Our pass rate is high to 98.9% and the similarity percentage between our NSE8 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Fortinet NSE8 exam in just one try? I am currently studying for the Fortinet NSE8 exam. Latest Fortinet NSE8 Test exam practice questions and answers, Try Fortinet NSE8 Brain Dumps First.
Q25. The dashboard widget indicates that FortiGuard Web Filtering is not reachable. However, AntiVirus, IPS, and Application Control have no problems as shown in the exhibit.
You contacted Fortinet’s customer service and discovered that your FortiGuard Web Filtering contract is still valid for several months.
What are two reasons for this problem? (Choose two.)
A. You have another security device in front of FortiGate blocking ports 8888 and 53.
B. FortiGuard Web Filtering is not enabled in any firewall policy.
C. You did not enable Web Filtering cache under Web Filtering and E-mail Filtering Options.
D. You have a firewall policy blocking ports 8888 and 53.
Answer: B,D
Explanation:
If Web filtering shows unreachable then we have to verify, whether web filtering enabled in security policies or not.
Web filtering enabled in a policy but the port 8888 and 53 are not selected, means the policy blocking the ports.
References:
Q26. You are asked to write a FortiAnalyzer report that lists the session that has consumed the most bandwidth. You are required to include the source IP, destination IP, application, application category, hostname, and total bandwidth consumed.
Which dataset meets these requirements?
A. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘recbyte “, 0)) as bandwidth from $log where $filter LIMIT 1
B. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘recbyte“, 0)) as bandwidth from $log where $filter LIMIT 1
C. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(‘sentbyte”, 0) +coalesce(‘rcvdbyte“, 0)) as bandwidth from $log where $filter LIMIT 1
D. select from_itime(itime) as timestamp, sourceip, destip, app, appcat, hostname, sum(coalesce(‘sentbyte’, 0)+coalesce(‘rcvdbyte“, 0)) as bandwidth from $log where $filter LIMIT 1
Answer: C
Explanation:
References:
http://docs.fortinet.com/uploaded/files/2617/fortianalyzer-5.2.4-dataset-reference.pdf
Q27. Referring to the exhibit, which statement is true?
A. The packet failed the HMAC validation.
B. The packet did not match any of the local IPsec SAs.
C. The packet was protected with an unsupported encryption algorithm.
D. The IPsec negotiation failed because the SPI was unknown.
Answer: A
Explanation:
http://kb.fortinet.com/kb/viewContent.do?externalId=FD33101
Q28.
Given the following error message:
FortiManager fails to import policy ID 1. What is the problem?
A. FortiManager already has Address LAN which has interface mapping set to “internal” in its database, it is contradicting with the STUDENT-2 FortiGate device which has address LAN mapped to “any”.
B. FortiManager already has address LAN which has interface mapping set to “any” in its database; this conflicts with the STUDENT-2 FortiGate device which has address “LAN”
mapped to “internal”.
C. Policy ID 1 for this managed FortiGate device already exists on the FortiManager policy package named STUDENT-2.
D. Policy ID 1 does not have interface mapping on FortiManager.
Answer: D
Explanation:
References: http://kb.fortinet.com/kb/documentLink.do?externalID=FD38544
Q29. You want to enable traffic between 2001:db8:1::/64 and 2001:db8:2::/64 over the public IPv4 Internet.
Given the CLI configuration shown in the exhibit, which two additional settings are required on this device to implement tunneling for the IPv6 transition? (Choose two.)
A. IPv4 firewall policies to allow traffic between the local and remote IPv6 subnets.
B. IPv6 static route to the destination phase2 destination subnet.
C. IPv4 static route to the destination phase2 destination subnet.
D. IPv6 firewall policies to allow traffic between the local and remote IPv6 subnets.
Answer: B,D
Explanation:
References: http://docs.fortinet.com/uploaded/files/1969/IPv6%20Handbook%20for%20FortiOS%205.2. pdf
Q30. You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any interface.
Which statement about your implementation is true?
A. FortiGate populates the MAC address table based on destination addresses of frames received from all 10 VLANs.
B. There will be no impact on the STP protocol.
C. All 10 VLANs will become a single broadcast domain for the ARP request.
D. The ARP request will not be forwarded across the different VLANs domains.
Answer: C
Explanation:
References: http://kb.fortinet.com/kb/viewAttachment.do?attachID=Fortigate_Transparent_Mode_Techn ical_Guide_FortiOS_4_0_version1.2.pdf&documentID=FD33113
Q31. You want to enable traffic between 2001:db8:1::/64 and 2001:db8:2::/64 over the public IPv4 Internet.
Given the CLI configuration shown in the exhibit, which two additional settings are required on this device to implement tunneling for the IPv6 transition? (Choose two.)
A. IPv4 firewall policies to allow traffic between the local and remote IPv6 subnets.
B. IPv6 static route to the destination phase2 destination subnet.
C. IPv4 static route to the destination phase2 destination subnet.
D. IPv6 firewall policies to allow traffic between the local and remote IPv6 subnets.
Answer: B,D
Explanation:
References: http://docs.fortinet.com/uploaded/files/1969/IPv6%20Handbook%20for%20FortiOS%205.2. pdf
Q32. Which command syntax would you use to configure the serial number of a FortiGate as its host name?
A.
B.
C.
D.
Answer: A,B
Explanation: References:
http://defadhil.blogspot.in/2014/04/how-to- protect-fortigate- from.html