Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Fortinet
  3. Fortinet Network Security Expert
  4. NSE8_812 - Network Security Expert 8 Written Exam

NSE8_812 Exam Dumps - Network Security Expert 8 Written Exam

Go to page:
Question # 9

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.

Which two statements are true regarding the requirements? (Choose two.)

A.

FortiGate can perform SSH access proxy host-key validation.

B.

You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.

C.

SSH traffic is tunneled between the client and the access proxy over HTTPS

D.

Traffic is discarded as ZTNA does not support SSH connection rules

Full Access
Question # 10

Refer to the exhibit.

You are deploying a FortiGate 6000F. The device should be directly connected to a switch. In the future, a new hardware module providing higher speed will be installed in the switch, and the connection to the FortiGate must be moved to this higher-speed port.

You must ensure that the initial FortiGate interface connected to the switch does not affect any other port when the new module is installed and the new port speed is defined.

How should the initial connection be made?

A.

Connect the switch on any interface between ports 21 to 24

B.

Connect the switch on any interface between ports 25 to 28

C.

Connect the switch on any interface between ports 1 to 4

D.

Connect the switch on any interface between ports 5 to 8.

Full Access
Question # 11

You are responsible for recommending an adapter type for NICs on a FortiGate VM that will run on an ESXi Hypervisor. Your recommendation must consider performance as the main concern, cost is not a factor. Which adapter type for the NICs will you recommend?

A.

Native ESXi Networking with E1000

B.

Virtual Function (VF) PCI Passthrough

C.

Native ESXi Networking with VMXNET3

D.

Physical Function (PF) PCI Passthrough

Full Access
Question # 12

Which two statements about bounce address tagging and verification (BATV) on FortiMail are true? (Choose two.)

A.

You must publish the BATV public key as a DNS TXT record.

B.

Emails with an empty sender address will be subjected to bounce verification.

C.

FortiMail will insert the BATV tag to the sender address in the envelope.

D.

BATV will use symmetric keys to verify the bounce address tag.

Full Access
Question # 13

Refer to the exhibits.

An administrator has configured a FortiGate and Forti Authenticator for two-factor authentication with FortiToken push notifications for their SSL VPN login. Upon initial review of the setup, the administrator has discovered that the customers can manually type in their two-factor code and authenticate but push notifications do not work

Based on the information given in the exhibits, what must be done to fix this?

A.

On FG-1 port1, the ftm access protocol must be enabled.

B.

FAC-1 must have an internet routable IP address for push notifications.

C.

On FG-1 CLI, the ftm-push server setting must point to 100.64.141.

D.

On FAC-1, the FortiToken public IP setting must point to 100.64.1 41

Full Access
Question # 14

Refer to the exhibit, which shows an SD-WAN configuration.

You configured the SD-WAN from Branch1 to the HUB and enabled packet duplication. You later notice that the traffic is not being duplicated. In this scenario, what is causing this problem?

A.

There is a mismatch in the FortiOS version between Branch1 and HUB.

B.

Traffic cannot be duplicated over multiple zones.

C.

Packet duplication is not enabled on the HUB side.

D.

Packet duplication did not occur because an interface is out of SLA.

Full Access
Question # 15

Refer to the exhibits, which show a topology and diagnostic commands.

Which two statements about the path resolution are true? (Choose two.)

A.

Latency is the quality criteria.

B.

wan1 is currently used as an outgoing interface.

C.

wan2 is currently used as an outgoing interface.

D.

Packet-loss is the quality criteria.

Full Access
Question # 16

Refer to the exhibit showing FortiGate configurations

FortiManager VM high availability (HA) is not functioning as expected after being added to an existing deployment.

The administrator finds that VRRP HA mode is selected, but primary and secondary roles are greyed out in the GUI The managed devices never show online when FMG-B becomes primary, but they will show online whenever the FMG-A becomes primary.

What change will correct HA functionality in this scenario?

A.

Change the FortiManager IP address on the managed FortiGate to 10.3.106.65.

B.

Make the monitored IP to match on both FortiManager devices.

C.

Unset the primary and secondary roles in the FortiManager CLI configuration so VRRP will decide who is primary.

D.

Change the priority of FMG-A to be numerically lower for higher preference

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps