Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet NSE8_812 - Network Security Expert 8 Written Exam

Page: 1 / 4
Total 105 questions

A customer is operating a FortiWeb cluster in a high volume active-active HA group consisting of eight FortiWeb appliances. One of the secondary members is handling traffic for one specific VIP.

What will happen with the traffic if that secondary FortiWeb appliance fails?

A.

Traffic will be redirected to the next appliance in the same traffic group.

B.

Traffic will be redistributed by the primary appliance to the remaining secondary appliances.

C.

Traffic will be redistributed by the primary appliance to the remaining secondary appliances that are configured to handle traffic for that specific VIP.

D.

Traffic will be redirected to the secondary member with the least number of sessions.

A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic. Which statement about the VoIP configuration options is correct?

A.

Restricting SIP requests is only possible when using the SIP Session Helper.

B.

Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.

C.

FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.

D.

By default, VoIP traffic will be processed using the SIP Session Helper.

Refer to the exhibit.

You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:

FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?

A.

Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.

B.

Objects from the root FortiGate will only be synchronized to FGT__2.

C.

Objects from the root FortiGate will not be synchronized to any downstream FortiGate.

D.

Objects from the root FortiGate will only be synchronized to FGT_3.

Refer to the exhibits.

A customer has deployed a FortiGate with iBGP and eBGP routing enabled. HQ is receiving routes over eBGP from ISP 2; however, only certain routes are showing up in the routing table-Assume that BGP is working perfectly and that the only possible modifications to the routing table are solely due to the prefix list that is applied on HQ.

Given the exhibits, which two routes will be active in the routing table on the HQ firewall? (Choose two.)

A.

172.16.204.128/25

B.

172.16.201.96/29

C.

172,620,64,27

D.

172.16.204.64/27

Refer to the exhibit.

You have been tasked with replacing the managed switch Forti Switch 2 shown in the topology.

Which two actions are correct regarding the replacement process? (Choose two.)

A.

After replacing the FortiSwitch unit, the automatically created trunk name does not change

B.

CLAG-ICL needs to be manually reconfigured once the new switch is connected to the FortiGate

C.

After replacing the FortiSwitch unit, the automatically created trunk name changes.

D.

MCLAG-ICL will be automatically reconfigured once the new switch is connected to the FortiGate.

You must configure an environment with dual-homed servers connected to a pair of FortiSwitch units using an MCLAG.

Multicast traffic is expected in this environment, and you should ensure unnecessary traffic is pruned from links that do not have a multicast listener.

In which two ways must you configure the igmps-f lood-traffic and igmps-flood-report settings? (Choose two.)

A.

disable on ICL trunks

B.

enable on ICL trunks

C.

disable on the ISL and FortiLink trunks

D.

enable on the ISL and FortiLink trunks

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.

Which two statements are true regarding the requirements? (Choose two.)

A.

FortiGate can perform SSH access proxy host-key validation.

B.

You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.

C.

SSH traffic is tunneled between the client and the access proxy over HTTPS

D.

Traffic is discarded as ZTNA does not support SSH connection rules

An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the OCSP server.

Part of the FortiGate configuration is shown below:

Based on this configuration, which authentication scenario will FortiGate deny?

A.

The user certificate does not contain the OCSP URL.

B.

FortiAuthenticator responds to an OCSP request that the user certificate authority is untrusted.

C.

FortiAuthenticator responds to an OCSP request that the user certificate status is unknown.

Refer to the exhibit, which shows a FortiGate configuration snippet.

A customer in Costa Rica has a FortiGate with SD-WAN configured to use a VPN connection to the United States to browse the internet using a public IP from that country. They would like to enable the SD-WAN rule using a webhook.

Which configuration must be added to the FortiGate, and which type of HTTP request must be used to accomplish this? (Choose two.)

A.

B.

C.

D.

A customer's cybersecurity department needs to implement security for the traffic between two VPCs in AWS, but these belong to different departments within the company. The company uses a single region for all their VPCs.

Which two actions will achieve this requirement while keeping separate management of each department's VPC? (Choose two.)

A.

Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use routing tables to force traffic through the FortiGate cluster.

B.

Create an 1AM account for the cybersecurity department to manage both existing VPC, create a FortiGate HA Cluster on each VPC and IPSEC VPN to force traffic between the VPCs through the FortiGate clusters

C.

Migrate all the instances to the same VPC and create 1AM accounts for each department, then implement a new subnet for a FortiGate auto-scaling group and use routing tables to force the traffic through the FortiGate cluster.

D.

Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPC to force routing through the FortiGate cluster