NSE8_810 Online Practice Questions and Answers

Click the Exhibit button.

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware. Referring to the exhibit, which statement is true?

A. Incoming and outgoing traffic is offloaded

B. Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time.

C. Traffic is not offloaded.

D. Outgoing traffic is offloaded: incoming traffic not offloaded.

Click the Exhibit button.

Referring to the exhibit, which two statements are true about local authentication? (Choose two.)

A. The user will be blocked 15 seconds after five login failures.

B. When a ClientHello message indicating a renegotiation is received, the FortiGate will allow the TCP connection.

C. The user's IP address will be blocked 15 seconds after five login failures.

D. After five minutes, the user will need to re-authenticate.

A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with

one SYN/ACK packet per SYN packet ftom a new source IP address.

Which SYN packet from a new source IP address.

Which SYN flood mitigation mode must the customer use?

A. SYN cookie

B. SYN/ACK cookie

C. ACK cookie

D. SYN retransmission

FortiMail configured with the protected domain "internal lab".

Which two envelopes addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)

A. MAIL FROM: traming@fortinet com: RCPT TO: student@fortmet com

B. MAIL FROM student@fortinet com: RCPT TO [email protected]

C. MAIL FROM: trainmg@internallab; RCPT TO student@mternallab

D. MAIL FROM student@internal lab: RCPT TO [email protected]

An old router has been replaced by a FortiWAN device. The FortiWAN has inherited the router's management IP address and now the network administrator needs to remove the old router from the FortiSIEM configuration.

Which two statements are true about this operation? (Choose two.)

A. FortiSIEM will discover a new device for the FortiWAN with the same IP.

B. The old router will be completely deleted from FortiSIEM's CMDB.

C. FotiSEIM needs a special syslog for FortiWAN.

D. FortiSIM will move the old router device into the Decommission folder.

Exhibit

Click the Exhibit button.

You are working on an entry level model FortiGate that has been configured in flow-based inspection mode with various settings optimized for performance. It appears that the main Internet firewall policy is using the antivirus profile labelled default. Your customer has found that some virus samples are not being caught by the FortiGate.

Referring to the exhibit, what is causing the problem?

A. The set default-db configure was set to extreme.

B. The set options scan configuration items should have been changed to not option scan avmonitor.

C. The default AV profile was modified to use quick scan-mode.

D. The mobile-malware-db configuration was set to enable.

Click the exhibit.

You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.

In this scenario, which command will solve this problem?

A. config system interface edit Agg1 set min-links 2 end

B. config system interface edit Agg1 set weight 2 end

C. config system interface edit Agg1 set Algorithm L4 end

D. config system interface edit Agg1 set lacp-mode active end

You have deployed a FortiGate In NAT/Route mode as a secure as a web gateway with a few P-base authentication firewall policies. Your customer reports that some users now have different browsing permission =s from what is expected. All these users are browsing using internet Explorer through Desktop Connection to a Terminal Server. When you took at the Fortigate logs the username for the Terminal Server IP is not consistent.

Which action will correct this problem?

A. Make sure Terminal Service is using the correct DNS ever.

B. Configure FSSO Advanced with LDAP integration

C. Change the FSSO polling mode to windows NetAPI

D. Install the TSCitrix on the terminal server

Click the Exhibit button.

Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate 瑽 to reach the server.

Which two actions satisfy this requirement? (Choose two.)

A. Use Kerberos authentication.

B. FortiGate-A must generate a RADUIS accounting packets.

C. Use FortiAuthenticator.

D. Use the Collector Agent.

Exhibit

Click the Exhibit button. Referring to the exhibit, which two behaviors will the FortiClient endpoint have after receiving the profile update from the FortiClient EMS? (Choose two.)

A. Files executed from a mapped network drive will not be inspected by the FortiCltent endpoint Antivirus engine.

B. The user will not be able to access a Web downloaded file for at least 60 seconds when the FortiSandbox is reachable.

C. The user will not be able to access a Web downloaded file for a maximum of 60 seconds if it is not a virus and the FortiSandbox s reachable.

D. The user will not be able to access a Web downloaded file when the FortiSandbox is unreachable.