Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Fortinet NSE8_811 Fortinet NSE 8 Written Exam (NSE8_811) Exam Practice Test

Demo: 9 questions
Total 65 questions

Fortinet NSE 8 Written Exam (NSE8_811) Questions and Answers

Question 1

Click the Exhibit button.

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware.

Referring to the exhibit, which statement is true?

Options:

A.

Incoming and outgoing traffic is offloaded

B.

Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time.

C.

Traffic is not offloaded.

D.

Outgoing traffic is offloaded: incoming traffic not offloaded.

Question 2

You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud Web site, but all management functions are either missing or grayed out.

Which statement a correct in this scenario?

Options:

A.

The managed FcrtGate a running a version of ForflOS that is either too new or too for FortCloud.

B.

The managed FortiGate requires that a FortiCloud management license be purchased and applied.

C.

You must manually configure system control-management on the FortiGate CLI and set the management type to fortiguard.

D.

The management tunnel mode on the managed FortiGate must be changed to normal.

Question 3

Click the exhibit button.

A FortiGate device is configured to authenticate SSL VPN users using digital certificates. Part of the FortiGate configuration is shown in the exhibit.

Which two statements are true in this scenario? (Choose two.)

Options:

A.

The authentication will fail if the OCSP server is down.

B.

OCSP is used to verify that the user-signed certificate has not expired.

C.

The authentication will fail if the certificate does not contain user principle name (UPN) information.

D.

The authentication will fail if the user certificate does not contain the CA_Cert string in the Failed.

Question 4

In a FortiGate 5000 series, two FortiControllers are working as an SLBC cluster in a-p mode. The configuration shown below is applied.

config load-balance session-setup

set tcp-ingress enable

end

When statement is true on how new TCP sessions are handled by the Distributor Processor (DP)?

Options:

A.

The new session added the DP session table is automatically deleted, if the traffic is denied by the processing worker.

B.

No new session is added is the DP session table until the processing worker accepts the traffic.

C.

A new session added m the DP session table remains in the table remain in the traffic is denied by the procession worker.

D.

A new session added in the OP session table remains is the table only if traffic is traffic is accepted by the processing worker.

Question 5

Click the Exhibit button.

A FortiGate with the default configuration is deployed between two IP phones. FortiGate receives the INVITE request shown in the exhibit form Phone A (internal)to Phone B (external). Which two actions are taken by the FortiGate after the packet is received? (Choose two.)

Options:

A.

A pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49169 and 49170.

B.

a pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49l70 and 49171.

C.

The phone A IP address will be translated lo the WAN IP address in all INVITE header fields and the m: field of the SDP statement.

D.

The phone A IP address will be translated for the WAN IP address in all INVITE header fields and the SDP statement remains intact.

Question 6

Your client wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUL and provide different levels of access for different types of employees.

Which three actions required providing the requested functionality? (Choose three.)

Options:

A.

Create a wildcard administrator on the FortiGate.

B.

Enable radius-vdom-override in the CLI.

C.

Create multiple administrator profiles with matching RADIUS VSAs.

D.

Enable accprofile-override in the CLI.

E.

Set the RADIUS authentication type to MS-CHAPv2.

Question 7

A customer wants to integrate their on-premise FortiGate with their Azure infrastructure.

Which two components must be in place to configure the Azure Fabric connector? (Choose two.)

Options:

A.

FortiGate-VM virtual appliance deployed on-premise.

B.

An inbound policy from the Azure FortiGate-VM virtual appliance.

C.

An outbound policy from the Azure FortiGate-VM virtual appliance.

D.

A FortiGate-VM virtual appliance deployed in Azure.

Question 8

Click the Exhibit button.

You have installed a FortiSandbox and configured it in your FortiMail. Referring to the exhibit, which two statements are correct? (Choose two.)

Options:

A.

FortiMail will cache the results for 30 minutes.

B.

FortiMail will wait for 30 minutes to obtain the scan results.

C.

If the FortiSandbox with IP 10.10 10 3 is not available, the e-mail will be checked by the FortiCloud Sandbox.

D.

If FortiMail is not able to obtain the results from the fortiGuard quenes. URls will not be checked by the FortiSandbox.

Question 9

Exhibit

Click the Exhibit button.

The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device.

Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)

Options:

A.

Traffic that does match any spp policy will not be inspection by this spp.

B.

FortiDDos will not send a SYNACK if a SYN packet is coming from an IP address that is not the legtimate IP (LIP) address table.

C.

FortiDooS will start dropping packets as soon as the traffic executed the configured maintain threshold.

D.

SYN packets with payloads will be drooped.

Demo: 9 questions
Total 65 questions