It is impossible to pass Fortinet NSE8 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Fortinet NSE8 practice questions. You will get a surprising result by our Improved Fortinet Network Security Expert 8 Written Exam (801) practice guides.
Q33. The output shown in the exhibit from FortiManager is displayed during an import of the device configuration.
Which statement describes the correct action taken for these duplicate objects?
A. The import fails because of the duplicate entries detected which exist in the ADOM database.
B. FortiManager installs these duplicate objects to the managed device from the ADOM database.
C. FortiManager does not import these duplicate entries into the ADOM database because they already exist in the ADOM database.
D. FortiManager creates indexed duplicate entries for these objects in the ADOM database.
Answer: B
Explanation:
References:
http://docs.fortinet.com/uploaded/files/2905/FortiManager-5.4.0-Administration-Guide.pdf
Q34. Your NOC contracts the security team due to a problem with a new application flow. You are instructed to disable hardware acceleration for the policy shown in the exhibit for troubleshooting purposes.
Which command will disable hardware acceleration for the new application policy?
A.
B.
C.
D.
Answer: D
Explanation:
References:
http://docs.fortinet.com/uploaded/files/1607/fortigate-hardware-accel-50.pdf
Q35. Which command detects where a routing path is broken?
A. exec traceroute <destination>
B. exec route ping <destination>
C. diag route null
D. diag debug route <destination>
Answer: A
Q36. You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application.
What are two causes of this problem? (Choose two.)
A. The application control database is not updated.
B. SSL inspection is not enabled.
C. A client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype
D. The FakeSkype.botnet signature is included on your application control sensor.
Answer: A,B
Q37. A customer wants to secure the network shown in the exhibit with a full redundancy design. Which security design would you use?
A. Place a FortiGate FGCP Cluster between DD and AA, then connect it to SW1, SW2, SW3, and SW4.
B. Place a FortiGate FGCP Cluster between BB and CC, then connect it to SW1, SW2, SW3, and SW4.
C. Place a FortiGate FGCP Cluster between BB and AA, then connect it to SW1, SW2, SW3, and SW4.
D. Place a FortiGate FGCP Cluster between DD and FF, then connect it to SW1, SW2, SW3, and SW4.
Answer: A
Q38. A café offers free Wi-Fi. Customers’ portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge. You must protect all customers from any other customers’ infected devices that join the same SSID.
Which step meets the requirement?
A. Enable deep SSH inspection with antivirus and IPS.
B. Use a captive portal to redirect unsecured connections such as HTTP and SMTP to their secured equivalents, preventing worms on infected clients from tampering with other customer traffic.
C. Use WPA2 encryption and configure a policy on FortiGate to block all traffic between clients.
D. Use WPA2 encryption, and enable “Block Intra-SSID Traffic”.
Answer: B
Q39. There is an interface-mode IPsec tunnel configured between FortiGate1 and FortiGate2. You want to run OSPF over the IPsec tunnel. On both FortiGates. the IPsec tunnel is based on physical interface port1. Port1 has the default MTU setting on both FortiGate units.
Which statement is true about this scenario?
A. A multicast firewall policy must be added on FortiGate1 and FortiGate2 to allow protocol 89.
B. The MTU must be set manually in the OSPF interface configuration.
C. The MTU must be set manually on the IPsec interface.
D. An IP address must be assigned to the IPsec interface on FortiGate1 and FortiGate2.
Answer: B
Explanation:
If MTU doesn’t match then the neighbour ship gets stuck in exchange state.
Q40. You are asked to implement a wireless network for a conference center and need to provision a high number of access points to support a large number of wireless client
connections.
Which statement describes a valid solution for this requirement?
A. Use a captive portal for guest access. Use both 2.4 GHz and 5 GHz bands. Enable frequency and access point hand-off. Use more channels, thereby supporting more clients.
B. Use an open wireless network with no portal. Use both 2.4 GHz and 5 GHz bands. Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
C. Use a pre-shared key only for wireless client security. Use the 5 GHz band only for greater security. Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
D. Use a captive portal for guest access. Use both the 2.4 GHz and 5 GHz bands, and configure frequency steering. Configure rogue access point detection in order to automatically control the transmit power of each AP.
Answer: D