (Choose two.)
A. Enabling bandwidth control between the ISF and the NP will change the output
B. The output is showing a packet descriptor queue accumulated counter
C. Enable HPE shaper for the NP6 will change the output
D. Host-shortcut mode is enabled
E. There are packet drops at the XAUI
View answer
Correct Answer: B
Question #12
Refer to the exhibit. Referring to the firewall polices shown in exhibit, which two statements are true? (Choose two.)
A. he IPv4 policy is allowing security profile groups
B. he IPv6 traffic for nse8user is filtered using the DNS profile
C. he IPv4 traffic for nse8user is filtered using the DNS profile
D. he Web traffic for nse8user is being filtered differently in IPv4 and IPv6
View answer
Correct Answer: BC
Question #13
A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below. -E-mail can only be accepted if a valid e-mail account exists. -Only authenticated users can send e-mails out. Which two actions will satisfy the requirements? (Choose two.)
A. Configure recipient address verification
B. Configure inbound recipient policies
C. Configure outbound recipient policies
D. Configure access control rules
View answer
Correct Answer: DA
Question #14
Refer to the exhibit. You have installed a FortiSandbox and configured it in your FortiMail. Referring to the exhibit, which two statements are correct? (Choose two.)
A. f FortiMail is not able to obtain the results from the FortiGuard queries, URIs will not be checked by the FortiSandbox
B. ortiMail will cache the results for 30 minutes
C. f the FortiSandbox with IP 10
D. ortiMail will wait up to 30 minutes to obtain the scan results
View answer
Correct Answer: AD
Question #15
SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high. You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work. What should you configure?
A. Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server
B. Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address
C. Configure two DNS servers and use DNS servers recommended by the two internet providers
D. Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server
View answer
Correct Answer: D
Question #16
You have deployed a FortiGate In NAT/Route mode as a secure as a web gateway with a few P-base authentication firewall policies. Your customer reports that some users now have different browsing permission =s from what is expected. All these users are browsing using internet Explorer through Desktop Connection to a Terminal Server. When you took at the Fortigate logs the username for the Terminal Server IP is not consistent. Which action will correct this problem?
A. Configure FSSO Advanced with LDAP integration
B. Change the FSSO polling mode to windows NetAPI
C. Install the TS/Citrix on the terminal server
D. Make sure Terminal Service is using the correct DNS ever
View answer
Correct Answer: C
Question #17
Refer to the exhibits. Exhibit A Exhibit B Exhibit C A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C. Referring to the exhibits, which configuration will restore VPN connectivity?
A.
B.
C.
D.
View answer
Correct Answer: D
Question #18
Click the Exhibit button.
A. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B
B. LAG-1 and LAG 2 should be connected to a single 4-port 802 3ad interface on the FortiGate-A
C. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802 3ad trunk on another device
D. LAG-1 and LAG-2 should be connected to a 4-port single 802 3ad trunk on another device
View answer
Correct Answer: BC
Question #19
Refer to the exhibit. The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device. Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)
A. raffic that does not match any SPP policy will be inspected by this SPP
B. ortiDDoS will not send a SYN/ACK if a SYN packet is coming from an IP address that is not in the legitimate IP (LIP) address table
C. ortiDDoS will start dropping packets as soon as the traffic exceeds the configured minimum threshold
D. YN packets with payloads will be dropped
View answer
Correct Answer: AD
Question #20
Refer to the exhibits. An administrator has configured a FortiGate and Forti Authenticator for two-factor authentication with FortiToken push notifications for their SSL VPN login. Upon initial review of the setup, the administrator has discovered that the customers can manually type in their two-factor code and authenticate but push notifications do not work Based on the information given in the exhibits, what must be done to fix this?
A. On FG-1 port1, the ftm access protocol must be enabled
B. FAC-1 must have an internet routable IP address for push notifications
C. On FG-1 CLI, the ftm-push server setting must point to 100
D. On FAC-1, the FortiToken public IP setting must point to 100
View answer
Correct Answer: B
Question #21
Your NOC contracts the security team due to a problem with a new application flow. You are instructed to disable hardware acceleration for the policy shown in the exhibit for troubleshooting purposes. [Fortinet-NSE8-8.0/Fortinet-NSE8-6_2.png] Which command will disable hardware acceleration for the new application policy?
