Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Fortinet
  3. Fortinet Network Security Expert
  4. NSE8_812
  5. Network Security Expert 8 Written Exam Questions and Answers

Pass the Fortinet Network Security Expert NSE8_812 Questions and answers with ValidTests

Exam NSE8_812 All Questions
Exam NSE8_812 Premium Access

View all detail and faqs for the NSE8_812 exam

Go to Exam
Viewing page 4 out of 4 pages
Viewing questions 31-40 out of questions
Questions # 31:

SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.

You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.

What should you configure?

Options:

A.

Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server.

B.

Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address.

C.

Configure two DNS servers and use DNS servers recommended by the two internet providers.

D.

Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.

Expert Solution
Questions # 32:

Refer to the exhibit.

Question # 32

Given the exhibit, which two statements about FortiGate FGSP HA cluster behavior are correct? (Choose two.)

Options:

A.

You can run FortiGate Virtual Router Redundancy Protocol (VRRP) high availability in addition to FGSP simultaneously.

B.

Session synchronization occurs over Layer 3 by default, and if unavailable it will then try Layer 2.

C.

You can selectively synchronize only specific sessions between FGSP cluster members.

D.

Cluster members will upgrade one at a time and failover during firmware upgrades.

Questions # 33:

Refer to the exhibit.

Question # 33

The exhibit shows two error messages from a FortiGate root Security Fabric device when you try to configure a new connection to a FortiClient EMS Server.

Referring to the exhibit, which two actions will fix these errors? (Choose two.)

Options:

A.

Verify that the CRL is accessible from the root FortiGate

B.

Export and import the FortiClient EMS server certificate to the root FortiGate.

C.

Install a new known CA on the Win2K16-EMS server.

D.

Authorize the root FortiGate on the FortiClient EMS

Questions # 34:

Refer to The exhibit, which shows a topology diagram.

Question # 34

A customer wants to use SD-WAN for traffic generated from the data center towards Branches. SD-WAN on HUB should follow the underlay condition on each Branch and the solution should be scalable for hundreds of Branches.

Which SD WAN-Rules strategy should be used?

Options:

A.

Manual based on route-tags

B.

Lowest Cost SLA

C.

Auto based on link quality

D.

Best Quality based on route-tags

Questions # 35:

A customer wants to use the FortiAuthenticator REST API to retrieve an SSO group called SalesGroup. The following API call is being made with the 'curl' utility:

Question # 35

Which two statements correctly describe the expected behavior of the FortiAuthenticator REST API? (Choose two.)

Options:

A.

Only users with the "Full permission" role can access the REST API

B.

This API call will fail because it requires that API version 2

C.

If the REST API web service access key is lost, it cannot be retrieved and must be changed.

D.

The syntax is incorrect because the API calls needs the get method.

Questions # 36:

A customer is planning on moving their secondary data center to a cloud-based laaS. They want to place all the Oracle-based systems Oracle Cloud, while the other systems will be on Microsoft Azure with ExpressRoute service to their main data center.

They have about 200 branches with two internet services as their only WAN connections. As a security consultant you are asked to design an architecture using Fortinet products with security, redundancy and performance as a priority.

Which two design options are true based on these requirements? (Choose two.)

Options:

A.

Systems running on Azure will need to go through the main data center to access the services on Oracle Cloud.

B.

Use FortiGate VM for IPSEC over ExpressRoute, as traffic is not encrypted by Azure.

C.

Branch FortiGate devices must be configured as VPN clients for the branches' internal network to be able to access Oracle services without using public IPs.

D.

Two ExpressRoute services to the main data center are required to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge

Questions # 37:

Refer to the exhibit.

Question # 37

A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.

How will the sessions be load balanced between server 1 and server 2 during normal operation?

Options:

A.

Server 1 will receive 25% of the sessions, Server 2 will receive 75% of the sessions

B.

Server 1 will receive 20% of the sessions, Server 2 will receive 66.6% of the sessions

C.

Server 1 will receive 33.3% of the sessions, Server 2 will receive 66 6% of the sessions

D.

Server 1 will receive 0% of the sessions Server 2 will receive 100% of the sessions

Questions # 38:

An automation stitch was configured using an incoming webhook as the trigger named 'my_incoming_webhook'. The action is configured to execute the CLI Script shown:

Question # 38

Options:

A.

data: ‘{ “hostname”: “bad_host_1”, “ip”: [“1.1.1.1”]}’

url: http://192.168.226.129/api/v2/monitor/system/automation-stitch/webhook/my_incoming_webhook

B.

data: ‘{ “hostname”: “bad_host_1”, “ip”: “1.1.1.1”}’

url: http://192.168.226.129/api/v2/monitor/system/automation-stitch/webhook/my_incoming_webhook

C.

data: ‘{ “hostname”: “bad_host_1”, “ip”: [“1.1.1.1”]}’

url: http://192.168.226.129/api/v2/cmdb/system/automation-stitch/webhook/my_incoming_webhook

D.

data: ‘{ “hostname”: “bad_host_1”, “ip”: “1.1.1.1”}’

url:http://192.168.226.129/api/v2/cmdb/system/automation-stitch/webhook/my_incoming_webhook

Questions # 39:

A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic. Which statement about the VoIP configuration options is correct?

Options:

A.

Restricting SIP requests is only possible when using the SIP Session Helper.

B.

Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.

C.

FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.

D.

By default, VoIP traffic will be processed using the SIP Session Helper.

Questions # 40:

Refer to the exhibit, which shows a multi-region SD-WAN architecture.

Question # 40

Given this scenario, which two statements are true? (Choose two.)

Options:

A.

If iBGP is used, cross-regional spoke-to-hub shortcuts can be established.

B.

If eBGP is used, ADVPN can be established for branch-to-branch traffic across regions.

C.

If eBGP is used, ADVPN can be established only for branch-to-branch traffic within each region.

D.

If iBGP is used, cross-regional spoke-to-hub shortcuts cannot be used.

Viewing page 4 out of 4 pages
Viewing questions 31-40 out of questions