High value NSE8 Exam Questions and Answers 2021

Master the content and be ready for exam day success quickly with this . We guarantee it!We make it a reality and give you real in our Fortinet NSE8 braindumps. Latest 100% VALID at below page. You can use our Fortinet NSE8 braindumps and pass your exam.

Online NSE8 free questions and answers of New Version:

NEW QUESTION 1
You are an administrator of FortiGate devices that use FortiManager for central management. You need to add a policy on an ADOM, but upon selecting the ADOM drop- down list, you notice that the ADOM is in locked state. Workflow mode is enabled on your FortiManager to define approval or notification workflow when creating and installing policy changes.
What caused this problem?

  • A. Another administrator has locked the ADOM and is currently working on it.
  • B. There is pending approval waiting from a previous modification.
  • C. You need to use set workspace-mode workflow on the CLI.
  • D. You have read-only permission on Workflow Approve in the administrator profile.

Answer: D

Explanation: http://docs.fortinet.com/uploaded/files/2250/FortiManager-5.2.1-Administration-Guide.pdf

NEW QUESTION 2
A customer wants to install a FortiSandbox device to identify suspicious files received by an e-mail server. All the incoming e-mail traffic to the e-mail server uses the SMTPS protocol.
Which three solutions would be implemented? (Choose three.)

  • A. FortiGate device in transparent mode sending the suspicious files to the FortiSandbox
  • B. FortiSandbox in sniffer input mode
  • C. FortiMail device in gateway mode using the built-in MTA and sending the suspicious files to the FortiSandbox
  • D. FortiMail device in transparent mode acting as an SMTP proxy sending the suspicious files to the FortiSandbox
  • E. FortiGate device in NAT mode sending the suspicious files to the FortiSandbox

Answer: BCE

Explanation: References: http://kb.fortinet.com/kb/documentLink.do?externalID=FD34371

NEW QUESTION 3
The exhibit shows an LDAP server configuration in a FortiGate device.
NSE8 dumps exhibit
The LDAP user, John Smith, has the following LDAP attributes:
NSE8 dumps exhibit
John Smith’s LDAP password is ABC123.
Which CLI command should you use to test the LDAP authentication using John Smith’s credentials?

  • A. diagnose test authserver ldap Lab jsmith ABC123
  • B. diagnose test authserver ldap-direct Lab jsmith ABC123
  • C. diagnose test authserver ldap Lab ‘John Smith’ ABC123
  • D. diagnose test authserver ldap-direct Lab john ABC123

Answer: A

Explanation: References: https://forum.fortinet.com/tm.aspx?m=119178

NEW QUESTION 4
Referring to the command output shown in the exhibit, how many hosts are connected to the FortiGate?
NSE8 dumps exhibit

  • A. 7
  • B. 6
  • C. 2
  • D. 256

Answer: B

Explanation: References:
http://cookbook.fortinet.com/troubleshooting-fortigate-installation/

NEW QUESTION 5
A data center for example.com hosts several separate Web applications. Users authenticate with all of them by providing their Active Directory (AD) login credentials. You do not have access to Example, Inc.’s AD server. Your solution must do the following:
- provide single sign-on (SSO) for all protected Web applications
- prevent login brute forcing
- scan FTPS connections to the Web servers for exploits
- scan Webmail for OWASP Top 10 vulnerabilities such as session cookie hijacking, XSS, and SQL injection attacks
Which solution meets these requirements?

  • A. Apply FortiGate deep inspection to FTP
  • B. It must forward FTPS, HTTP, and HTTPS to FortiWe
  • C. Configure FortiWeb to query the AD server, and apply SSO for Web request
  • D. FortiWeb must forward FTPS directly to the Web servers without inspection, but proxy HTTP/HTTPS and block Web attacks.
  • E. Deploy FortiDDos to block brute force attack
  • F. Configure FortiGate to forward only FTPS, HTTP, and HTTPS to FortiWe
  • G. Configure FortiWeb to query the AD server, and apply SSO for Web request
  • H. Also configure it to scan FTPS and Web traffic, then forward allowed traffic to the Web servers.
  • I. Use FortiGate to authenticate and proxy HTTP/HTTPS; to verify credentials, FortiGate queries the AD serve
  • J. Also configure FortiGate to scan FTPS before forwarding, and to mitigate SYN flood
  • K. Configure FortiWeb to block Web attacks.
  • L. Install FSSO Agent on server
  • M. Configure FortiGate to inspect FTP
  • N. FortiGate will forward FTPS, HTTP, and HTTPS to FortiWe
  • O. FortiWeb must block Web attacks, then forward all traffic to the Web servers.

