DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Fortinet NSE8_812 Exam Sample Questions | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
The exhibit shows an explicit Web proxy configuration in a FortiGate device. The FortiGate is installed between a client with the IP address 172.16.10.4 and a Web server using port 80 with the IP address 10.10.3.4. The client Web browser is properly sending HTTP traffic to the FortiGate Web proxy IP address 172.16.10.254. Which two sniffer commands will capture this HTTP traffic? (Choose two.)
A. diagnose sniffer packet any ‘host 172
B. diagnose sniffer packet any ‘host 172
C. diagnose sniffer packet any ‘host 172
D. diagnose sniffer packet any ‘host 172
View answer
Correct Answer: CD
Question #2
Refer to the exhibit. The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met: "¢ 20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices "¢ The FortiGate HA must be in AP mode Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)
A. Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave
B. Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave
C. Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D
D. Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D
View answer
Correct Answer: AC
Question #3
You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.)
A. Download the WSDL file from FortiManager administration GUI
B. Make a call with the curl utility on your workstation
C. Make a call with the SoapUI API tool on your workstation
D. Make a call with the Web browser on your workstation
View answer
Correct Answer: AC
Question #4
Click the Exhibit button. You log into FortiManager, look at the Device Manager window and notice that one of your managed devices is not in normal status. Referring to the exhibit, which two statements correctly describe the affected device’s status and result? (Choose two.)
A. The device configuration was changed on the local FoitiGate side only
B. The device configuration was changed on both the local FortiGate side and the FortiManager side, auto-update is disabled
C. The changed configuration on the FortiGate wrt remain the next time that the device configuration is pushed from ForbManager
D. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiMAnager the next time that the device configuration is pushed
View answer
Correct Answer: BD
Question #5
The dashboard widget indicates that FortiGuard Web Filtering is not reachable. However, AntiVirus, IPS, and Application Control have no problems as shown in the exhibit. You contacted Fortinets customer service and discovered that your FortiGuard Web Filtering contract is still valid for several months. What are two reasons for this problem? (Choose two.)
A. You have another security device in front of FortiGate blocking ports 8888 and 53
B. FortiGuard Web Filtering is not enabled in any firewall policy
C. You did not enable Web Filtering cache under Web Filtering and E-mail Filtering Options
D. You have a firewall policy blocking ports 8888 and 53
View answer
Correct Answer: AB
Question #6
Click the Exhibit button. [Fortinet-NSE8-810-1.0/xmlfile-9_1.png] Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?
A. Create an IPsec tunnel with transport-mode encapsulation
B. Create an IPsec tunnel with tunnel-mode encapsulation
C. Create an IPsec tunnel with VXLAN encapsulation
D. Create an IPsec tunnel with VLAN encapsulation
View answer
Correct Answer: C
Question #7
Which two methods are supported for importing user defined Lookup Table Data into the FortiSIEM? (Choose two.)
A. Report
B. FTP
C. API
D. SCP
View answer
Correct Answer: AC
Question #8
[Fortinet-NSE8-810-1.0/xmlfile-3_1.jpg] Click the Exhibit button. You are working on an entry level model FortiGate that has been configured in flow-based inspection mode with various settings optimized for performance. It default. Your customer has found that some virus samples are not being appears that the main Internet firewall policy is using the antivirus profile labelled caught by the FortiGate. Referring to the exhibit, what is causing the problem? set default-db configuration was set to extreme.
A. The set options scan configuration items should have been changed to set options scan avmonitor
B. The
C. The default AV profile was modified to use quick scan-mode
D. The
View answer
Correct Answer: C
Question #9
Referring to the configuration shown in the exhibit, which three statements are true? (Choose three.)
A. raffic logging is disabled in policy 96
B. CP handshake is completed and no FIN/RST has been forwarded
C. o packet has hit this session in the last five minutes
D. o QoS is applied to this traffic
E. he traffic goes through a VIP applied to policy 96
View answer
Correct Answer: BCE
Question #10
Review the Application Control log.Which configuration caused the IPS engine to generate this log?A.C.D.
A. Option A
B. Option B
C. Option C
D. Option D
View answer
Correct Answer: D
Question #11
Consider the following VDOM configuration: In which two ways can you establish communication between an existing NAT VDOM and a new transparent VDOM? (Choose two.)
