Replace NSE8 testing engine Guide

Exam Code: NSE8 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Fortinet Network Security Expert 8 Written Exam (801)
Certification Provider: Fortinet
Free Today! Guaranteed Training- Pass NSE8 Exam.

Q9. The FortiGate is used as an IPsec gateway at a branch office. Two tunnels, tunA and tunB, are established between this FortiGate and the headquarters’ IPsec gateway. The branch office’s subnet is 10.1.1.0/24. The headquarters’ subnet is 10.2.2.0/24. The desired usage for tunA and tunB has been defined as follows:

- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 must be routed out over tunA when tunA is up

- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 have to be routed out over tunB when tunA is down

- sessions initiated from 10.2.2.0/24 can ingress either on tunA or on tunB Which static routing configuration meets the requirements?

A.  

B.  

C.  

D.  

Answer: C

Q10. Your FortiGate has multiple CPUs. You want to verify the load for each CPU. Which two commands will accomplish this task? (Choose two.)

A. get system performance status

B. diag system mpstat

C. diag system cpu stat

D. diag system top

Answer: A,D

Explanation:

References: http://kb.fortinet.com/kb/documentLink.do?externalID=13825

Q11. You notice that your FortiGate’s memory usage is very high and that the unit’s performance is adversely affected. You want to reduce memory usage.

Which three commands would meet this requirement? (Choose three.)

A.  

B.  

C.  

D.  

E.  

Answer: A,D,E

Q12. The SECOPS team in your company has started a new project to store all logging data in a disaster recovery center. All FortiGates will log to a secondary FortiAnalyzer and establish a TCP session to send logs to the syslog server.

Which two configurations will achieve this goal? (Choose two.)

A.  

B.  

C.  

D.  

Answer: A,C

Explanation:

https://forum.fortinet.com/tm.aspx?m=122848

Q13. Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than expected.

What is the reason for this discrepancy?

A. You applied an antivirus profile on some of the policies, and no traffic can be accelerated.

B. You disabled all security profiles on some of the firewall policies, and the traffic matching those policies is now accelerated.

C. You enabled HA session-pickup, which is turn disabled session accounting.

D. You changed from active-passive to active-active, causing the session traffic counters to become inaccurate.

Answer: D

Explanation:

Because of Active/Active failover traffic segregate to boxes where it reduces the bandwidth utilization

Q14. The exhibit shows an LDAP server configuration in a FortiGate device. 

The LDAP user, John Smith, has the following LDAP attributes:

John Smith’s LDAP password is ABC123.

Which CLI command should you use to test the LDAP authentication using John Smith’s credentials?

A. diagnose test authserver ldap Lab jsmith ABC123

B. diagnose test authserver ldap-direct Lab jsmith ABC123

C. diagnose test authserver ldap Lab ‘John Smith’ ABC123

D. diagnose test authserver ldap-direct Lab john ABC123

Answer: A

Explanation:

References: https://forum.fortinet.com/tm.aspx?m=119178

Q15. You have implemented FortiGate in transparent mode as shown in the exhibit. User1 from the Internet is trying to access the 192.168.10.10 Web servers.

Which two statements about this scenario are true? (Choose two.)

A. User1 would be able to access the Web server intermittently.

B. User1 would not be able to access any of the Web servers at all.

C. FortiGate learns Web servers MAC address when the Web servers transmit packets.

D. FortiGate always flood packets to both Web servers at the same time.

Answer: A,C

Explanation:

Both servers have same ip address, so there will be intermittent we server connectivity from outside and whichever web server forwards packets fortigate learns its mac address.

Q16. The output shown in the exhibit from FortiManager is displayed during an import of the device configuration.

Which statement describes the correct action taken for these duplicate objects?

A. The import fails because of the duplicate entries detected which exist in the ADOM database.

B. FortiManager installs these duplicate objects to the managed device from the ADOM database.

C. FortiManager does not import these duplicate entries into the ADOM database because they already exist in the ADOM database.

D. FortiManager creates indexed duplicate entries for these objects in the ADOM database.

Answer: B

Explanation:

References:

http://docs.fortinet.com/uploaded/files/2905/FortiManager-5.4.0-Administration-Guide.pdf