Fortinet NSE8 Free Practice Questions 2021

Want to know features? Want to lear more about experience? Study . Gat a success with an absolute guarantee to pass Fortinet NSE8 (NSE8) test on your first attempt.

Online Fortinet NSE8 free dumps demo Below:

NEW QUESTION 1
You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application.
What are two causes of this problem? (Choose two.)

  • A. The application control database is not updated.
  • B. SSL inspection is not enabled.
  • C. A client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype
  • D. The FakeSkype.botnet signature is included on your application control sensor.

Answer: AB

NEW QUESTION 2
The output shown in the exhibit from FortiManager is displayed during an import of the device configuration.
Which statement describes the correct action taken for these duplicate objects?
NSE8 dumps exhibit

  • A. The import fails because of the duplicate entries detected which exist in the ADOM database.
  • B. FortiManager installs these duplicate objects to the managed device from the ADOM database.
  • C. FortiManager does not import these duplicate entries into the ADOM database because they already exist in the ADOM database.
  • D. FortiManager creates indexed duplicate entries for these objects in the ADOM database.

Answer: B

Explanation: References:
http://docs.fortinet.com/uploaded/files/2905/FortiManager-5.4.0-Administration-Guide.pdf

NEW QUESTION 3
A FortiGate is deployed in the NAT/Route operation mode. This operation mode operates at which OSI layer?

  • A. Layer 4
  • B. Layer 1
  • C. Layer 3
  • D. Layer 2

Answer: C

NEW QUESTION 4
You have received an issue report about users not being able to use a video conferencing application. This application uses two UDP ports and two TCP ports to communicate with servers on the Internet. The network engineering team has confirmed there is no routing problem. You are given a copy of the FortiGate configuration.
Which three configuration objects will you inspect to ensure that no policy is blocking this traffic? (Choose three.)

  • A. config firewall interface-policy
  • B. config firewall DoS-policy
  • C. config firewall policy
  • D. config firewall multicast-policy
  • E. config firewall sniffer-policy

Answer: BCE

NEW QUESTION 5
You must establish a BGP peering with a service provider. The provider has supplied you with BGP peering parameters and you performed the basic configuration shown in the exhibit on your FortiGate unit. You notice that your peering session is not coming up.
NSE8 dumps exhibit
Which three missing configuration statements are needed to make this configuration functional? (Choose three.)

  • A. NSE8 dumps exhibit
  • B. NSE8 dumps exhibit
  • C. NSE8 dumps exhibit
  • D. NSE8 dumps exhibit
  • E. NSE8 dumps exhibit

Answer: CDE

NEW QUESTION 6
Referring to the exhibit, which statement is true?
NSE8 dumps exhibit

  • A. The packet failed the HMAC validation.
  • B. The packet did not match any of the local IPsec SAs.
  • C. The packet was protected with an unsupported encryption algorithm.
  • D. The IPsec negotiation failed because the SPI was unknown.

Answer: A

Explanation: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33101

NEW QUESTION 7
You are asked to establish a VPN tunnel with a service provider using a third-party VPN device. The service provider has assigned subnet 30.30.30.0/24 for your outgoing traffic going towards the services hosted by the provider on network 20.20.20.0/24. You have multiple computers which will be accessing the remote services hosted by the service provider.
NSE8 dumps exhibit
Which three configuration components meet these requirements? (Choose three.)

  • A. Configure an IP Pool of type Overload for range 30.30.30.10-30.30.30.10. Enable NAT on a policy from your LAN forwards the VPN tunnel and select that pool.
  • B. Configure IPsec phase 2 proxy IDs for a source of 10.10.10.0/24 and destination of 20.20.20.0/24.
  • C. Configure an IP Pool of Type One-to-One for range 30.30.30.10-30.30.30.10. Enable NAT on a policy from your LAN towards the VPN tunnel and select that pool.
  • D. Configure a static route towards the VPN tunnel for 20.20.20.0/24.
  • E. Configure IPsec phase 2 proxy IDs for a source of 30.30.30.0/24 and destination of 20.20.20.0/24.

Answer: CDE

NEW QUESTION 8
A customer wants to secure the network shown in the exhibit with a full redundancy design. Which security design would you use?
NSE8 dumps exhibit

  • A. Place a FortiGate FGCP Cluster between DD and AA, then connect it to SW1, SW2, SW3, and SW4.
  • B. Place a FortiGate FGCP Cluster between BB and CC, then connect it to SW1, SW2, SW3, and SW4.
  • C. Place a FortiGate FGCP Cluster between BB and AA, then connect it to SW1, SW2, SW3, and SW4.
  • D. Place a FortiGate FGCP Cluster between DD and FF, then connect it to SW1, SW2, SW3, and SW4.

Answer: A

NEW QUESTION 9
You want to enable traffic between 2001:db8:1::/64 and 2001:db8:2::/64 over the public IPv4 Internet.
NSE8 dumps exhibit
Given the CLI configuration shown in the exhibit, which two additional settings are required on this device to implement tunneling for the IPv6 transition? (Choose two.)

  • A. IPv4 firewall policies to allow traffic between the local and remote IPv6 subnets.
  • B. IPv6 static route to the destination phase2 destination subnet.
  • C. IPv4 static route to the destination phase2 destination subnet.
  • D. IPv6 firewall policies to allow traffic between the local and remote IPv6 subnets.

