Precise NSE8 Exam Questions and Answers 2019
Proper study guides for NSE8 NSE8 certified begins with preparation products which designed to deliver the by making you pass the NSE8 test at your first time. Try the free right now.
Check NSE8 free dumps before getting the full version:
NEW QUESTION 1
A company has just installed a new FortiGate in their core to route and inspect traffic between their subnetted VLANs. The security department reports that after the installation, their IP video cameras no longer work. Research by the IT department shows that the video system uses a multicast stream to send the video to multiple video receivers.
Which two commands must be configured to resolve this problem? (Choose two.)
NEW QUESTION 2
The wireless controller diagnostic output is shown in the exhibit. Which three statements are true? (Choose three.)
- A. Firewall policies using device types are blocking Android devices.
- B. An access control list applied to the VAP interface blocks Android devices.
- C. This is a CAPWAP control channel diagnostic command.
- D. There are no wireless clients connected to the guest wireless network.
- E. The “src-vis” process is active on the staff wireless network VAP interface.
NEW QUESTION 3
Your marketing department uncompressed and executed a file that the whole department received using Skype.
Reviewing the exhibit, which two details do you determine from your initial analysis of the payload?
- A. The payload contains strings that the malware is monitoring to harvest credentials.
- B. This is a type of Trojan that will download and pirate movies using your Netflix credentials.
- C. This type of threat of a DDoS attack using instant messaging to send e-mails to further spread the infection.
- D. This threat payload is uploading private user videos which are then used to extort Bitcoin payments.
NEW QUESTION 4
The output shown in the exhibit from FortiManager is displayed during an import of the device configuration.
Which statement describes the correct action taken for these duplicate objects?
- A. The import fails because of the duplicate entries detected which exist in the ADOM database.
- B. FortiManager installs these duplicate objects to the managed device from the ADOM database.
- C. FortiManager does not import these duplicate entries into the ADOM database because they already exist in the ADOM database.
- D. FortiManager creates indexed duplicate entries for these objects in the ADOM database.
NEW QUESTION 5
The dashboard widget indicates that FortiGuard Web Filtering is not reachable. However, AntiVirus, IPS, and Application Control have no problems as shown in the exhibit.
You contacted Fortinet’s customer service and discovered that your FortiGuard Web Filtering contract is still valid for several months.
What are two reasons for this problem? (Choose two.)
- A. You have another security device in front of FortiGate blocking ports 8888 and 53.
- B. FortiGuard Web Filtering is not enabled in any firewall policy.
- C. You did not enable Web Filtering cache under Web Filtering and E-mail Filtering Options.
- D. You have a firewall policy blocking ports 8888 and 53.
Explanation: If Web filtering shows unreachable then we have to verify, whether web filtering enabled in security policies or not.
Web filtering enabled in a policy but the port 8888 and 53 are not selected, means the policy blocking the ports.
NEW QUESTION 6
Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate devices? (Choose three.)
- A. mismatched phase 2 selectors
- B. mismatched Anti-Replay configuration
- C. mismatched Perfect Forward Secrecy
- D. failed Dead Peer Detection negotiation
- E. mismatched IKE version
Explanation: In IPsec negotiations, Perfect Forward Secrecy (PFS) ensures that each new cryptographic key is unrelated to any previous key. Either enable or disable PFS on both the tunnel peers; otherwise, the LAN-to-LAN (L2L) IPsec tunnel is not established
NEW QUESTION 7
A company wants to protect against Denial of Service attacks and has launched a new project. They want to block the attacks that go above a certain threshold and for some others they are just trying to get a baseline of activity for those types of attacks so they are
letting the traffic pass through without action. Given the following:
- The interface to the Internet is on WAN1.
- There is no requirement to specify which addresses are being protected or protected from.
- The protection is to extend to all services.
- The tcp_syn_flood attacks are to be recorded and blocked.
- The udp_flood attacks are to be recorded but not blocked.
- The tcp_syn_flood attack’s threshold is to be changed from the default to 1000. The exhibit shows the current DoS-policy.
Which policy will implement the project requirements?
Explanation: B&D both have same policy which fulfills the above criteria. http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Examples/Example-%20DoS%20Policy.htm
NEW QUESTION 8
A customer is authenticating users using a FortiGate and an external LDAP server. The LDAP user, John Smith, cannot authenticate. The administrator runs the debug command diagnose debug application fnbamd 255 while John Smith attempts the authentication:
Based on the output shown in the exhibit, what is causing the problem?
