Renew NSE8_810 Free Exam For Fortinet Network Security Expert 8 Written Exam (810) Certification

NEW QUESTION 1
A FortOS devices is used for termination of VPNs for number of remote spoke VPN units (designated group A spokes) using a phase 1 main mode dial-up tunnel using pre-shared. Your company recently acquired another organization. You are asked establish VPN correctively for the newly acquired organization's sites which new devices will be provisioned (designated Group B spokes). Both exiting (Group A) and new (Group B) spoke units are dynamically addressed. You are asked to ensure that spokes from the acquired organization (Group B) have different access permission than your existing VPN spokes (Group A).
Which two solutions meet the represents for the new spoke group? (Choose two.)

• A. implements a new phase 1 dial-up mode tunnel with preshared keys and XAut
• B. Use identity to filter traffic.
• C. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spoke
• D. Use standard policies to filter for the new dial-up tunnel
• E. Implement a new phase 1 dial-up main mode tunnel with certificate authenticatio
• F. Use standard policies to filter for the dial-up tunnel.
• G. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer I
• H. Use standard policies to filter traffic for the new dial-up tunnel.

Answer: AB

NEW QUESTION 2
You have a customer experiencing problem with a legacy L3L4 firewall device and IPV6 SIP VoIP traffic. They devices is dropping SIP packets, consequently, it process SIP voice calls. Which solution would solve the customer's problem?

• A. Deploy a FortiVoice and enable IPv6 SIP.
• B. Replace their legacy device with a FortiGate and configure it to extract information from the body of the IPv6 packet.
• C. Deploy a FotiVoice and enable an IPv6 SIP session helper.
• D. Replace their legacy device with a FortiGate and deploy a FortiVoice to extract information from the body of the IPv6 SIP packet

Answer: A

NEW QUESTION 3
You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.)

• A. Make a call with the Web browser on your workstation.
• B. Make a call with the SoapUl API tool on your workstation.
• C. Download the WSDL file from FortiManager administration GUI.
• D. Make a call with the curl utility on your workstation

Answer: AC

NEW QUESTION 4
Exhibit

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware referring to the exhibit, which statement is true?

• A. Incoming and outgoing traffic is offloaded
• B. Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time.
• C. Traffic is not offloaded.
• D. Outgoing traffic is offloaded: incoming traffic not offloade

Answer: D

NEW QUESTION 5
You have a customer with a SCADA environmental control devices that is trigged a false-positive OPS alert whenever the device's Web GUI is accessed. You cannot seem to create a functional custom IPS filter expert this behavior, and it appears that the device is so old that it does HTTPS support. You need to prevent the false posited IPS alert occurring. In this scenario, which two actions would accomplish this task? (Choose two.)

• A. Create a very granular firewall for that device's IP address which does not perform IPS scanning.
• B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-base
• C. Create a URL filter with the exempt action for that device's IP address.
• D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspectio

Answer: BC

NEW QUESTION 6
A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.
- E-mails can only be accepted if a valid e-mail account exists.
- Only authenticated users can send e-mails out
Which two actions will satisfy the requirements? (Choose two. )

• A. Configure recipient address verification.
• B. Configure inbound recipient policies.
• C. Configure outbound recipient policies.
• D. Configure access control rule

Answer: AC

NEW QUESTION 7
A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet ftom a new source IP address. Which SYN packet from a new source IP address. Which SYN flood mitigation mode must the customer use?

• A. SYN cookie
• B. SYN/ACK cookie
• C. ACK cookie
• D. SYN retransmission

Answer: A

NEW QUESTION 8
Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

• A. The IPv4 traffic for nse8user is filtered using the DNS profile.
• B. The IPv6 traffic for nse8user is filtered using the DNS profile.
• C. The IPv4 policy is allowing security profile groups.
• D. The Web traffic for nse8user is being filtered differently in IPv4 and IPv6.

Answer: BC

NEW QUESTION 9
In a FortiGate 5000 series, two FortiControllers are working as an SLBC cluster in a-p mode. The configuration shown below is applied.

When statement is true on how new TCP sessions are handled by the Distributor Processor (DP).
The new session added the DP session table is automatically deleted, if the traffic is denied by the processing worker.

• A. No new session is added is the DP session table until the processing worker accepts the traffic.
• B. A new session added m the DP session table remains in the table remain in the traffic is denied by the procession worker.
• C. A new session added in the OP session table remains is the table only if traffic is traffic is accepted by the processing worker.

Answer: C

NEW QUESTION 10
Exhibit

When deploying a new FortiGate-VMX Security node, an administrator received the error message shown in the exhibit In this scenario, which statement is correct?

• A. The vCenter was not able locate the FortiGate-VMX's OVF file.
• B. The vCenter could not connect to the FortiGate Service Manager
• C. The NSX Manager was not able to connect on the FortiGate Service Manager's RestAPI service.
• D. The FortiGate Service Manager did not have the proper permission to register the FortiGate-VMX Servic

Answer: C

NEW QUESTION 11
Exhibit

Referring to the exhibit, which two statements are true about local authentication? (Choose two.)

• A. The user will be blocked 15 seconds after five login failures.
• B. When a ClientHello message indicating a renegotiation is received, the FortiGate will allow the TCP connection.
• C. The user's IP address will be blocked 15 seconds after five login failures.
• D. After five minutes, the user will need to re-authenticate.

Answer: BD

NEW QUESTION 12
Exhibit

Only users authenticated in FortiGate-B reach the server. A customer wants to deploy a single sing-on solution for VPN users. Once a user’s is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate-B to reach the server.
Which two actions satisfy this requirement? (Choose two.)

