Validated NSE8 Exam Questions 2019
for Fortinet certification, Real Success Guaranteed with Updated . 100% PASS NSE8 NSE8 exam Today!
Fortinet NSE8 Free Dumps Questions Online, Read and Test Now.
NEW QUESTION 1
Which three statements about throughput on a wireless network are true? (Choose three.)
- A. A wireless device labelled as 300 Mbps should be expected to provide a throughput of 300Mbps.
- B. Be careful to ensure the capabilities of the wireless clients match those of the access points, in order to achieve higher throughput.
- C. Reducing the duty cycles of the wireless media by generating fewer beacons may improve throughput.
- D. Because of the higher level of RF noise that is typical in the 2.4 GHz ISM band, throughput of 2.4 GHz devices will typically be less than 5 GHz devices.
- E. Because of the full-duplex nature of the medium and the minimal overhead generated by CSMA/CA, the actual aggregate throughput is typically close to the data rate.
NEW QUESTION 2
Referring to the configuration shown in the exhibit, which three statements are true? (Choose three.)
- A. Traffic logging is disabled in policy 96.
- B. TCP handshake is completed and no FIN/RST has been forwarded.
- C. No packet has hit this session in the last five minutes.
- D. No QoS is applied to this traffic.
- E. The traffic goes through a VIP applied to policy 96.
NEW QUESTION 3
Virtual Domains (VDOMs) allow a FortiGate administrator to do what?
- A. Group two or more FortiGate units to form a single virtual device.
- B. Split a physical FortiGate unit into multiple virtual devices.
- C. Create multiple VLANs in a single physical interface,
- D. Group multiple physical interfaces to form a single virtual interface.
NEW QUESTION 4
The FortiGate is used as an IPsec gateway at a branch office. Two tunnels, tunA and tunB, are established between this FortiGate and the headquarters’ IPsec gateway. The branch office’s subnet is 10.1.1.0/24. The headquarters’ subnet is 10.2.2.0/24. The desired usage for tunA and tunB has been defined as follows:
- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 must be routed out over tunA when tunA is up
- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 have to be routed out over tunB when tunA is down
- sessions initiated from 10.2.2.0/24 can ingress either on tunA or on tunB Which static routing configuration meets the requirements?
NEW QUESTION 5
You have implemented FortiGate in transparent mode as shown in the exhibit. User1 from the Internet is trying to access the 192.168.10.10 Web servers.
Which two statements about this scenario are true? (Choose two.)
- A. User1 would be able to access the Web server intermittently.
- B. User1 would not be able to access any of the Web servers at all.
- C. FortiGate learns Web servers MAC address when the Web servers transmit packets.
- D. FortiGate always flood packets to both Web servers at the same time.
Explanation: Both servers have same ip address, so there will be intermittent we server connectivity from outside and whichever web server forwards packets fortigate learns its mac address.
NEW QUESTION 6
Referring to the diagram shown in the exhibit, you deployed VRRP load balancing using two FortiGate units and two VRRP groups with a VRRP virtual MAC address enabled on both FortiGate’s port2 interface. During normal operation, both FortiGate units are processing traffic and the VRRP groups are used to load balance the traffic between the two FortiGate units.
If FortiGate unit A fails, what would happen?
- A. The FortiGate Unit B port2 interface sends gratuitous ARPs to associate the VRRPvirtual router IP address with its own MAC address, and all traffic fails over to it.
- B. The FortiGate Unit B port2 interface will use virtual MAC addresses of 00-00-5e-00-01- 05 and 00-00-5e-00-01-0a, and all traffic fails over to it.
- C. The FortiGate Unit B port2 interface will use virtual MAC addresses of 00-a0-5e-00-01- 05 and 00-a0-5e-00-01-0a, and all traffic fails over to it.
- D. The FortiGate Unit B port2 interface will use the physical MAC addresses of the FortiGate Unit A port2 interface, and all traffic fails over to it.
Explanation: If primary fails secondary device uses virtual mac address to forward traffic
NEW QUESTION 7
Your colleague has enabled virtual clustering to load balance traffic between the cluster units. You notice that all traffic is currently directed to a single FortiGate unit. Your colleague has applied the configuration shown in the exhibit.
Which step would you perform to load balance traffic within the virtual cluster?
- A. Issue the diagnose sys ha reset-uptime command on the unit that is currently processing traffic to enable load balancing.
- B. Add an additional virtual cluster high-availability link to enable cluster load balancing.
- C. Input Virtual Cluster domain 1 and Virtual Cluster domain 2 device priorities for each cluster unit.
- D. Use the set override enable command on both units to allow the secondary unit to load balance traffic.
NEW QUESTION 8
A university is looking for a solution with the following requirements:
- wired and wireless connectivity
- authentication (LDAP)
- Web filtering, DLP and application control
- data base integration using LDAP to provide access to those students who are up-to-date with their monthly payments
- support for an external captive portal Which solution meets these requirements?