- A. The LDAP administrator password in the FortiGate configuration is incorrect.
- B. The user, John Smith, does have an account in the LDAP server.
- C. The user, John Smith, does not belong to any allowed user group.
- D. The user, John Smith, is using an incorrect password.
Explanation: Fortigate not binded with LDAP server because of failed authentication. References:
NEW QUESTION 9
You want to enable traffic between 2001:db8:1::/64 and 2001:db8:2::/64 over the public IPv4 Internet.
Given the CLI configuration shown in the exhibit, which two additional settings are required on this device to implement tunneling for the IPv6 transition? (Choose two.)
- A. IPv4 firewall policies to allow traffic between the local and remote IPv6 subnets.
- B. IPv6 static route to the destination phase2 destination subnet.
- C. IPv4 static route to the destination phase2 destination subnet.
- D. IPv6 firewall policies to allow traffic between the local and remote IPv6 subnets.
Explanation: References: http://docs.fortinet.com/uploaded/files/1969/IPv6%20Handbook%20for%20FortiOS%205.2. pdf
NEW QUESTION 10
You are asked to implement a wireless network for a conference center and need to provision a high number of access points to support a large number of wireless client
Which statement describes a valid solution for this requirement?
- A. Use a captive portal for guest acces
- B. Use both 2.4 GHz and 5 GHz band
- C. Enable frequency and access point hand-of
- D. Use more channels, thereby supporting more clients.
- E. Use an open wireless network with no porta
- F. Use both 2.4 GHz and 5 GHz band
- G. Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
- H. Use a pre-shared key only for wireless client securit
- I. Use the 5 GHz band only for greater securit
- J. Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
- K. Use a captive portal for guest acces
- L. Use both the 2.4 GHz and 5 GHz bands, and configure frequency steerin
- M. Configure rogue access point detection in order to automatically control the transmit power of each AP.
NEW QUESTION 11
A customer has the following requirements:
- local peer with two Internet links
- remote peer with one Internet link
- secure traffic between the two peers
- granular control with Accept policies
Which solution provides security and redundancy for traffic between the two peers?
- A. a fully redundant VPN with interface mode configuration
- B. a partially redundant VPN with interface mode configuration
- C. a partially redundant VPN with tunnel mode configuration
- D. a fully redundant VPN with tunnel mode configuration
NEW QUESTION 12
Your FortiGate has multiple CPUs. You want to verify the load for each CPU. Which two commands will accomplish this task? (Choose two.)
- A. get system performance status
- B. diag system mpstat
- C. diag system cpu stat
- D. diag system top
Explanation: References: http://kb.fortinet.com/kb/documentLink.do?externalID=13825
NEW QUESTION 13
Given the following FortiOS 5.2 commands:
Which vulnerability is being addresses when managing FortiGate through an encrypted management protocol?
- A. Remote Exploit Vulnerability in Bash (ShellShock)
- B. Information Disclosure Vulnerability in OpenSSL (Heartbleed)
- C. SSL v3 POODLE Vulnerability
- D. SSL/TLS MITM vulnerability (CVE-2014-0224)
Explanation: References: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36913
NEW QUESTION 14
You are managing a FortiAnalyzer appliance. After an upgrade, you notice that the unit no longer displays historical logs, reports do not produce any data, and FortiView summary views are empty. However, you notice that the unit is receiving logs on the dashboard widgets.
Which step resolves this problem?
- A. Execute the CLI command exec sql-local rebuild-db.
- B. Execute the CLI command diag sql remove hcache.
- C. Execute the CLI command exec sql-local reinsert-logs.
- D. Restore the unit settings from a previous backup.
NEW QUESTION 15
Your security department has requested that you implement the OpenSSL.TLS.Heartbeat.Information.Disclosure signature using an IPS sensor to scan traffic destined to the FortiGate. You must log all packets that attempt to exploit this vulnerability.
Referring to the exhibit, which two configurations are required to accomplish this task? (Choose two.)
NEW QUESTION 16
You are hosting Web applications that must be PCI DSS compliant. The Web applications are protected by a FortiWeb. Compliance will be tested during the quarterly security review.
In this scenario, which three FortiWeb features should you use? (Choose three.)
- A. Vulnerability Scan
- B. Auto-learning
- C. Syn Cookie
- D. Credit Card Detection
- E. the command.
Recommend!! Get the Full NSE8 dumps in VCE and PDF From 2passeasy, Welcome to Download: https://www.2passeasy.com/dumps/NSE8/ (New 65 Q&As Version)