Exam Code: NSE8_810 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 8 Written Exam (810)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE8_810 Exam.
Check NSE8_810 free dumps before getting the full version:
NEW QUESTION 1
You need to run a script in FortiManager against several managed FortiGale devices in your organization to install a configuration for a new static route.
Which two scripts will successfully configure the static route on the managed device? (Choose two)
- A. Script 1
- B. Script 2
- C. Script 3
- D. Script 4
NEW QUESTION 2
You have configured an HA cluster with Two FortiGates You want to make sore that you are able to manage the individual duster members using ports3.
Referring to the exhibit, what are two ways to accomplish this task? (Choose two.)
- A. Disable the sync feature on porl3: then configure specific IPs for ports on both cluster members.
- B. Configure port3 to be a dedicated HA management interface, then configure specific IPs for port3 on both cluster members.
- C. Create a management VDOM and Disable the HA synchronization for this VDOM, assign ports to this VDOM, then configure specific IPs for ports on both cluster member.
- D. Allow administrative access in the HA heartbeat interface
NEW QUESTION 3
A FortiGate with the default configuration is deployed between two IP phones. FortiGate receives the INVITE request shown in the exhibit from Phone A (internal) to Phone b (exltrnal).
Which two actions are taken by the FortiGate after the packet is received? (Choose two.)
- A. A pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49169 and 49170.
- B. a pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49l70 and 49171.
- C. The phone A IP address will be translated lo the WAN IP address in all INVITE header fields and the m: field of the SDP statement.
- D. The phone A IP address will be translated for the WAN IP address in all INVITE header fields and the SDP statement remains intact.
NEW QUESTION 4
You configure an outgoing firewall policy with a web filter for accessing the internet. The access to URL https// itacm.co and web belonging to the same category should be blocked. You notice that the Web server presents a certificate with CN=www acme.com. The www.it.acme site is as '' information Technology and the www.acme.com site is categorized as ''Business".
Which statements is correct in this scenario?
- A. Category "information Technology" needs to blocked, the FortiGate is able to inspection the URL with HTTPS sessions.
- B. Category "Business" need a to be block: the certificate name takes precedence over the SNI.
- C. SSL inspection must be configured to deep-inspection: the category "information Technology "needs to be blocked.
- D. Category :information Technology" needs to be blocked, the SNI takes precedence over the certificate nam
NEW QUESTION 5
Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMarf as a high risk?
- A. The high-risk file will be discarded by attachment analysis.
- B. The high-risk tile will go to the system quarantine.
- C. The high-risk file will be received by the recipient.
- D. The high-risk file will be discarded by malware/virus outbreak protectio
NEW QUESTION 6
An old router has been replaced by a FortiWan device. The routers management IP address and now the network administrator to remove the old router from the FortiSIEM configuration.
Which two statements are true about this oper atjon? (Choose two)
- A. FortiSIEM will discover a new device for the FortiWAN with the same IP.
- B. The old router will be completely deleted from FortiSIEM's CMDB.
- C. FotiSEIM needs a special syslog for FortiWAN.
- D. FortiSIM will move the old router device into the Decommission folde
NEW QUESTION 7
You cannot the FortiGales default gateway 10.10.10 .1 from the FortiGate CLI. The FortiGate interface facing the default gateway is wan 1 and its IP address 10.10 .10 K74 During the troubleshooting, tests, you confirmed that you can plug other IP addresses in the 10.10.10. 0/24 subnet from the FortiGAte CLI without packets lost.
Which two CLI commands will help you to troubleshoot this problem? (Choose two.)
- A. diagnose ip arp list
- B. diag aniffer packet wan1 'arp and host 10.10.1O.1'
- C. diagnose hardware deviceinfo nice wan1
- D. diagnose debug flow filter addt 10.10.10.1
- E. diagnose debug flow trace trace 10
NEW QUESTION 8
Your organization has a FortrGate cluster that is connected to two independent ISPs. You must configure the FortiGate failover for a single ISP failure to occur without disruption.
Referring to the exhibit, which two FortiGate BGP features would be used to accomplish this task' (Choose two.)
- A. Enable BFD
- B. Enable EBGP multipath
- C. Enable graceful restart
- D. Enable synchronization
NEW QUESTION 9
Your company has two data center (DC) connected using a Layer 3 network. Service in farm A need to connect to server in farm B as though they all were in the same Layer 2 segment.
- A. Create an IPsec tunnel with transport mode encapsulation.
- B. Create an IPsec tunnel with Mode encapsulation.
- C. Create an IPsec tunnel with VXLAN encapsulation.
- D. Create an IPsec tunnel with VLAN encapsulatio
NEW QUESTION 10
You need to apply the security feature below to the network shown in the exhibit.
-- high grade DDoS protection
-- Web security and load balacng for Server 1 and Server
-- Solution must be PCI DSS compliant'
-- enhanced security to DNS 1 and DNS 2 What are three solutio for the scenario?
- A. FortiWeb forVDOM-A
- B. FortDDoS between FG1 and FG2 and the Internet
- C. FortiADC for VDOM-A
- D. FortADC for VDoM-B
- E. FortiDDoS between FG1 and FG2 and VDOMs
NEW QUESTION 11
You created a custom health-check for your FortiWeb deployment. Referring to the output shown in the exhibit, which statement is true?
- A. The FortiWeb must receive an RST packet from the server.
- B. The FortiWeb must receive an HTTP 200 response code from the server.
- C. The FortiWeb must receive an ICMP Echo Request from the server.
- D. The FortiWeb must match the hash value of the page index htm
NEW QUESTION 12
The FortiAP profile used by the FortiGate managed AP is shown in the exhibit. Which two statements are correct n this scenario? (Choose two.)
