DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest Fortinet NSE8_812 Free Exam Questions | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack?
A. asymmetric mode
B. aggressive aging mode
C. rate limiting mode
D. blocking mode
View answer
Correct Answer: B
Question #2
In a FortiGate 5000 series, two FortiControllers are working as an SLBC cluster in a-p mode. The configuration shown below is applied. Which statement is true on how new TCP sessions are handled by the Distributor Processor (DP)?
A. he new session added in the DP session table is automatically deleted, if the traffic is denied by the processing worker
B. o new session is added in the DP session table until the processing worker accepts the traffic
C. new session added in the DP session table remains in the table even if the traffic is denied by the processing worker
D. new session added in the DP session table remains in the table only if traffic is accepted by the processing worker
View answer
Correct Answer: C
Question #3
You created an aggregate interface between a FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds 1 Gbps and employees are reporting that the network is slow. After troubleshooting, you notice that only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit. In this scenario, which command will solve this problem? A) B) C) D)
A. Option Acorrect
B. Option B
C. Option C
D. Option D
View answer
Correct Answer: A
Question #4
Refer to the exhibit. A customer is using dynamic routing to exchange the default route between two FortiGate devices using OSPFv2. The output of the get router info ospf neighbor command shows that the neighbor is up, but the default route does not appear in the routing neighbor shown below. According to the exhibit, what is causing the problem?
A. G2 is within the wrong OSPF area
B. SPF requires the redistribution of connected networks
C. here is an OSPF interface network-type mismatch
D. prefix for the default route is missing
View answer
Correct Answer: C
Question #5
You have replaced an explicit proxy Web filter with a FortiGate. The human resources department requires that all URLs be logged. Users are reporting that their browsers are now indicating certificate errors as shown in the exhibit. Which step is a valid solution to the problem?
A. ake sure that the affected users’ browsers are no longer set to use the explicit proxy
B. mport the FortiGate’s SSL CA certificate into the Web browsers
C. hange the Web filter policies on the FortiGate to only do certificate inspection
D. ake a Group Policy to install the FortiGates SSL certificate as a trusted host certificate on the Web browser
View answer
Correct Answer: D
Question #6
Click the Exhibit button. Referring to the exhibit, which two statements are true about local authentication? (Choose two.)
A. The user will need to re-authenticate after five minutes
B. The user will be blocked 15 seconds after five login failures
C. The user's IP address will be blocked 15 seconds after five login failures
D. The FortiGate will allow the TCP connection when a ClientHello message indicating a renegotiation is received
View answer
Correct Answer: AC
Question #7
A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below. "¢ E-mails can only be accepted if a valid e-mail account exists. "¢ Only authenticated users can send e-mails out. Which two actions will satisfy the requirements? (Choose two.)
A. onfigure recipient address verification
B. onfigure inbound recipient policies
C. onfigure outbound recipient policies
D. onfigure access control rules
View answer
Correct Answer: AD
Question #8
Refer to the exhibit. Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?
A. he high-risk file will be discarded by attachment analysis
B. he high-risk file will go to the system quarantine
C. he high-risk file will be received by the recipient
D. he high-risk file will be discarded by malware/virus outbreak protection
View answer
Correct Answer: D
Question #9
A customer is authenticating users using a FortiGate and an external LDAP server. The LDAP user, John Smith, cannot authenticate. The administrator runs the debug command diagnose debug application fnbamd 255 while John Smith attempts the authentication: Based on the output shown in the exhibit, what is causing the problem?
A. The LDAP administrator password in the FortiGate configuration is incorrect
B. The user, John Smith, does have an account in the LDAP server
C. The user, John Smith, does not belong to any allowed user group
D. The user, John Smith, is using an incorrect password
View answer
Correct Answer: D
Question #10
Referring to the command output shown in the exhibit, how many hosts are connected to the FortiGate?
A.
B.
C.
D. 56
View answer
Correct Answer: B
Question #11
You are building a FortiGate cluster which is stretched over two locations. The HA connections for the cluster are terminated on the local switches in the data centers. Once the FortiGate devices have booted, they do not form a cluster. The network operators inform you that CRC errors are present on the switches where the FortiGate devices are connected. What should you do to solve this problem?