Answer: BD

Explanation: References: http://docs.fortinet.com/uploaded/files/1969/IPv6%20Handbook%20for%20FortiOS%205.2. pdf

NEW QUESTION 10
Which VPN protocol is supported by FortiGate units?

  • A. E-LAN
  • B. PPTP
  • C. DMVPN
  • D. OpenVPN

Answer: BC

NEW QUESTION 11
Which command syntax would you use to configure the serial number of a FortiGate as its host name?

  • A. NSE8 dumps exhibit
  • B. NSE8 dumps exhibit
  • C. NSE8 dumps exhibit
  • D. NSE8 dumps exhibit

Answer: AB

Explanation: References:
http://defadhil.blogspot.in/2014/04/how-to- protect-fortigate- from.html

NEW QUESTION 12
Referring to the exhibit, you want to know if aggregating port7 and port22 will work. Which statement is correct?
NSE8 dumps exhibit

  • A. Yes, LACP is supported on all ports regardless if they are connected to the same NP6.
  • B. No, LACP is not supported on NP6 platforms.
  • C. No, LACP is only supported on ports connected to the same NP6.
  • D. Yes, LACP is supported on ports that are linked together with integrated Switch Fabric.

Answer: C

Explanation: References:
http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-hardware-acceleration- 52/NP6.htm

NEW QUESTION 13
A customer wants to implement a RADIUS Single Sign On (RSSO) solution for multiple FortiGate devices. The customer’s network already includes a RADIUS server that can generate the logon and logoff accounting records. However, the RADIUS server can send those records to only one destination.
What should the customer do to overcome this limitation?

  • A. Send the RADIUS records to an LDAP server and add the LDAP server to the FortiGate configuration.
  • B. Send the RADIUS records to an RSSO Collector Agent.
  • C. Send the RADIUS records to one of the FortiGate devices, which can replicate them to the other FortiGate units.
  • D. Use the RADIUS accounting proxy feature available in FortiAuthenticator devices.

Answer: B

Explanation: References:
http://docs.fortinet.com/uploaded/files/1937/fortigate-authentication-52.pdf

NEW QUESTION 14
A company wants to protect against Denial of Service attacks and has launched a new project. They want to block the attacks that go above a certain threshold and for some others they are just trying to get a baseline of activity for those types of attacks so they are
letting the traffic pass through without action. Given the following:
- The interface to the Internet is on WAN1.
- There is no requirement to specify which addresses are being protected or protected from.
- The protection is to extend to all services.
- The tcp_syn_flood attacks are to be recorded and blocked.
- The udp_flood attacks are to be recorded but not blocked.
- The tcp_syn_flood attack’s threshold is to be changed from the default to 1000. The exhibit shows the current DoS-policy.
NSE8 dumps exhibit
Which policy will implement the project requirements?

  • A. NSE8 dumps exhibit
  • B. NSE8 dumps exhibit
  • C. NSE8 dumps exhibit
  • D. NSE8 dumps exhibit

Answer: BD

Explanation: B&D both have same policy which fulfills the above criteria. http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Examples/Example-%20DoS%20Policy.htm

NEW QUESTION 15
You are managing a FortiAnalyzer appliance. After an upgrade, you notice that the unit no longer displays historical logs, reports do not produce any data, and FortiView summary views are empty. However, you notice that the unit is receiving logs on the dashboard widgets.
Which step resolves this problem?

  • A. Execute the CLI command exec sql-local rebuild-db.
  • B. Execute the CLI command diag sql remove hcache.
  • C. Execute the CLI command exec sql-local reinsert-logs.
  • D. Restore the unit settings from a previous backup.

Answer: A

NEW QUESTION 16
You are installing a new FortiAP as shown in the exhibit, however, the FortiAP cannot discover the FortiGate. The FortiAP obtained an IP from the DHCP server and is reachable.
NSE8 dumps exhibit
Which two configurations will resolve the problem? (Choose two.)

  • A. NSE8 dumps exhibit
  • B. NSE8 dumps exhibit
  • C. NSE8 dumps exhibit
  • D. NSE8 dumps exhibit

Answer: BD

Explanation: https://forum.fortinet.com/tm.aspx?m=112739

NEW QUESTION 17
Your FortiGate has multiple CPUs. You want to verify the load for each CPU. Which two commands will accomplish this task? (Choose two.)

  • A. get system performance status
  • B. diag system mpstat
  • C. diag system cpu stat
  • D. diag system top

Answer: AD

Explanation: References: http://kb.fortinet.com/kb/documentLink.do?externalID=13825

NEW QUESTION 18
Virtual Domains (VDOMs) allow a FortiGate administrator to do what?

  • A. Group two or more FortiGate units to form a single virtual device.
  • B. Split a physical FortiGate unit into multiple virtual devices.
  • C. Create multiple VLANs in a single physical interface,
  • D. Group multiple physical interfaces to form a single virtual interface.

Answer: B

Recommend!! Get the Full NSE8 dumps in VCE and PDF From Certleader, Welcome to Download: https://www.certleader.com/NSE8-dumps.html (New 65 Q&As Version)