Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE8_812 - Network Security Expert 8 Written Exam

Fortinet NSE8_812 Premium Access     Download Demo    
Page: 3 / 4
Total 105 questions

A FortiGate deployment contains the following configuration:

What is the result of this configuration?

A.

Route-maps are not configurable in VDOM SERVICES

B.

Route-maps from the Root VDOM configuration are available in VDOM SERVICES

C.

Route-maps from VDOM SERVICES are available in all other VDOMs

D.

Route-maps for VDOM SERVICES are excluded from HA configuration synchronization

Refer to the exhibit.

FortiManager is configured with the Jinja Script under CLI Templates shown in the exhibit.

Which two statements correctly describe the expected behavior when running this template? (Choose two.)

A.

The Jinja template will automatically map the interface with "WAN" role on the managed FortiGate.

B.

The template will work if you change the variable format to $(WAN).

C.

The template will work if you change the variable format to {{ WAN }}.

D.

The administrator must first manually map the interface for each device with a meta field.

E.

The template will fail because this configuration can only be applied with a CLI or TCL script.

Refer to the exhibit.

Given the exhibit, which two statements about FortiGate FGSP HA cluster behavior are correct? (Choose two.)

A.

You can run FortiGate Virtual Router Redundancy Protocol (VRRP) high availability in addition to FGSP simultaneously.

B.

Session synchronization occurs over Layer 3 by default, and if unavailable it will then try Layer 2.

C.

You can selectively synchronize only specific sessions between FGSP cluster members.

D.

Cluster members will upgrade one at a time and failover during firmware upgrades.

SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.

You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.

What should you configure?

A.

Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server.

B.

Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address.

C.

Configure two DNS servers and use DNS servers recommended by the two internet providers.

D.

Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.

Refer to the exhibit showing a FortiSOAR playbook.

You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.

What should be your next step?

A.

Go to the Incident Response tasks dashboard and run the pending actions

B.

Click on the notification icon on FortiSOAR GUI and run the pending input action

C.

Run the Mark Drive by Download playbook action

D.

Reply to the e-mail with the requested Playbook action

Refer to the exhibits.

During the implementation of a Fortinet Security Fabric configuration, CLI commands were issued in the order shown in the exhibit. On the next day, the local admin for FGTC issues the following command:

FGTC # config system csf

set configuration-sync default

end

In this scenario, which outcome is true regarding the "subnet_1" firewall address object on FGTC?

A.

The object will only be automatically created on FGTC if it is modified on FGTA-1.

B.

The object needs to be recreated on FGTA-1 before it is automatically created on FGTC.

C.

The object is not automatically created.

D.

The object is automatically created.

You are performing a packet capture on a FortiGate 2600F with the hyperscale licensing installed. You need to display on screen all egress/ingress packets from the port16 interface that have been offloaded to the NP7.

Which three commands need to be run? (Choose three.)

A.

diagnose npu sniffer filter intf port16

B.

diagnose npu sniffer filter selector 0

C.

diagnose sniffer packet npudbg

D.

diagnose npu sniffer filter dir 2

E.

diagnose sniffer packet port16

An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the OCSP server.

Part of the FortiGate configuration is shown below:

Based on this configuration, which authentication scenario will FortiGate deny?

A.

The user certificate does not contain the OCSP URL.

B.

FortiAuthenticator responds to an OCSP request that the user certificate authority is untrusted.

C.

FortiAuthenticator responds to an OCSP request that the user certificate status is unknown.

Refer to the exhibit.

You are deploying a FortiGate 6000F. The device should be directly connected to a switch. In the future, a new hardware module providing higher speed will be installed in the switch, and the connection to the FortiGate must be moved to this higher-speed port.

You must ensure that the initial FortiGate interface connected to the switch does not affect any other port when the new module is installed and the new port speed is defined.

How should the initial connection be made?

A.

Connect the switch on any interface between ports 21 to 24

B.

Connect the switch on any interface between ports 25 to 28

C.

Connect the switch on any interface between ports 1 to 4

D.

Connect the switch on any interface between ports 5 to 8.

You are designing a setup where the FortiGate device is connected to two upstream ISPs using BGP. Part of the requirement is that you must be able to refresh the route advertisements manually without disconnecting the BGP neighborships.

Which feature must you enable on the BGP neighbors to accomplish this goal?

A.

Synchronization

B.

Deterministic-med

C.

Graceful-restart

D.

Soft-reconfiguration