Answer: D

Explanation: FSSO agent integrate fortigate with AD then inspect bruteforce,FTPS,HTTP, and HTTPS using fortiweb and then forward all traffic to web server.
References:

NEW QUESTION 6
The FortiGate is an IPsec VPN hub. A VPN spoke protecting subnet 192.168.222.0/24 has successfully brought up a tunnel with the FortiGate. This remote network is present in the FortiGate routing table as shown in the exhibit.
NSE8 dumps exhibit
Which statement is true?

  • A. This subnet was learned during quick-mode negotiation and was dynamically injected into the routing table.
  • B. The FortiGate administrator configured this subnet as a locally connected subnet on the “BranchOffice” phase1 interface.
  • C. The route in the exhibit is bound to “BranchOffice_0” which is a tunnel other than “BranchOffice”.
  • D. The FortiGate administrator configured a static route for 192.168.222.0/24.

Answer: B

NEW QUESTION 7
Your marketing department uncompressed and executed a file that the whole department received using Skype.
NSE8 dumps exhibit
Reviewing the exhibit, which two details do you determine from your initial analysis of the payload?

  • A. The payload contains strings that the malware is monitoring to harvest credentials.
  • B. This is a type of Trojan that will download and pirate movies using your Netflix credentials.
  • C. This type of threat of a DDoS attack using instant messaging to send e-mails to further spread the infection.
  • D. This threat payload is uploading private user videos which are then used to extort Bitcoin payments.

Answer: B

NEW QUESTION 8
You are asked to write a FortiAnalyzer report that lists the session that has consumed the most bandwidth. You are required to include the source IP, destination IP, application, application category, hostname, and total bandwidth consumed.
Which dataset meets these requirements?

  • A. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘recbyte “, 0)) as bandwidth from $log where $filter LIMIT 1
  • B. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘recbyte“, 0)) as bandwidth from $log where $filter LIMIT 1
  • C. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘rcvdbyte“, 0)) as bandwidth from $log where $filter LIMIT 1
  • D. select from_itime(itime) as timestamp, sourceip, destip, app, appcat, hostname, sum(coalesce(‘sentbyte’, 0)+coalesce(‘rcvdbyte“, 0)) as bandwidth from $log where $filter LIMIT 1

Answer: C

Explanation: References:
http://docs.fortinet.com/uploaded/files/2617/fortianalyzer-5.2.4-dataset-reference.pdf

NEW QUESTION 9
Given the following FortiOS 5.2 commands:
NSE8 dumps exhibit
Which vulnerability is being addresses when managing FortiGate through an encrypted management protocol?

  • A. Remote Exploit Vulnerability in Bash (ShellShock)
  • B. Information Disclosure Vulnerability in OpenSSL (Heartbleed)
  • C. SSL v3 POODLE Vulnerability
  • D. SSL/TLS MITM vulnerability (CVE-2014-0224)

Answer: C

Explanation: References: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36913

NEW QUESTION 10
A university is looking for a solution with the following requirements:
- wired and wireless connectivity
- authentication (LDAP)
- Web filtering, DLP and application control
- data base integration using LDAP to provide access to those students who are up-to-date with their monthly payments
- support for an external captive portal Which solution meets these requirements?

  • A. FortiGate for wireless controller and captive portalFortiAP for wireless connectivityFortiAuthenticator for user authentication and REST API for DB integrationFortiSwitch for PoE connectivityFortiAnalyzer for log and report
  • B. FortiGate for wireless controllerFortiAP for wireless connectivityFortiAuthenticator for user authentication, captive portal and REST API for DB integrationFortiSwitch for PoE connectivityFortiAnalyzer for log and report
  • C. FortiGate for wireless control and user authenticationFortiAuthenticator for captive portal and REST API for DB integrationFortiAP for wireless connectivityFortiSwitch for PoE connectivityFortiAnalyzer for log and report
  • D. FortiGate for wireless controllerFortiAP for wireless connectivity and captive portalFortiSwitch for PoE connectivityFortiAuthenticator for user authentication and REST API for DB integrationFortiAnalyzer for log and reports

Answer: A

NEW QUESTION 11
Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than expected.
What is the reason for this discrepancy?

  • A. You applied an antivirus profile on some of the policies, and no traffic can be accelerated.
  • B. You disabled all security profiles on some of the firewall policies, and the traffic matching those policies is now accelerated.
  • C. You enabled HA session-pickup, which is turn disabled session accounting.
  • D. You changed from active-passive to active-active, causing the session traffic counters to become inaccurate.