A. Set the speed/duplex setting to 1 Gbps / Full Duplex
B. Replace the cables where the CRC errors occur
C. Place the HA interfaces in dedicated VLANs
D. Change the ethertype for the HA packets
View answer
Correct Answer: D
Question #12
Consider the following FortiGate configuration: Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate?
A. block
B. inspect
C. allow
D. ignorecorrect
View answer
Correct Answer: D
Question #13
A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGate devices to connect to it. However, FortiGate A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect while site A is connected, site A is disconnected. The IKE real-time debug shows the output in the exhibit when site A is disconnected. Referring to the exhibit, which configuration setting should be executed in the dial-up configuration to allow both VPNs to be co
A. set route-overlap allowcorrect
B. set single-source disable
C. set enforce-unique-id disable
D. set add-route enable
View answer
Correct Answer: A
Question #14
Click the Exhibit button. Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?
A. Create an IPsec tunnel with transport mode encapsulation
B. Create an IPsec tunnel with Mode encapsulation
C. Create an IPsec tunnel with VXLAN encapsulation
D. Create an IPsec tunnel with VLAN encapsulation
View answer
Correct Answer: C
Question #15
Refer to the exhibit. You are operating an internal network with multiple OSPF routers on the same LAN segment. FGT_3 needs to be added to the OSPF network and has the configuration shown in the exhibit. FGT_3 is not establishing any OSPF connection. What needs to be changed to the configuration to make sure FGT_3 will establish OSPF neighbors without affecting the DR/BDR election? A) B) C) D)
A. Option A
B. Option Bcorrect
C. Option C
D. Option D
View answer
Correct Answer: B
Question #16
You are building a FortiGate cluster which is stretched over two locations. The HA connections for the cluster are terminated on the local switches in the data centers. Once the FortiGate devices have booted, they do not form a cluster. The network operators inform you that CRC errors are present on the switches where the FortiGate devices are connected. What should you do to solve this problem?
A. Set the speed/duplex setting to 1 Gbps / Full Duplex
B. Replace the cables where the CRC errors occur
C. Place the HA interfaces in dedicated VLANs
D. Change the ethertype for the HA packets
View answer
Correct Answer: D
Question #17
A company has just rolled out new remote sites and now you need to deploy a single firewall policy to all of these sites to allow Internet access using FortiManager. For this particular firewall policy, the source address object is called LAN, but its value will change according to the site the policy is being installed. Which statement about creating the object LAN is correct?
A. Create a new object called LAN and set meta-fields per remote site
B. Create a new object called LAN and enable per-device mapping
C. Create a new object called LAN and use it as a variable on a TCL script
D. Create a new object called LAN and promote it to the global database
View answer
Correct Answer: B
Question #18
[Fortinet-NSE8-8.0/Fortinet-NSE8-7_2.png] Referring to the exhibit, you want to know if aggregating port7 and port22 will work. Which statement is correct?
A. Yes, LACP is supported on all ports regardless if they are connected to the same NP6
B. No, LACP is not supported on NP6 platforms
C. No, LACP is only supported on ports connected to the same NP6
D. Yes, LACP is supported on ports that are linked together with integrated Switch Fabric
View answer
Correct Answer: C
Question #19
Refer to the exhibit. [Fortinet-NSE8-811-1.0/xmlfile-10_1.png] A FortiGate device is configured to authenticate SSL VPN users using digital certificates. A partial FortiGate configuration is shown in the exhibit. Referring to the exhibit, which two statements about this configuration are true? (Choose two.)
A. The authentication will fail if the user certificate does not contain the user principal name (UPN) information
B. The authentication will fail if the user certificate does not contain the CA_Cert string in the CA field
C. The authentication will fail if the OCSP server is down
D. OCSP is used to verify that the user-signed certificate has not expired
View answer
Correct Answer: AC
Question #20
[Fortinet-NSE8-8.0/Fortinet-NSE8-9_2.png] The wireless controller diagnostic output is shown in the exhibit. Which three statements are true? (Choose three.)
A. Firewall policies using device types are blocking Android devices
B. An access control list applied to the VAP interface blocks Android devices
C. This is a CAPWAP control channel diagnostic command
D. There are no wireless clients connected to the guest wireless network
E. The “src-vis” process is active on the staff wireless network VAP interface
View answer
Correct Answer: ACD
Question #21
You are asked to implement a wireless network for a conference center and need to provision a high number of access points to support a large number of wireless client connections. Which statement describes a valid solution for this requirement?
