DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Fortinet NSE8_812 Exam Questions and Answers PDF | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
Refer to the exhibits, which show a firewall policy configuration and a network topology. An administrator has configured an inbound SSL inspection profile on a FortiGate device (FG-1) that is protecting a data center hosting multiple web pages-Given the scenario shown in the exhibits, which certificate will FortiGate use to handle requests to xyz.com?
A. FortiGate will fall-back to the default Fortinet_CA_SSL certificate
B. FortiGate will reject the connection since no certificate is defined
C. FortiGate will use the Fortinet_CA_Untrusted certificate for the untrusted connection,
D. FortiGate will use the first certificate in the server-cert list-the abc
View answer
Correct Answer: D
Question #2
On a FortiGate Configured in Transparent mode, which configuration option allows you to control Multicast traffic passing through the?
A. Option A
B. Option B
C. Option C
D. Option D
View answer
Correct Answer: A
Question #3
You are responsible for recommending an adapter type for NICs on a FortiGate VM that will run on an ESXi Hypervisor. Your recommendation must consider performance as the main concern, cost is not a factor. Which adapter type for the NICs will you recommend?
A. Native ESXi Networking with E1000
B. Virtual Function (VF) PCI Passthrough
C. Native ESXi Networking with VMXNET3correct
D. Physical Function (PF) PCI Passthrough
View answer
Correct Answer: C
Question #4
Click the Exhibit button. [Fortinet-NSE8-810-1.0/xmlfile-5_1.jpg] Referring to the exhibit, which two statements are true? (Choose two.)
A. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B
B. LAG-1 and LAG-2 should be connected to a single 4-port 802
C. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802
D. LAG-1 and LAG-2 should be connected to a 4-port single 802
View answer
Correct Answer: BC
Question #5
Refer to the exhibits.The exhibits show the configuration and debug output from a FortiGate Public SDN Connector.What is a possible reason for this dynamic address object to be empty?
A. The Application ID is incorrect
B. The Client secret is incorrect
C. The App registration does not have a role with necessary read permissions on the resource group
D. The resource group NSE8-Lab does not exist
View answer
Correct Answer: C
Question #6
What is the benefit of using FortiGate NAC LAN Segments?
A. It provides support for multiple DHCP servers within the same VLAN
B. It provides physical isolation without changing the IP address of hosts
C. It provides support for IGMP snooping between hosts within the same VLAN
D. It allows for assignment of dynamic address objects matching NAC policy
View answer
Correct Answer: B
Question #7
Which three statements about throughput on a wireless network are true? (Choose three.)
A. wireless device labelled as 300 Mbps should be expected to provide a throughput of 300Mbps
B. e careful to ensure the capabilities of the wireless clients match those of the access points, in order to achieve higher throughput
C. educing the duty cycles of the wireless media by generating fewer beacons may improve throughput
D. ecause of the higher level of RF noise that is typical in the 2
E. ecause of the full-duplex nature of the medium and the minimal overhead generated by CSMA/CA, the actual aggregate throughput is typically close to the data rate
View answer
Correct Answer: BCD
Question #8
You are running a diagnose command continuously as traffic flows through a platform with NP6 and you obtain the following output: Given the information shown in the output, which two statements are true? (Choose two.)
A. Enabling bandwidth control between the ISF and the NP will change the outputcorrect
B. The output is showing a packet descriptor queue accumulated countercorrect
C. Enable HPE shaper for the NP6 will change the output
D. Host-shortcut mode is enabled
E. There are packet drops at the XAUcorrect
View answer
Correct Answer: ABE
Question #9
A customer wants to enable SYN flood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source IP address. Which SYN flood mitigation mode must the customer use?
A. SYN retransmission
B. SYN/ACK cookie
C. SYN cookiecorrect
D. ACK cookie
View answer
Correct Answer: C
Question #10
Refer to the exhibit. You log into FortiManager, access the Device Manager window and notice that one of the managed devices is not in normal status. Referring to the exhibit, which two statements correctly describe the status and result of the affected device? (Choose two.)
A. he device configuration was changed on the local FortiGate side only; auto-update is disabled
B. he changed configuration on the FortiGate will remain the next time that the device configuration is pushed from FortiManager
C. he device configuration was changed on both the local FortiGate side and the FortiManager side; auto-update is disabled
D. he changed configuration on the FortiGate will be overwritten in favor of what is on the FortiManager the next time that the device configuration is pushed
View answer
Correct Answer: CD
Question #11
Click the exhibit. You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit. In this scenario, which command will solve this problem?