Answer: D

Explanation: Because of Active/Active failover traffic segregate to boxes where it reduces the bandwidth utilization

NEW QUESTION 12
The wireless controller diagnostic output is shown in the exhibit. Which three statements are true? (Choose three.)
NSE8 dumps exhibit

  • A. Firewall policies using device types are blocking Android devices.
  • B. An access control list applied to the VAP interface blocks Android devices.
  • C. This is a CAPWAP control channel diagnostic command.
  • D. There are no wireless clients connected to the guest wireless network.
  • E. The “src-vis” process is active on the staff wireless network VAP interface.

Answer: ACD

Explanation: References:
http://docs.fortinet.com/uploaded/files/1083/fortigate-managing-devices-50.pdf

NEW QUESTION 13
You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any interface.
Which statement about your implementation is true?

  • A. FortiGate populates the MAC address table based on destination addresses of frames received from all 10 VLANs.
  • B. There will be no impact on the STP protocol.
  • C. All 10 VLANs will become a single broadcast domain for the ARP request.
  • D. The ARP request will not be forwarded across the different VLANs domains.

Answer: C

Explanation: References: http://kb.fortinet.com/kb/viewAttachment.do?attachID=Fortigate_Transparent_Mode_Techn ical_Guide_FortiOS_4_0_version1.2.pdf&documentID=FD33113

NEW QUESTION 14
The SECOPS team in your company has started a new project to store all logging data in a disaster recovery center. All FortiGates will log to a secondary FortiAnalyzer and establish a TCP session to send logs to the syslog server.
Which two configurations will achieve this goal? (Choose two.)

  • A. NSE8 dumps exhibit
  • B. NSE8 dumps exhibit
  • C. NSE8 dumps exhibit
  • D. NSE8 dumps exhibit

Answer: AC

Explanation: https://forum.fortinet.com/tm.aspx?m=122848

NEW QUESTION 15
Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate devices? (Choose three.)

  • A. mismatched phase 2 selectors
  • B. mismatched Anti-Replay configuration
  • C. mismatched Perfect Forward Secrecy
  • D. failed Dead Peer Detection negotiation
  • E. mismatched IKE version

Answer: ACE

Explanation: In IPsec negotiations, Perfect Forward Secrecy (PFS) ensures that each new cryptographic key is unrelated to any previous key. Either enable or disable PFS on both the tunnel peers; otherwise, the LAN-to-LAN (L2L) IPsec tunnel is not established

NEW QUESTION 16
You notice that memory usage is high and FortiGate has entered conserve mode. You want FortiGate’s IPS engine to focus only on exploits and attacks that are applicable to your specific network.
Which two steps would you take to reduce RAM usage without weakening security? (Choose two.)

  • A. Configure IPS to pass files that are larger than a specific threshold, instead of buffering and scanning them.
  • B. Reduce the size of the signature three (filters) that FortiGate must search by disabling scans for applications and OS stacks that do not exist on your network.
  • C. Disable application control for protocols that are not used on your network.
  • D. Disable IPS for traffic destined for the FortiGate itself.

Answer: BD

NEW QUESTION 17
You have implemented FortiGate in transparent mode as shown in the exhibit. User1 from the Internet is trying to access the 192.168.10.10 Web servers.
NSE8 dumps exhibit
Which two statements about this scenario are true? (Choose two.)

  • A. User1 would be able to access the Web server intermittently.
  • B. User1 would not be able to access any of the Web servers at all.
  • C. FortiGate learns Web servers MAC address when the Web servers transmit packets.
  • D. FortiGate always flood packets to both Web servers at the same time.

Answer: AC

Explanation: Both servers have same ip address, so there will be intermittent we server connectivity from outside and whichever web server forwards packets fortigate learns its mac address.

NEW QUESTION 18
A customer is authenticating users using a FortiGate and an external LDAP server. The LDAP user, John Smith, cannot authenticate. The administrator runs the debug command diagnose debug application fnbamd 255 while John Smith attempts the authentication:
Based on the output shown in the exhibit, what is causing the problem?
NSE8 dumps exhibit

  • A. The LDAP administrator password in the FortiGate configuration is incorrect.
  • B. The user, John Smith, does have an account in the LDAP server.
  • C. The user, John Smith, does not belong to any allowed user group.
  • D. The user, John Smith, is using an incorrect password.

Answer: A

Explanation: Fortigate not binded with LDAP server because of failed authentication. References:

100% Valid and Newest Version NSE8 Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/NSE8/ (New 65 Q&As)