Download Fortinet Network Security Expert 8 Written Exam (NSE8 810 - FortiOS 5.6).NSE8_810.PremDumps.2019-04-20.39q.vcex

Vendor: Fortinet
Exam Code: NSE8_810
Exam Name: Fortinet Network Security Expert 8 Written Exam (NSE8 810 - FortiOS 5.6)
Date: Apr 20, 2019
File Size: 2 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
You want to manage a FortiGate with the FortiCloud service.  
The FortiGate shows up in your list of devices on the FortiGate Web Site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?
  1. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud.
  2. The managed FortiGate requires that a FortiCloud management license be purchased and applied.
  3. You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard.
  4. The management tunnel mode on the managed FortiGate must be changed to normal.
Correct answer: C
Question 2
FortiMail is configured with the protected domain “internal.lab”.  
Which two envelope addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)
  1. MAIL FROM: student@ internal.lab;RCPT TO;[email protected]
Correct answer: BC
Question 3
You deploy a FortiGate device in a remote office based on the requirements shown below.  
  • Due to company’s security policy, management IP of your FortiGate is not allowed to access the Internet.  
  • Apply Web Filtering, AntiVirus, IPS and Application control to the protected subnet.  
  • Be managed by a central FortiManager on the head office.  
Which action will help to achieve the requirements?
  1. Configure a default route and make sure that the FortiGate device can ping to service.fortiguard.net
  2. Configure the FortiGuard override server and use the IP address of the FortiManager.
  3. Configure the FortiGuard override server and use the IP address of service.fortiguard.net.
  4. Configure FortiGuard to use FortiGuard Filtering Port 8888.
Correct answer: B
Question 4
   
You log into FortiManager, look at the Device Manager window and notice that one of your managed devices is not in normal status.  
Referring to the exhibit, which two statements correctly describe the affected device’s status and result? (Choose two.)
  1. The device configuration was changed on the local FortiGate side only; auto-update is disabled.
  2. The device configuration was changed on both the local FortiGate side and the FortiManager side; auto-update is disabled.
  3. The changed configuration on the FortiGate will remain the next time that the device configuration is pushed form FortiManager.
  4. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiManager the next time that the device configuration is pushed.
Correct answer: BD
Question 5
A FortiOS device is used for termination of VPNs for a number of remote spoke VPN units (designated Group A spokes) using a phase 1 main mode dial-up tunnel using pre-shared keys. Your company recently acquired another organization. You are asked to establish VPN connectivity for the newly acquired organization’s sites for which new devices will be provisioned (designated Group B spokes). Both existing (Group A) and new (Group B) spoke units are dynamically addressed. You are asked to ensure that spokes from the acquired organization (Group B) have different access permissions that your existing VPN spokes units (Group A). 
Which two solutions meet the requirements for the new spoke group? (Choose two.)
  1. Implement a new phase 1 dial-up main mode tunnel with preshared keys and XAuth. Use identity policies to filter traffic.
  2. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than Group A spokes. Use standard policies to filter traffic for the new dial-up tunnel.
  3. Implement a new phase 1 dial-up main mode tunnel with certificate authentication. Use standard policies to filter traffic for the new dial-up tunnel.
  4. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID. Use standard policies to filter traffic for the new dial-up tunnel.
Correct answer: AB
Question 6
   
Referring to the exhibit, which two statements are true about local authentication? (Choose two.)
  1. The user will be blocked 15 seconds after five login failures.
  2. When a ClientHello message indicating a renegotiation is received, the FortiGate will allow the TCP connection.
  3. The user’s IP address will be blocked 15 seconds after five login failures.
  4. After five minutes, the user will need to re-authenticate.
Correct answer: CD
Question 7
You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.  
In this scenario, which command will solve this problem?  
   
  1. config system interface
    edit Agg1 
    set min-links 2 
    end 
  2. config system interface
    edit Agg1 
    set weight 2 
    end 
  3. config system interface
    edit Agg1 
    set Algorithm L4 
    end 
  4. config system interface
    edit Agg1 
    set lacp-mode active  
    end
Correct answer: A
Question 8
You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of member options. Referring to the exhibit, which statement is correct in this situation?  
   
  1. The FortiGate model being used does not support LAG.
  2. The FortiGate model does not have an Integrated Switch Fabric (ISF).
  3. The FortiGate SFP+ slot does not have the correct module.
  4. The FortiGate interfaces are defective and require replacement.
Correct answer: B
Question 9
You need to apply the security features below to the network shown in the exhibit.  
  • high grade DDoS protection  
  • Web security and load balancing for Server1 and Server2  
  • Solution must be PCI DSS compliant  
  • Enhanced security to DNS 1 and DNS 2 
   
  
What are three solutions for this scenario? (Choose three.)
  1. FortiWeb for VDOM-A
  2. FortiDDoS between FG1 and FG2 and the Internet
  3. FortiADC for VDOM-A
  4. FortiADC for VDOM-B
  5. FortiDDoS between FG1 and FG2 and VDOMs
Correct answer: CDE
Question 10
An Administrator reports continuous high CPU utilization on a FortiGate device due to the IPS engine. The exhibit shows the global IPS configuration. Which two configuration actions will reduce the CPU usage? (Choose two.) 
   