• A. Use Kerberos authentication.
• B. FortiGate-A must generate a RADUIS accounting packets.
• C. Use FortiAuthenticator.
• D. Use the Collector Agen

Answer: CD

NEW QUESTION 13
You have deployed a FortiGate In NAT/Route mode as a secure as a web gateway with a few P-base authentication firewall policies. Your customer reports that some users now have different browsing permission =s from what is expected. All these users are browsing using internet Explorer through Desktop Connection to a Terminal Server. When you took at the Fortigate logs the username for the Terminal Server IP is not consistent.
Which action will correct this problem?

• A. Make sure Terminal Service is using the correct DNS ever.
• B. Configure FSSO Advanced with LDAP integration
• C. Change the FSSO polling mode to windows NetAPI
• D. Install the TSCitrix on the terminal server

Answer: C

NEW QUESTION 14
An organization has one central site And three remote sites. A FotiSIEM has been drafted on the central site and now all devices across the remote sites need to be monitored by the FortiSlEM.
When action would reduce the WAN usage by the monitoring system?

• A. Deploy a single Supervisor on the central site and enable WAN optimize on the WAN gateways.
• B. Install local Collection remote site.
• C. Disable monitoring on the remote sites during the day.
• D. install a Supervisor and a Collector for each remote sit

Answer: C

NEW QUESTION 15
Exhibit

You log into FortiManager, look at the Device Manager window and notice that one of you managed devices is not in normal status.
Referring to the exhibit, which two statements correctly describe the affected device's status and result? (Choose two.)

• A. The device configuration was changed on the local FoitiGate side onl
• B. auto-update is disabled.
• C. The device configuration was changed on both the local FortiGate side and the FortiManager side, auto-update is disabled.
• D. The changed configuration on the FortiGate wrt remain the next time that the device configuration is pushed from ForbManager.
• E. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiMAnager the next time that the device configuration is pushed.

Answer: BD

NEW QUESTION 16
Exhibit

You ate trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of member options. Referring to the exhibit, which statement is correct in this situation?

• A. The FortiGate model being used does not support LAG.
• B. The FortiGate model does not have an Integrated Switch Fabric (ISF).
• C. The FortiGate SFP+ slot does not have the correct module.
• D. The FortiGate interfaces are defective and require replacemen

Answer: B

NEW QUESTION 17
Exhibit

An administrator implements a multi-chassis Link aggregation (MCLAG) solution using two FortiSwitch 448Ds and one FortiGate 3700D.
As described in the topology shown in the exhibit. two Inks are connected to each FortiSwitch. what is required to implement this solution? (Choose two )

• A. a FortiGate with a hardware or a software switch
• B. an ICL link between both FortiSwitches
• C. a disabled FortiLink, split interface
• D. two Link aggregated (LAG) interfaces on the FortiGate side

Answer: AD

NEW QUESTION 18
Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

• A. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B.
• B. LAG-1 and LAG 2 should be connected to a single 4-port 802 3ad interface on the FortiGate-A.
• C. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802 3ad trunk on another device.
• D. LAG-1 and LAG-2 should be connected to a 4-port single 802 3ad trunk on another devic

Answer: CD

NEW QUESTION 19
Exhibit

Your company has two data center (DC) connected using a Layer 3 network. Service in farm A need to connect to server in farm B as though they all were in the same Layer 2 segment.

• A. Create an IPsec tunnel with transport mode encapsulation.
• B. Create an IPsec tunnel with Mode encapsulation.
• C. Create an IPsec tunnel with VXLAN encapsulation.
• D. Create an IPsec tunnel with VLAN encapsulatio

Answer: A

NEW QUESTION 20
Exhibit

You created a custom health-check for your FortiWeb deployment. Referring to the output shown in the exhibit, which statement is true?

• A. The FortiWeb must receive an RST packet from the server.
• B. The FortiWeb must receive an HTTP 200 response code from the server.
• C. The FortiWeb must receive an ICMP Echo Request from the server.
• D. The FortiWeb must match the hash value of the page index htm

Answer: B

NEW QUESTION 21
You deploy a FortiGate device in a remote office based on the requirements shown below.
-- Due to company's security policy, management IP of your FortiGate is not allowed to access the Internet.
-- Apply Web Filtering, Antivirus, IPS and Application control to the protected subnet.
-- Be managed by a central FortiManager in the head office. Which action will help to achieve the requirements?

• A. Configure a default route and make sure that the FortiGate device can pmg to service fortiguard net.
• B. Configure the FortiGuard override server and use the IP address of the FortiManager
• C. Configure the FortiGuard override server and use the IP address of service, fortiguard net.
• D. Configure FortiGate to use FortiGuard Filtering Port 8888.

Answer: B

NEW QUESTION 22
Exhibit

You have installed a FortiSandbox and configured it in your FortiMail. Referring to the exhibit, which two statements are correct? (Choose two.)

• A. FortiMail will cache the results for 30 minutes.
• B. FortiMail will wait for 30 minutes to obtain the scan results.
• C. If the FortiSandbox with IP 10.10 10 3 is not available, the e-mail will be checked by the FortiCloud Sandbox.
• D. If FortiMail is not able to obtain the results from the fortiGuard quene
• E. URls will not be checked by the FortiSandbox.

Answer: BD

NEW QUESTION 23
You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud Web site, but all management functions are either missing or grayed out.
Which statement a correct in this scenario?

• A. The managed FcrtGate a running a version of ForflOS that is either too new or too for FortCloud.
• B. The managed FortiGate requires that a FortiCloud management license be purchased and applied.
• C. You must manually configure system control-management on the FortiGate CLI and set the management type to fortiguard.
• D. The management tunnel mode on the managed FortiGate must be changed to norma

Answer: C

NEW QUESTION 24
......