A.
B.
C.
D.
View answer
Correct Answer: D
Question #22
You are troubleshooting a FortiMail Cloud service integrated with Office 365 where outgoing emails are not reaching the recipients’ mail. What are two possible reasons for this problem? (Choose two.)
A. The FortiMail access control rule to relay from Office 365 servers FQDN is missing
B. The FortiMail DKIM key was not set using the Auto Generation option
C. The FortiMail access control rules to relay from Office 365 servers public IPs are missing
D. A Mail Flow connector from the Exchange Admin Center has not been set properly to the FortiMail Cloud FQDN
View answer
Correct Answer: CD
Question #23
You configured AV and Web filtering for your outgoing Internet connections. You later notice that not all Web sessions are being inspected and you start troubleshooting the problem. Referring to the exhibit, what can be causing this problem?
A. The Web session is using QUIC which is not inspected by the FortiGate
B. There are problems with the connection to the Web filter servers, therefore the Web session cannot be categorized
C. The SSL inspection options are not set to deep inspection
D. Web filtering is not licensed; therefore, no inspection occurs
View answer
Correct Answer: A
Question #24
Refer to the exhibit. You have two data centers with a FortiGate 7000-series chassis connected by VPN. All traffic flows over an established generic routing encapsulation (GRE) tunnel between them. You are troubleshooting traffic that is traversing between Server VLAN A and Server VLAN B. The performance is lower than expected and you notice all traffic is only going through the FPM in slot 3 while nothing through the FPM in slot 4. Referring to the exhibit, which statement is true?
A. There is no way to load-balance the traffic in this scenario
B. Configuring a load-balance flow-rule in the CLI will load-balance this traffic
C. Removing traffic shaping from the firewall policy allowing this traffic will allow for load-balancing to the other module
D. Changing the algorithm to take source IP, destination IP and port into account will load balance this traffic to the other module
View answer
Correct Answer: B
Question #25
Exhibit You created a custom health-check for your FortiWeb deployment. Referring to the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server
B. The FortiWeb must receive an HTTP 200 response code from the server
C. The FortiWeb must receive an ICMP Echo Request from the server
D. The FortiWeb must match the hash value of the page index html
View answer
Correct Answer: B
Question #26
Refer to the exhibit, which shows a Branch1 configuration and routing table. In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available. In this scenario, which configuration change will meet this requirement?
A. Change the load-balance-mode to source-ip-based
B. Create a new static route with the internet sdwan-zone only
C. Configure the cost in each overlay member to 10
D. Configure the priority in each overlay member to 10
View answer
Correct Answer: D
Question #27
You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack?
A. asymmetric mode
B. aggressive aging modecorrect
C. rate limiting mode
D. blocking mode
View answer
Correct Answer: B
Question #28
An HA topology is using the following configuration: Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?
A. 600ms
B. 200ms
C. 300ms
D. 100ms
View answer
Correct Answer: A
Question #29
You have a customer with a SCADA environmental control devices that is trigged a false-positive OPS alert whenever the device's Web GUI is accessed. You cannot seem to create a functional custom IPS filter expert this behavior, and it appears that the device is so old that it does HTTPS support. You need to prevent the false posited IPS alert occurring. In this scenario, which two actions would accomplish this task? (Choose two.)
A. Create a very granular firewall for that device's IP address which does not perform IPS scanning
B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based
C. Create a URL filter with the exempt action for that device's IP address
D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection
View answer
Correct Answer: AD
Question #30
Refer to the CLI output: Given the information shown in the output, which two statements are correct? (Choose two.)
A. Geographical IP policies are enabled and evaluated after local techniques
B. Attackers can be blocked before they target the servers behind the FortiWeb
C. The IP Reputation feature has been manually updated
D. An IP address that was previously used by an attacker will always be blocked
E. Reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restoredcorrect
View answer
Correct Answer: ABE

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.