- A. FortiGate for wireless controller and captive portalFortiAP for wireless connectivityFortiAuthenticator for user authentication and REST API for DB integrationFortiSwitch for PoE connectivityFortiAnalyzer for log and report
- B. FortiGate for wireless controllerFortiAP for wireless connectivityFortiAuthenticator for user authentication, captive portal and REST API for DB integrationFortiSwitch for PoE connectivityFortiAnalyzer for log and report
- C. FortiGate for wireless control and user authenticationFortiAuthenticator for captive portal and REST API for DB integrationFortiAP for wireless connectivityFortiSwitch for PoE connectivityFortiAnalyzer for log and report
- D. FortiGate for wireless controllerFortiAP for wireless connectivity and captive portalFortiSwitch for PoE connectivityFortiAuthenticator for user authentication and REST API for DB integrationFortiAnalyzer for log and reports
NEW QUESTION 9
Referring to the exhibit, users are reporting that their FortiFones ring but when they pick up, the cannot hear each other. The FortiFones use SIP to communicate with the SIP Proxy Server and RTP between the phones.
Which configuration change will resolve the problem?
Explanation: References: http://docs.fortinet.com/uploaded/files/2813/fortigate-sip-54.pdf
NEW QUESTION 10
A customer wants to implement a RADIUS Single Sign On (RSSO) solution for multiple FortiGate devices. The customer’s network already includes a RADIUS server that can generate the logon and logoff accounting records. However, the RADIUS server can send those records to only one destination.
What should the customer do to overcome this limitation?
- A. Send the RADIUS records to an LDAP server and add the LDAP server to the FortiGate configuration.
- B. Send the RADIUS records to an RSSO Collector Agent.
- C. Send the RADIUS records to one of the FortiGate devices, which can replicate them to the other FortiGate units.
- D. Use the RADIUS accounting proxy feature available in FortiAuthenticator devices.
NEW QUESTION 11
A customer just bought an additional FortiGate device and plans to use their existing load balancer to distribute traffic across two FortiGate units participating on a BGP network serving different neighbors. The customer has mixed traffic of IPv4 and IPv6 TCP, UDP, and ICMP. The two FortiGate devices shown in the exhibit should be redundant to each other so that the NAT session and active session tables will synchronize and fail over to the unit that is still operating without any loss of data if one of the units fail.
Which high availability solution would you implement?
- A. FortiGate Cluster Protocol (FGCP)
- B. Fortinet redundant UTM protocol (FRUP)
- C. FortiGate Session Life Support Protocol (FGSP)
- D. Virtual Router Redundancy Protocol (VRRP)
NEW QUESTION 12
You are an administrator of FortiGate devices that use FortiManager for central management. You need to add a policy on an ADOM, but upon selecting the ADOM drop- down list, you notice that the ADOM is in locked state. Workflow mode is enabled on your FortiManager to define approval or notification workflow when creating and installing policy changes.
What caused this problem?
- A. Another administrator has locked the ADOM and is currently working on it.
- B. There is pending approval waiting from a previous modification.
- C. You need to use set workspace-mode workflow on the CLI.
- D. You have read-only permission on Workflow Approve in the administrator profile.
NEW QUESTION 13
You notice that your FortiGate’s memory usage is very high and that the unit’s performance is adversely affected. You want to reduce memory usage.
Which three commands would meet this requirement? (Choose three.)
NEW QUESTION 14
An administrator wants to assign static IP addresses to users connecting tunnel-mode SSL VPN. Each SSL VPN user must always get the same unique IP address which is never assigned to any other user.
Which solution accomplishes this task?
- A. TACACS+ authentication with an attribute-value (AV) pair containing each user’s IP address.
- B. RADIUS authentication with each user’s IP address stored in a Vendor Specific Attribute (VSA).
- C. LDAP authentication with an LDAP attribute containing each user’s IP address.
- D. FSSO authentication with an LDAP attribute containing each user’s IP address.
NEW QUESTION 15
The exhibit shows an LDAP server configuration in a FortiGate device.
The LDAP user, John Smith, has the following LDAP attributes:
John Smith’s LDAP password is ABC123.
Which CLI command should you use to test the LDAP authentication using John Smith’s credentials?
- A. diagnose test authserver ldap Lab jsmith ABC123
- B. diagnose test authserver ldap-direct Lab jsmith ABC123
- C. diagnose test authserver ldap Lab ‘John Smith’ ABC123
- D. diagnose test authserver ldap-direct Lab john ABC123
Explanation: References: https://forum.fortinet.com/tm.aspx?m=119178
NEW QUESTION 16
A café offers free Wi-Fi. Customers’ portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge. You must protect all customers from any other customers’ infected devices that join the same SSID.
Which step meets the requirement?
- A. Enable deep SSH inspection with antivirus and IPS.
- B. Use a captive portal to redirect unsecured connections such as HTTP and SMTP to their secured equivalents, preventing worms on infected clients from tampering with other customer traffic.
- C. Use WPA2 encryption and configure a policy on FortiGate to block all traffic between clients.
- D. Use WPA2 encryption, and enable “Block Intra-SSID Traffic”.
P.S. Easily pass NSE8 Exam with 65 Q&As 2passeasy Dumps & pdf Version, Welcome to Download the Newest 2passeasy NSE8 Dumps: https://www.2passeasy.com/dumps/NSE8/ (65 New Questions)