  1. Disable fail open
  2. Enable intelligent mode
  3. Change the algorithm to low
  4. Reduce the number of packets being logged
Correct answer: CD
Question 11
You want to manage a FortiGate with the FortiCloud service.  
The FortiGate shows up in your list of devices on the FortiGate Web Site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?
  1. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud.
  2. The managed FortiGate requires that a FortiCloud management license be purchased and applied.
  3. You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard.
  4. The management tunnel mode on the managed FortiGate must be changed to normal.
Correct answer: C
Question 12
FortiMail is configured with the protected domain “internal.lab”.  
Which two envelope addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)
  1. MAIL FROM: student@ internal.lab;RCPT TO;[email protected]
Correct answer: BC
Question 13
You deploy a FortiGate device in a remote office based on the requirements shown below.  
  • Due to company’s security policy, management IP of your FortiGate is not allowed to access the Internet.  
  • Apply Web Filtering, AntiVirus, IPS and Application control to the protected subnet.  
  • Be managed by a central FortiManager on the head office.  
Which action will help to achieve the requirements?
  1. Configure a default route and make sure that the FortiGate device can ping to service.fortiguard.net
  2. Configure the FortiGuard override server and use the IP address of the FortiManager.
  3. Configure the FortiGuard override server and use the IP address of service.fortiguard.net.
  4. Configure FortiGuard to use FortiGuard Filtering Port 8888.
Correct answer: B
Question 14
   
You log into FortiManager, look at the Device Manager window and notice that one of your managed devices is not in normal status.  
Referring to the exhibit, which two statements correctly describe the affected device’s status and result? (Choose two.)
  1. The device configuration was changed on the local FortiGate side only; auto-update is disabled.
  2. The device configuration was changed on both the local FortiGate side and the FortiManager side; auto-update is disabled.
  3. The changed configuration on the FortiGate will remain the next time that the device configuration is pushed form FortiManager.
  4. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiManager the next time that the device configuration is pushed.
Correct answer: BD
Question 15
A FortiOS device is used for termination of VPNs for a number of remote spoke VPN units (designated Group A spokes) using a phase 1 main mode dial-up tunnel using pre-shared keys. Your company recently acquired another organization. You are asked to establish VPN connectivity for the newly acquired organization’s sites for which new devices will be provisioned (designated Group B spokes). Both existing (Group A) and new (Group B) spoke units are dynamically addressed. You are asked to ensure that spokes from the acquired organization (Group B) have different access permissions that your existing VPN spokes units (Group A). 
Which two solutions meet the requirements for the new spoke group? (Choose two.)
  1. Implement a new phase 1 dial-up main mode tunnel with preshared keys and XAuth. Use identity policies to filter traffic.
  2. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than Group A spokes. Use standard policies to filter traffic for the new dial-up tunnel.
  3. Implement a new phase 1 dial-up main mode tunnel with certificate authentication. Use standard policies to filter traffic for the new dial-up tunnel.
  4. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID. Use standard policies to filter traffic for the new dial-up tunnel.
Correct answer: AB
Question 16
   
Referring to the exhibit, which two statements are true about local authentication? (Choose two.)
  1. The user will be blocked 15 seconds after five login failures.
  2. When a ClientHello message indicating a renegotiation is received, the FortiGate will allow the TCP connection.
  3. The user’s IP address will be blocked 15 seconds after five login failures.
  4. After five minutes, the user will need to re-authenticate.
Correct answer: CD
Question 17
You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.  
In this scenario, which command will solve this problem?  
   
  1. config system interface
    edit Agg1 
    set min-links 2 
    end 
  2. config system interface
    edit Agg1 
    set weight 2 
    end 
  3. config system interface
    edit Agg1 
    set Algorithm L4 
    end 
  4. config system interface
    edit Agg1 
    set lacp-mode active  
    end
Correct answer: A
Question 18
You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of member options. Referring to the exhibit, which statement is correct in this situation?  
   
  1. The FortiGate model being used does not support LAG.
  2. The FortiGate model does not have an Integrated Switch Fabric (ISF).
  3. The FortiGate SFP+ slot does not have the correct module.
  4. The FortiGate interfaces are defective and require replacement.
Correct answer: B
Question 19
You need to apply the security features below to the network shown in the exhibit.  
  • high grade DDoS protection  
  • Web security and load balancing for Server1 and Server2  
  • Solution must be PCI DSS compliant  
  • Enhanced security to DNS 1 and DNS 2 
   
  
What are three solutions for this scenario? (Choose three.)
  1. FortiWeb for VDOM-A
  2. FortiDDoS between FG1 and FG2 and the Internet
  3. FortiADC for VDOM-A
  4. FortiADC for VDOM-B
  5. FortiDDoS between FG1 and FG2 and VDOMs
Correct answer: CDE
Question 20
An Administrator reports continuous high CPU utilization on a FortiGate device due to the IPS engine. The exhibit shows the global IPS configuration. Which two configuration actions will reduce the CPU usage? (Choose two.) 
   
  1. Disable fail open
  2. Enable intelligent mode
  3. Change the algorithm to low
  4. Reduce the number of packets being logged
Correct answer: CD
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!