Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Fortinet > Network Security Expert > NSE8_811 > NSE8_811 Online Practice Questions and Answers

NSE8_811 Online Practice Questions and Answers

Questions 4

Refer to the exhibit.

The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met:

20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices The FortiGate HA must be in AP mode

Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)

A. Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

B. Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

C. Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

D. Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

Buy Now

Correct Answer: AC

Questions 5

Refer to the exhibit.

The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?

A. The policy redirects all HTTPS URLs to HTTP.

B. The policy redirects all HTTP URLs to HTTPS.

C. The policy redirects only HTTP URLs containing the ^/(.*)$ string to HTTPS.

D. The policy redirects only HTTPS URLs containing the ^/(.*)$ string to HTTP.

Buy Now

Correct Answer: B

Questions 6

Refer to the exhibit.

You created a custom health-check for your FortiWeb deployment. Given the output shown in the exhibit, which statement is true?

A. The FortiWeb must receive an RST packet from the server.

B. The FortiWeb must receive an HTTP 200 response code from the server.

C. The FortiWeb must match the hash value of the page index.html.

D. The FortiWeb must receive an ICMP Echo Request from the server.

Buy Now

Correct Answer: B

Questions 7

Refer to the exhibit.

Given the configuration shown in the exhibit, which two statements are true? (Choose two.)

A. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802.3ad trunk on another device.

B. LAG-1 and LAG-2 should be connected to a 4-port single 802.3ad trunk on another device.

C. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B.

D. LAG-1 and LAG-2 should be connected to a single 4-port 802.3ad interface on the FortiGate-A.

Buy Now

Correct Answer: AC

Questions 8

An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.

Which action will reduce the WAN usage by the monitoring system?

A. Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.

B. Install both Supervisor and Collector on each remote site.

C. Install local Collectors on each remote site.

D. Disable real-time log upload on the remote sites.

Buy Now

Correct Answer: C

Questions 9

A customer is looking for a way to remove javascripts, macros and hyperlinks from documents traversing the network without affecting the integrity of the content. You propose to use the Content disarm and reconstruction (CDR) feature of the FortiGate.

Which two considerations are valid to implement CDR in this scenario? (Choose two.)

A. The inspection mode of the FortiGate is not relevant for CDR to operate.

B. CDR is supported on HTTPS, SMTPS, and IMAPS if deep inspection is enabled.

C. CDR can only be performed on Microsoft Office Document and PDF files.

D. Files processed by CDR can have the original copy quarantined on the FortiGate.

Buy Now

Correct Answer: CD

Questions 10

Refer to the exhibit.

The FortiAP profile used by the FortiGate managed AP is shown in the exhibit. Which two statements in this scenario are correct? (Choose two.)

A. Interference will be prevented between FortiAP devices using this profile.

B. This profile will map specific SSIDs available to the FortiAP devices.

C. All FortiAP devices using this profile will have Radio 1 monitor wireless clients.

D. All FortiAP devices using this profile will have Radio 1 scan rogue access points.

Buy Now

Correct Answer: BD

Questions 11

Refer to the exhibit.

You need to apply the security features listed below to the network shown in the exhibit.

High grade DDoS protection Web security and load balancing for Server 1 and Server 2 Solution must be PCI DSS compliant Enhanced security to DNS 1 and DNS 2

What are three solutions for this scenario? (Choose three.)

A. FortiDDoS between FG1 and FG2 and the Internet

B. FortiADC for VDOM-A

C. FortiWeb for VDOM-A

D. FortiADC for VDOM-B

E. FortiDDoS between FG1 and FG2 and VDOMs

Buy Now

Correct Answer: ACD

Questions 12

Refer to the exhibit.

You have installed a FortiSandbox and configured it in your FortiMail. Referring to the exhibit, which two statements are correct? (Choose two.)

A. If FortiMail is not able to obtain the results from the FortiGuard queries, URIs will not be checked by the FortiSandbox.

B. FortiMail will cache the results for 30 minutes

C. If the FortiSandbox with IP 10.10.10.3 is not available, the e-mail will be checked by the FortiCloud Sandbox.

D. FortiMail will wait up to 30 minutes to obtain the scan results.

Buy Now

Correct Answer: AD

Questions 13

A FortiGate is used as a VPN hub for a number of remote spoke VPN units (Group A) spokes using a phase 1 main mode dial-up tunnel and pre-shared keys. You are asked to establish VPN connectivity for a newly acquired organization's sites for which new devices will be provisioned Group B spokes.

Both existing Group A and new Group B spoke units are dynamically addressed through a single public IP Address on the hub. You are asked to ensure that spokes from Group B have different access permissions than the existing VPN spokes units Group A.

Which two solutions meet the requirements for the new spoke group? (Choose two.)

A. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spokes.

B. Implement a new phase 1 dial-up main mode tunnel with certificate authentication.

C. Implement a new phase 1 dial-up main mode tunnel with pre-shared keys and XAuth.

D. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID.

Buy Now

Correct Answer: CD

Exam Code: NSE8_811
Exam Name: Fortinet NSE 8 Written Exam (NSE8_811)
Last Update: Dec 15, 2024
Questions: 60

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2024 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.