A. et the set ip 10
B. et the set ip 10
C. et type ppp to the vdom-link, vlink2
D. et type ethernet to the vdom-link, vlink2
View answer
Correct Answer: BD
Question #12
You want to manage a FortiGate with the FortiCloud service. The FortiGate shows up in your list of devices on the FortiCloud Web site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?
A. The management tunnel mode on the managed FortiGate must be changed to normal
B. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud
C. The managed FortiGate requires that a FortiCloud management license be purchased and applied
D. You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard
View answer
Correct Answer: C
Question #13
Refer to the exhibits.A customer is trying to restore a VPN connection configured on a FortiGate. Exhibits show output during a troubleshooting session when the VPN was working and the current baseline VPN configuration.Which configuration parameters will restore VPN connectivity based on the diagnostic output?A.B.C.D.
A. Option A
B. Option B
C. Option C
D. Option D
View answer
Correct Answer: C
Question #14
A customer is operating a FortiWeb cluster in a high volume active-active HA group consisting of eight FortiWeb appliances. One of the secondary members is handling traffic for one specific VIP. What will happen with the traffic if that secondary FortiWeb appliance fails?
A. Traffic will be redistributed by the primary appliance to the remaining secondary appliances that are configured to handle traffic for that specific VIP
B. Traffic will be redirected to the secondary member with the least number of sessions
C. Traffic will be redistributed by the primary appliance to the remaining secondary appliances
D. Traffic will be redirected to the next appliance in the same traffic group
View answer
Correct Answer: D
Question #15
Refer to the exhibit. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?
A. The policy redirects all HTTPS URLs to HTTP
B. The policy redirects all HTTP URLs to HTTPS
C. The policy redirects only HTTP URLs containing the ^/(
D. The policy redirects only HTTPS URLs containing the ^/(
View answer
Correct Answer: B
Question #16
Refer to the exhibit. What is happening in this scenario?
A. The user is authenticating against a FortiGate Captive Portal
B. The user status changed at FortiClient EMS to off-net
C. The user has not authenticated on their external browser
View answer
Correct Answer: C
Question #17
Anti-Virus Real-Time Protection is enabled without any exclusions. Referring to the exhibit, which two behaviors will the FortiClient endpoint have after receiving the profile update from the FortiClient EMS? (Choose two.)
A. ccess to a downloaded file will always be allowed after 60 seconds when the FortiSandbox is reachable
B. he user will not be able to access a downloaded file for a maximum of 60 seconds if it is not a virus and the FortiSandbox is reachable
C. iles executed from a mapped network drive will not be inspected by the FortiClient endpoint AntiVirus engine
D. f the Real-Time Protection does not detect a virus, the user will be able to access a downloaded file when the FortiSandbox is unreachable
View answer
Correct Answer: AB
Question #18
An HA topology is using the following configuration: Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?
A. 600ms
B. 200mscorrect
C. 300ms
D. 100ms
View answer
Correct Answer: B
Question #19
Refer to the exhibit. [Fortinet-NSE8-811-1.0/xmlfile-7_1.png] You created a custom health-check for your FortiWeb deployment. Given the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server
B. The FortiWeb must receive an HTTP 200 response code from the server
C. The FortiWeb must match the hash value of the page index
D. The FortiWeb must receive an ICMP Echo Request from the server
View answer
Correct Answer: B
Question #20
Click the Exhibit button. Central NAT was configured on a FortiGate firewall. A sniffer shows ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP(VIP) that was configured. Referring to the exhibit, which configuration will ensure that ICMP traffic is also translated?
A. config firewall central-snat-map edit 1 set orig-addr "all" next end
B. config firewall ippool edit "secondry_ip" set arp-intf 'port1' next end
C. config firewall central-snat-map edit 1 unset protocol next end
D. config firewall central-snat-map edit 1 set protocol 1 next end
View answer
Correct Answer: C
Question #21
FortiMail configured with the protected domain "internal lab". Which two envelopes addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)
A. MAIL FROM: traming@fortinet com: RCPT TO: student@fortmet com
B. MAIL FROM student@fortinet com: RCPT TO[email?protected]correct
C. MAIL FROM: trainmg@internallab; RCPT TO student@mternallabcorrect
D. MAIL FROM student@internal lab: RCPT TO[email?protected]
View answer
Correct Answer: BC
Question #22
FortiGate1 has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between FortiGate1 and FortiGate2 is on UDP port 500. A PC on FortuGate2s local area network is sending continuous ping requests over the VPN tunnel to a PC of FortiGate1s local area network. No other traffic is sent over the tunnel. Which statement is true on this scenario?