A. se a captive portal for guest access
B. se an open wireless network with no portal
C. se a pre-shared key only for wireless client security
D. se a captive portal for guest access
View answer
Correct Answer: D
Question #22
You want to manage a FortiGate with the FortiCloud service. The FortiGate shows up in your list of devices on the FortiCloud Web site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?
A. The management tunnel mode on the managed FortiGate must be changed to normal
B. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud
C. The managed FortiGate requires that a FortiCloud management license be purchased and applied
D. You must manually configure system central-managementon the FortiGate CLI and set the management type to fortiguard
View answer
Correct Answer: D
Question #23
Review the VPN configuration shown in the exhibit.
A. 1 redundant packet for every 10 base packets
B. 3 redundant packet for every 5 base packets
C. 2 redundant packet for every 8 base packetscorrect
D. 3 redundant packet for every 9 base packets
View answer
Correct Answer: C
Question #24
Click the Exhibit button. You created a custom health-check for your FortiWeb deployment. Referring to the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server
B. The FortiWeb must receive an HTTP 200 response code from the server
C. The FortiWeb must receive an ICMP Echo Request from the server
D. The FortiWeb must match the hash value of the page index html
View answer
Correct Answer: BC
Question #25
A FortiGate with the default configuration shown below is deployed between two IP telephones. FortiGate receives the INVITE request shown in the exhibit from Phone A (internal) to Phone B (external). NVITE sip: [email?protected] SIP/2.0 Via: SIP/2.0/UDP 10.31.101.20:5060 From: PhoneA To: PhoneB Call-ID: [email?protected] - CSeq: 1 INVITE - Contact: sip: [email?protected] v=0 o=PhoneA 5462346 332134 IN IP4 10.31.101.20 c=IN IP4 10.31.101.20 m=audio 49170 RT
A. AT takes place only in the SIP application layer
B. pinhole will be opened to accept traffic sent to the FortiGate WAN IP address
C. AT takes place at both the network and SIP application layers
D. pinhole is not required to accept traffic sent to the FortiGate WAN IP address
View answer
Correct Answer: BC
Question #26
Given the following error message: FortiManager fails to import policy ID 1. What is the problem?
A. ortiManager already has Address LAN which has interface mapping set to internal in its database, it is contradicting with the STUDENT-2 FortiGate device which has address LAN mapped to any
B. ortiManager already has address LAN which has interface mapping set to “any” in its database; this conflicts with the STUDENT-2 FortiGate device which has address “LAN” mapped to “internal”
C. olicy ID 1 for this managed FortiGate device already exists on the FortiManager policy package named STUDENT-2
D. olicy ID 1 does not have interface mapping on FortiManager
View answer
Correct Answer: D
Question #27
[Fortinet-NSE8-810-1.0/xmlfile-7_1.jpg] Click the Exhibit button. You created a custom health-check for your FortiWeb deployment. Referring to the output shown in the exhibit, which statement is true?
A. The FortiWeb must receive an RST packet from the server
B. The FortiWeb must receive an HTTP 200 response code from the server
C. The FortiWeb must receive an ICMP Echo Request from the server
D. The FortiWeb must match the hash value of the page index html
View answer
Correct Answer: BC
Question #28
You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application. What are two causes of this problem? (Choose two.)
A. he application control database is not updated
B. SL inspection is not enabled
C. client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype
D. he FakeSkype
View answer
Correct Answer: AB
Question #29
You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud Web site, but all management functions are either missing or grayed out. Which statement a correct in this scenario?
A. The managed FcrtGate a running a version of ForflOS that is either too new or too for FortCloud
B. The managed FortiGate requires that a FortiCloud management license be purchased and applied
C. You must manually configure system control-management on the FortiGate CLI and set the management type to fortiguard
D. The management tunnel mode on the managed FortiGate must be changed to normal
View answer
Correct Answer: C
Question #30
Refer to the exhibit. You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration: FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?
A. Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate
B. Objects from the root FortiGate will only be synchronized to FGT_2
C. Objects from the root FortiGate will not be synchronized to any downstream FortiGate
D. Objects from the root FortiGate will only be synchronized to FGT_3
View answer
Correct Answer: D

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.