getcertified4sure.com

NSE8 Exam

Top Quality NSE8 preparation labs Reviews & Tips



Exambible offers free demo for NSE8 exam. "Fortinet Network Security Expert 8 Written Exam (801)", also known as NSE8 exam, is a Fortinet Certification. This set of posts, Passing the Fortinet NSE8 exam, will help you answer those questions. The NSE8 Questions & Answers covers all the knowledge points of the real exam. 100% real Fortinet NSE8 exams and revised by experts!

Q1. FortiGate1 has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between FortiGate1 and FortiGate2 is on UDP port 500. A PC on FortuGate2’s local area network is sending continuous ping requests over the VPN tunnel to a PC of FortiGate1’s local area network. No other traffic is sent over the tunnel.

 

Which statement is true on this scenario?

A. FortiGate1 sends an R-U-THERE packet every 300 seconds while ping traffic is flowing.

B. FortiGate1 sends an R-U-THERE packet if pings stop for 300 seconds and no IKE packet is received during this period.

C. FortiGate1 sends an R-U-THERE packet if pings stop for 60 seconds and no IKE packet is received during this period.

D. FortiGate1 sends an R-U-THERE packet every 60 seconds while ping traffic is flowing.

Answer: C

Explanation:

References: http://kb.fortinet.com/kb/documentLink.do?externalID=FD35337


Q2. Your FortiGate has multiple CPUs. You want to verify the load for each CPU. Which two commands will accomplish this task? (Choose two.)

A. get system performance status

B. diag system mpstat

C. diag system cpu stat

D. diag system top

Answer: A,D

Explanation:

References: http://kb.fortinet.com/kb/documentLink.do?externalID=13825


Q3. A customer has the following requirements:

- local peer with two Internet links

- remote peer with one Internet link

- secure traffic between the two peers

- granular control with Accept policies

Which solution provides security and redundancy for traffic between the two peers?

A. a fully redundant VPN with interface mode configuration

B. a partially redundant VPN with interface mode configuration

C. a partially redundant VPN with tunnel mode configuration

D. a fully redundant VPN with tunnel mode configuration

Answer: B


Q4. Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than expected.

What is the reason for this discrepancy?

A. You applied an antivirus profile on some of the policies, and no traffic can be accelerated.

B. You disabled all security profiles on some of the firewall policies, and the traffic matching those policies is now accelerated.

C. You enabled HA session-pickup, which is turn disabled session accounting.

D. You changed from active-passive to active-active, causing the session traffic counters to become inaccurate.

Answer: D

Explanation:

Because of Active/Active failover traffic segregate to boxes where it reduces the bandwidth utilization


Q5. You are asked to write a FortiAnalyzer report that lists the session that has consumed the most bandwidth. You are required to include the source IP, destination IP, application, application category, hostname, and total bandwidth consumed.

Which dataset meets these requirements?

A. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘recbyte “, 0)) as bandwidth from $log where $filter LIMIT 1

B. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘recbyte“, 0)) as bandwidth from $log where $filter LIMIT 1

C. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘rcvdbyte“, 0)) as bandwidth from $log where $filter LIMIT 1

D. select from_itime(itime) as timestamp, sourceip, destip, app, appcat, hostname, sum(coalesce(‘sentbyte’, 0)+coalesce(‘rcvdbyte“, 0)) as bandwidth from $log where $filter LIMIT 1

Answer: C

Explanation:

References:

http://docs.fortinet.com/uploaded/files/2617/fortianalyzer-5.2.4-dataset-reference.pdf


Q6. A customer is authenticating users using a FortiGate and an external LDAP server. The LDAP user, John Smith, cannot authenticate. The administrator runs the debug command diagnose debug application fnbamd 255 while John Smith attempts the authentication:

Based on the output shown in the exhibit, what is causing the problem?

 

A. The LDAP administrator password in the FortiGate configuration is incorrect.

B. The user, John Smith, does have an account in the LDAP server.

C. The user, John Smith, does not belong to any allowed user group.

D. The user, John Smith, is using an incorrect password.

Answer: A

Explanation:

Fortigate not binded with LDAP server because of failed authentication. References:


Q7. The output shown in the exhibit from FortiManager is displayed during an import of the device configuration.

Which statement describes the correct action taken for these duplicate objects?

 

A. The import fails because of the duplicate entries detected which exist in the ADOM database.

B. FortiManager installs these duplicate objects to the managed device from the ADOM database.

C. FortiManager does not import these duplicate entries into the ADOM database because they already exist in the ADOM database.

D. FortiManager creates indexed duplicate entries for these objects in the ADOM database.

Answer: B

Explanation:

References:

http://docs.fortinet.com/uploaded/files/2905/FortiManager-5.4.0-Administration-Guide.pdf


Q8. Your NOC contracts the security team due to a problem with a new application flow. You are instructed to disable hardware acceleration for the policy shown in the exhibit for troubleshooting purposes.

 

Which command will disable hardware acceleration for the new application policy?

A.  

B.  

C.  

D.  

Answer: D

Explanation:

References:

http://docs.fortinet.com/uploaded/files/1607/fortigate-hardware-accel-50.pdf


Q9. Which VPN protocol is supported by FortiGate units?

A. E-LAN

B. PPTP

C. DMVPN

D. OpenVPN

Answer: B,C


Q10. You want to enable traffic between 2001:db8:1::/64 and 2001:db8:2::/64 over the public IPv4 Internet.

 

Given the CLI configuration shown in the exhibit, which two additional settings are required on this device to implement tunneling for the IPv6 transition? (Choose two.)

A. IPv4 firewall policies to allow traffic between the local and remote IPv6 subnets.

B. IPv6 static route to the destination phase2 destination subnet.

C. IPv4 static route to the destination phase2 destination subnet.

D. IPv6 firewall policies to allow traffic between the local and remote IPv6 subnets.

Answer: B,D

Explanation:

References: http://docs.fortinet.com/uploaded/files/1969/IPv6%20Handbook%20for%20FortiOS%205.2. pdf


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.