A. ortiGate1 sends an R-U-THERE packet every 300 seconds while ping traffic is flowing
B. ortiGate1 sends an R-U-THERE packet if pings stop for 300 seconds and no IKE packet is received during this period
C. ortiGate1 sends an R-U-THERE packet if pings stop for 60 seconds and no IKE packet is received during this period
D. ortiGate1 sends an R-U-THERE packet every 60 seconds while ping traffic is flowing
View answer
Correct Answer: C
Question #23
You want to manage a FortiGate with the FortiCloud service. The FortiGate shows up in your list of devices on the FortiCloud Web site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?
A. The management tunnel mode on the managed FortiGate must be changed to normal
B. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud
C. The managed FortiGate requires that a FortiCloud management license be purchased and applied
D. You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard
View answer
Correct Answer: D
Question #24
You have a customer with a SCADA environmental control device that is triggering a false-positive IPS alert whenever the devicea€?s Web GUI is accessed. You cannot seem to create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support. You need to prevent the false positive IPS alerts from occuring. In this scenario, which two actions would accomplish this task? (Choose two.)
A. Create a very granular firewall policy for that devicea€?s IP address which does not perform IPS scanning
B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based
C. Create a URL filter with the
D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection
View answer
Correct Answer: AD
Question #25
Your marketing department uncompressed and executed a file that the whole department received using Skype. [Fortinet-NSE8-8.0/Fortinet-NSE8-10_2.png] Reviewing the exhibit, which two details do you determine from your initial analysis of the payload?
A. The payload contains strings that the malware is monitoring to harvest credentials
B. This is a type of Trojan that will download and pirate movies using your Netflix credentials
C. This type of threat of a DDoS attack using instant messaging to send e-mails to further spread the infection
D. This threat payload is uploading private user videos which are then used to extort Bitcoin payments
View answer
Correct Answer: B
Question #26
Referring to the exhibit, users are reporting that their FortiFones ring but when they pick up, the cannot hear each other. The FortiFones use SIP to communicate with the SIP Proxy Server and RTP between the phones. Which configuration change will resolve the problem?
A.
B.
C.
D.
View answer
Correct Answer: C
Question #27
Review the VPN configuration shown in the exhibit. What is the Forward Error Correction behavior if the SD-WAN network traffic download is 500 Mbps and has 8% of packet loss in the environment?
A. 1 redundant packet for every 10 base packets
B. 3 redundant packet for every 5 base packets
C. 2 redundant packet for every 8 base packets
D. 3 redundant packet for every 9 base packets
View answer
Correct Answer: A
Question #28
Consider the following FortiGate configuration: [Fortinet-NSE8-811-1.0/xmlfile-11_1.png] Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate?
A. block
B. inspect
C. allow
D. ignore
View answer
Correct Answer: D
Question #29
What is the benefit of using FortiGate NAC LAN Segments?
A. It provides support for multiple DHCP servers within the same VLAN
B. It provides physical isolation without changing the IP address of hosts
C. It provides support for IGMP snooping between hosts within the same VLAN
D. It allows for assignment of dynamic address objects matching NAC policy
View answer
Correct Answer: B
Question #30
A FortOS devices is used for termination of VPNs for number of remote spoke VPN units (designated group A spokes) using a phase 1 main mode dial-up tunnel using pre-shared. Your company recently acquired another organization. You are asked establish VPN correctively for the newly acquired organization's sites which new devices will be provisioned (designated Group B spokes). Both exiting (Group A) and new (Group B) spoke units are dynamically addressed. You are asked to ensure that spokes from the acquired
A. implements a new phase 1 dial-up mode tunnel with preshared keys and XAuth
B. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spokes
C. Implement a new phase 1 dial-up main mode tunnel with certificate authentication
D. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer I
E. Use standard policies to filter traffic for the new dial-up tunnel
View answer
Correct Answer: AB

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.