NSE8_810 Online Practice Questions and Answers

Exhibit

Click the Exhibit button.

The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device.

Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)

A. Traffic that does match any spp policy will not be inspection by this spp.

B. FortiDDos will not send a SYNACK if a SYN packet is coming from an IP address that is not the legtimate IP (LIP) address table.

C. FortiDooS will start dropping packets as soon as the traffic executed the configured maintain threshold.

D. SYN packets with payloads will be drooped.

Click the Exhibit button.

Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?

A. Create an IPsec tunnel with transport mode encapsulation.

B. Create an IPsec tunnel with Mode encapsulation.

C. Create an IPsec tunnel with VXLAN encapsulation.

D. Create an IPsec tunnel with VLAN encapsulation.

Click the Exhibit button.

Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?

A. The high-risk file will be discarded by attachment analysis.

B. The high-risk tile will go to the system quarantine.

C. The high-risk file will be received by the recipient.

D. The high-risk file will be discarded by malware/virus outbreak protection.

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.

- E-mails can only be accepted if a valid e-mail account exists.

-

Only authenticated users can send e-mails out

Which two actions will satisfy the requirements? (Choose two. )

A.

Configure recipient address verification.

B.

Configure inbound recipient policies.

C.

Configure outbound recipient policies.

D.

Configure access control rules.

Click the Exhibit button.

A customer has just finished their Azure deployment to secure a Web application behind a FortiGate and a FortiWeb. Now they want to add components to protect against advanced threats (zero day attacks), centrally manage the entire environment, and centrally monitor Fortinet and non-Fortinet products.

Which Fortinet solutions will satisfy these requirements?

A. Use FotiAnalyzer lor monitor in Azure, FortiSlEM for managemnet, and FortiSandbox for zero day attacks on their local network.

B. Use Fortianalyzer for monitor Azure, FortiSiEM for management, and FortiGate has zero day attacks on their local network.

C. Use FortiManager for management in Azure, FortSIEM for monitoring and FcrtiSandbox for zero day attacks on their local network.

D. Use FortiSIEM for management Azure, FortiManager for management, and FortrGate for zero day attacks on their local network.

You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris.

Which prevention mode on FortiDDoS will protect you against this specific type of attack?

A. aggressive aging mode

B. rate limiting mode

C. blocking mode

D. asymmetric mode

Exhibit

Click the Exhibit button.

A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGates to connect to it.

However, FortiGates A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect white site A is connected, site A is disconnected. The IKE real time debug shows the output in the exhibit when site A is disconnected.

Which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?

A. set enforce-unique-id disable

B. set add-router enable

C. set single-source disable

D. set router-overlap allow

You are building a FortiGala cluster which is stretched over two locations. The HA connections for the cluster are terminated on the data centers. Once the FortiGates have booted, they do form a cluster. The network operators inform you that CRC eoors are present on the switches where the FortiGAtes are connected.

What would you do to solve this problem?

A. Replace the caables where the CRC errors occur.

B. Change the ethertype for the HA packets.

C. Set the speedduplex setting to 1 Gbps /Full Duplex.

D. Place the HA interfaces in dedicated VLANs.

You are asked to implement a single FortiGate 5000 chassis using Session-aware Load Balance Cluster (SLBC) with Active ?Passive FortinControllers. Both FortiControllers have the configuration shown below, with the rest of the configuration set to the default values:

onfig system ha

set mode dual

set password fortinetnse8

set group-id 5

set chassis-id 1

set minimize-chassis-failover enable

set hbdev "b1"

end

Both FortiControllers show Master status. What is the problem in this scenario?

A. The management interface of both FotiControllers was connected on the some network.

B. The priority should be set higher for ForControllers on slot-1.

C. The b1 interface the two FortiConrollers do not see each other.

D. The chassis ID settings on FotiControllers on slot 2 should be set to 2.

Click the Exhibit button.

Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate 瑽 to reach the server.

Which two actions satisfy this requirement? (Choose two.)

A. Use Kerberos authentication.

B. FortiGate-A must generate a RADUIS accounting packets.

C. Use FortiAuthenticator.

D. Use the Collector Agent.