- A. All FortiAPs using thre profile will nave Radio 1 scan rogue access points.
- B. Map this profile to SSlDs that you want to be available on the FortiAPs using this profile.
- C. All FortiAPs using this profile will have Radio 1 monitor wireless clients.
- D. Interference will be prevented between FortiAPs using this profile.
NEW QUESTION 13
You are asked implement a single FortiGate 5000 chassis using Session-aware Load Balance Cluster (SLBC) with Active-passive for Controllers have the configuration shown below, with the rest of the configuration set to the default values.
Both FotiController show Master status. What is the problem in this scenario?
- A. The management interface of both FotiControllers was connected on the some network.
- B. The priority should be set higher for ForControllers on slot-1.
- C. The b1 interface the two FortiConrollers do not see each other.
- D. The chassis ID settings on FotiControllers on slot 2 should be set to 2.
NEW QUESTION 14
You configure AV and Web filtering for your outgoing internet connection.
You later notice that not all Web session are being inspection and you start troubleshooting the problem. Referring to the exhibit, what would cause this problem?
- A. The Web session is using QUIC which a not inspected by the FortiGate
- B. These are problem with the connection to the Web filter servers, therefore the Web session cannot be categorized.
- C. The SSL inspection options are not set to inspection
- D. Web filtering is not licensed, therefore no inspection occur
NEW QUESTION 15
A FortiGate configure for a dial IPsec VPN to allow multiple remote FortiGAte to connect to it. However, FortiGAte A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect while site A is connected, site A disconnected. The IKE real time shows debug shoes the output in the exhibit when site A is disconnected.
Which of the following setting should be excluded in the dial-up configuration to allow both to be VPNs to be connected at the same time?
- A. set enforce-unique-id disable
- B. set add-router enable
- C. set single-source disable
- D. set router-overlap allow
NEW QUESTION 16
You created an aggregate interface between your FortiGate and consisting of two 1 GBPs links in the exhibit. However, the maximum bandwidth never exceeds 1 Gbps and employees are complaining that the is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregation interface is shown in the exhibit.
In ths scenario, which command will solve this problem?
- A. Option A
- B. Option B
- C. Option C
- D. Option D
NEW QUESTION 17
Referring to the exhibit, which two statements are true? (Choose two.)
- A. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B.
- B. LAG-1 and LAG 2 should be connected to a single 4-port 802 3ad interface on the FortiGate-A.
- C. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802 3ad trunk on another device.
- D. LAG-1 and LAG-2 should be connected to a 4-port single 802 3ad trunk on another devic
NEW QUESTION 18
You ate asked lo add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack?
- A. aggressive aging mode
- B. rate limiting mode
- C. blocking mode
- D. asymmetric mode
NEW QUESTION 19
You have deployed several perimeter FortiGates wilh terminal segmentation FortiGates befwid them All ForbGale devices are logging to Fortianaluzer. When you search the logs in FortiAnatyzer (or denied traffic,
you see numerous log messages, as shown in the exhibit, on your perimeter FortiGates only. Which two actions would reduce the number pt these log message? (Choose two)
- A. Apply an application control profile lo the perimeter FortiGates that does not inspect DNS traffic to the outbound firewall policy.
- B. Configure the internal ForbGates to communicate to ForpGuard using port 8888.
- C. Disable DNS events logging horn ForirGate In the config log fortianalyser filter section.
- D. Remove DNS signature* <rom the IPS protte appfced to the outbound firewall polic
NEW QUESTION 20
You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud Web site, but all management functions are either missing or grayed out.
Which statement a correct in this scenario?
- A. The managed FcrtGate a running a version of ForflOS that is either too new or too for FortCloud.
- B. The managed FortiGate requires that a FortiCloud management license be purchased and applied.
- C. You must manually configure system control-management on the FortiGate CLI and set the management type to fortiguard.
- D. The management tunnel mode on the managed FortiGate must be changed to norma
NEW QUESTION 21
A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet ftom a new source IP address. Which SYN packet from a new source IP address. Which SYN flood mitigation mode must the customer use?
- A. SYN cookie
- B. SYN/ACK cookie
- C. ACK cookie
- D. SYN retransmission
NEW QUESTION 22
A VPN IPsec is connecting the headerquarters office (HQ) with a branch office OSPF is used to router between the offices. After deployment, a server with IP address 10.10.10.35 located on the DMZ network of the BO FortiGae was reported unreachable from hosts located on the LAN network of the same FortiGate.
Referring to the exhibit, which statement is true?
- A. The ICMP packets are Being blocked by an implicit deny policy.
- B. The incoming access list should have an accept action instead deny action to solve the problem.
- C. A directly connected subnet is being partially superseded by an OSPF redistributed subnet.
- D. Enabling NAT on the VPN firewall policy will solve the proble
NEW QUESTION 23
When deploying a new FortiGate-VMX Security node, an administrator received the error message shown in the exhibit In this scenario, which statement is correct?
- A. The vCenter was not able locate the FortiGate-VMX's OVF file.
- B. The vCenter could not connect to the FortiGate Service Manager
- C. The NSX Manager was not able to connect on the FortiGate Service Manager's RestAPI service.
- D. The FortiGate Service Manager did not have the proper permission to register the FortiGate-VMX Servic
NEW QUESTION 24
Thanks for reading the newest NSE8_810 exam dumps! We recommend you to try the PREMIUM Certleader NSE8_810 dumps in VCE and PDF here: https://www.certleader.com/NSE8_810-dumps.html (60 Q&As Dumps)