NSE8_812 Exam Questions

In which two ways can you establish communication between an existing NAT VDOM and a new transparent VDOM? (Choose two.)

You log into FortiManager, access the Device Manager and notice that one of the managed devices is not in normal status. Referring to the exhibit, which two statements correctly de...

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen email protection by applying the policies shown below. - Emails can only be ac...

The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device. Which two statements are true about the traffic matching being inspected by this SP...

FortiMail is configured with the protected domain "internal.lab". Which two envelope addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Cho...

Referring to the exhibit, what is configured on the FortiClient endpoint have after receiving the profile update from the FortiClient EMS? (Choose two.)

A company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they were all in the same Layer 2 segment. R...

You have deployed several perimeter FortiGate devices with internal segmentation FortiGate devices behind them. All FortiGate devices are logging to FortiAnalyzer. When you search...

Which two statements about local authentication are true? (Choose two.)

You are asked to implement a single FortiGate 5000 chassis using Session-aware Load Balance Cluster (SLBC) with Active-Passive FortiControllers. Both FortiControllers have the conf...

You must create a High Availability deployment with two FortiWebs in Amazon Web Services (AWS), each on different Availability Zones (AZ) from the same region. At the same time, ea...

Refer to the exhibit. An administrator wants to implement a multi-chassis link aggregation (MCLAG) solution using two FortiSwitch 448D devices and one FortiGate 3700D. As described...

Refer to the exhibit. Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connect...

A FortiGate is used as a VPN hub for a number of remote spoke VPN units (Group A) spokes using a phase 1 main mode dial-up tunnel and pre-shared keys. You are asked to establish VP...

Central NAT was configured on a FortiGate firewall. A sniffer ICMP packets out to a host on the Internet egresses with the port1 IP address instead of the virtual IP (VIP) that was...

You are working on FortiGate 61E operating in flow-based inspection mode with various settings optimized for performance. The main Internet firewall policy is using the "default" a...

Referring to the exhibit. An organization has a FortiGate cluster that is connected to two independent ISPs. You must configure the FortiGate failover for a single ISP failure to o...

A legacy router has been replaced by a FortiGate device. The FortiGate has inherited the management IP address of the router and now the network administrator needs to remove the r...

You have configured an HA cluster with two FortiGate devices. You want to make sure that you are able to manage the individual cluster members directly using port3. Referring to th...

A cafe offers free Wi-Fi. Customers' portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge. You must protect a...

Given the following FortiOS 5.2 commands: config system global set strong-crypto enable end Which vulnerability is being addresses when managing FortiGate through an encrypted mana...

You an administrator of FortiGate devices that use FortiManager for central management. You need to add a policy on an ADOM, but upon selecting the ADOM drop-down list, you notice...

The FortiGate is used as an IPsec gateway at a branch office. Two tunnels, tunA and tunB, are established between this FortiGate and the headquarters' IPsec gateway. The branch off...

Refer to the Exhibit showing a network diagram and current FortiGate BGP configuration. Which of the following configuration snippets are correct or relevant for this setup?

A customer just bought an additional FortiGate device and plans to use their existing load balancer to distribute traffic across two FortiGate units participating network serving d...

A university is looking for a solution with the following requirements: - wired and wireless connectivity - authentication (LDAP) - Web filtering, DLP and application control - dat...

A customer wants to secure the network shown on the exhibit with a full redundancy design. Which security design would you use?

A customer has the following requirements: - local peers with two Internet links - remote peer with one Internet link - secure traffic between the two peers - granular control with...

How would you apply security to the network shown on the exhibit?

Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)

Referring to the exhibit, users are reporting that their FortiFones ring but when they pick up, the call will hear each other. The FortiFones use SIP to communicate with the SIP Pr...

A company has just installed a new FortiGate in their core to route and inspect traffic between their submitted VLANs. The security department reports that after the installation,...

You have replaced an explicit proxy web filter with a FortiGate. The human resources department requires that all URLs be logged. Users are reporting that their browsers are now in...

You are asked to write a FortiAnalyzer report that lists the session that has consumed the most bandwidth. You are required to include the source IP, destination IP, application, a...

You are managing a FortiAnalyzer appliance. After an upgrade, you notice that the unit no longer displays historical logs, reports do not produce any data, and FortiView summary vi...

You have received an issue report about users not being able to use a video conferencing application. This application uses two UDP ports and two TCP ports to communicate with serv...

You notice that your FortiGate's memory usage is very high and that the unit's performance is adversely affected. You want to reduce memory usage. Which three commands would meet t...

The SECOPS team in your company has started a new project to store all logging data in a disaster recovery center. All FortiGates will log to a secondary FortiAnalyzer and establis...

You have implemented FortiGate on transparent mode as shown on the exhibit. User1 from the Internet is trying to access the 192.168.10.10 Web servers. Which two statements about th...

You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any...

A customer wants to implement a RADIUS Single Sign On (RSSO) solution for multiple FortiGate devices. The customer's network already includes a RADIUS server that can generate the...

Which two features are supported only by FortiMail but not by FortiGate? (Choose two.)

Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it. config router static edit 1 set dst 172.20.168.0...

You are hosting Web applications that must be PCI DSS compliant. The Web applications are protected by a FortiWeb. Compliance will be tested during the quarterly security review. I...

The dashboard widget indicates that FortiGuard Web Filtering is not reachable. However, Antivirus, IPS, and Application Control have no problems as shown in the exhibit. You contac...

A customer is authenticating users using a FortiGate and an external LDAP server. The LDAP user, John Smith, cannot authenticate. The administrator runs the debug command diagnose...

The exhibit shows an explicit Web proxy configuration in a FortiGate device. The FortiGate is installed between a client with the IP address 172.16.10.4 and a Web server using port...

Based on the provided explicit web proxy configuration in the exhibit, which `diagnose sniffer packet` command(s) would correctly capture the relevant traffic for troubleshooting?

Your colleague has enabled virtual clustering to load balance traffic between the cluster units. You notice that all traffic is currently directed to a single FortiGate unit. Your...

A data center for example.com hosts several separate web applications. Users authenticate with all of them by providing their Active Directory (AD) login credentials. You do not ha...