A. config system interfaceedit Agg1set min-links 2endcorrect
B. config system interfaceedit Agg1set weight 2end
C. config system interfaceedit Agg1set Algorithm L4end
D. config system interfaceedit Agg1set lacp-mode activeend
View answer
Correct Answer: A
Question #12
Exhibit Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?
A. The policy redirects all HTTP URLs to HTTPcorrect
B. The policy redirects all HTTPS URLs to HTT
C. The policy redirects only HTTPS URLs containing the ?/ (
D. The pokey redirects only HTTP URLs containing the?/ (
View answer
Correct Answer: A
Question #13
Exhibit Click the Exhibit button. A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGates to connect to it. However, FortiGates A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect white site A is connected, site A is disconnected. The IKE real time debug shows the output in the exhibit when site A is disconnected. Which configuration setting should be executed in the dial-up configuration to allow both VPNs to be
A. set enforce-unique-id disable
B. set add-router enable
C. set single-source disable
D. set router-overlap allowcorrect
View answer
Correct Answer: D
Question #14
You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.)
A. Make a call with the Web browser on your workstation
B. Make a call with the SoapUPI API tool on your workstation
C. Download the WSDL file from FortiManager administration GUI
D. Make a call with the
View answer
Correct Answer: CD
Question #15
A caf offers free Wi-Fi. Customers portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge. You must protect all customers from any other customers infected devices that join the same SSID. Which step meets the requirement?
A. Enable deep SSH inspection with antivirus and IPS
B. Use a captive portal to redirect unsecured connections such as HTTP and SMTP to their secured equivalents, preventing worms on infected clients from tampering with other customer traffic
C. Use WPA2 encryption and configure a policy on FortiGate to block all traffic between clients
D. Use WPA2 encryption, and enable “Block Intra-SSID Traffic”
View answer
Correct Answer: B
Question #16
Click the Exhibit button. You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware. Referring to the exhibit, which statement is true? [Fortinet-NSE8-810-1.0/xmlfile-11_1.jpg]
A. Incoming and outgoing traffic is offloaded
B. Outgoing traffic is offloaded; you cannot determine if incoming traffic is offloaded at this time
C. Traffic is not offloaded
D. Outgoing traffic is offloaded; incoming traffic not offloaded
View answer
Correct Answer: D
Question #17
You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.)
A. Download the WSDL file from FortiManager administration GUcorrect
B. Make a call with the curl utility on your workstation
C. Make a call with the SoapUI API tool on your workstation
D. Make a call with the Web browser on your workstation
View answer
Correct Answer: AB
Question #18
A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below. -E-mail can only be accepted if a valid e-mail account exists. -Only authenticated users can send e-mails out. Which two actions will satisfy the requirements? (Choose two.)
A. Configure recipient address verification
B. Configure inbound recipient policies
C. Configure outbound recipient policies
D. Configure access control rules
View answer
Correct Answer: DA
Question #19
You are running a diagnose command continuously as traffic flows through a platform with NP6 and you obtain the following output: Given the information shown in the output, which two statements are true? (Choose two.)
A. Enabling bandwidth control between the ISF and the NP will change the output
B. The output is showing a packet descriptor queue accumulated counter
C. Enable HPE shaper for the NP6 will change the output
D. Host-shortcut mode is enabled
E. There are packet drops at the XAUI
View answer
Correct Answer: B
Question #20
Refer to the exhibit. [Fortinet-NSE8-811-1.0/xmlfile-2_1.png] The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met: a€¢ 20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices a€¢ The FortiGate HA must be in AP mode Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)
A. Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave
B. Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave
C. Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B andD
D. Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B andD
View answer
Correct Answer: AC
Question #21
You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack?
A. asymmetric mode
B. aggressive aging mode
C. rate limiting mode
D. blocking mode
View answer
Correct Answer: B
Question #22
Which two methods are supported for importing user defined Lookup Table Data into the FortiSIEM? (Choose two.)
A. Report
B. FTP
C. API
D. SCP
View answer
Correct Answer: AC
Question #23
Click the Exhibit button. You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware. Referring to the exhibit, which statement is true?
A. Incoming and outgoing traffic is offloaded
B. Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time
C. Traffic is not offloaded
D. Outgoing traffic is offloaded: incoming traffic not offloaded
View answer
Correct Answer: D
Question #24
SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high. You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work. What should you configure?
A. Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server
B. Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address
C. Configure two DNS servers and use DNS servers recommended by the two internet providers
D. Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server
View answer
Correct Answer: D

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.