Fortinet NSE8_812 Exam Practice Test Instant Access

Question 1

Refer to the exhibits.

To facilitate a more efficient roll out of FortiGate devices, you are tasked with using meta fields with the CLI Template to configure the DHCP server on the "office1" FortiGate.

Given this scenario, what would be the output of the config ip-range section on the CLI Template?

AOption A

BOption B

COption C

DOption D

Answer : A

Question 2

Refer to the exhibit.

You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:

FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?

AObjects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.

BObjects from the root FortiGate will only be synchronized to FGT__2.

CObjects from the root FortiGate will not be synchronized to any downstream FortiGate.

DObjects from the root FortiGate will only be synchronized to FGT_3.

Answer : D

https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to-synchronizing-objects-across-the-security-fabric-6-4-4

Question 3

Refer to the exhibit showing a FortiView monitor screen.

After a Secure SD-WAN implementation a customer reports that in FortiAnalyzer under FortiView Secure SD-WAN Monitor there is No Device for selection.

What can cause this issue?

AUpload option from FortiGate to FortiAnalyzer is not set as a real time.

BExtended logging is not enabled on FortiGate.

CADOM 1 is set as a Fabric ADOM.

Dsla-fail-log-period and sla-pass-log-period on FortiGate health check is not set.

Answer : A

Question 4

Review the Application Control log.

Which configuration caused the IPS engine to generate this log?

AOption A

BOption B

COption C

DOption D

Answer : D

Question 5

Refer to the exhibit.

The exhibit shows the topology a customer wants to implement using a flexible authentication scheme. Users connecting from trusted remote locations are authenticated using only their username/password when connecting to the SSLVPN FortiGate in the data center.

When connecting from the Untrusted Clients, users must authenticate using 2-factor authentication.

In this scenario, which RADIUS attribute can be used as a RADIUS policy selector on the FortiAuthenticator to accomplish this goal?

ACalling-Station-Id

BFramed-IP-Address

CTunnel-Client-Auth-Id

DLogin-IP-Host

Answer : C

Question 6

An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the OCSP server.

Part of the FortiGate configuration is shown below:

Based on this configuration, which authentication scenario will FortiGate deny?

AThe user certificate does not contain the OCSP URL.

BFortiAuthenticator responds to an OCSP request that the user certificate authority is untrusted.

CFortiAuthenticator responds to an OCSP request that the user certificate status is unknown.

Answer : B

Question 7

Refer to the exhibit.

What is happening in this scenario?

AThe user status changed at FortiClient EMS to off-net.

BThe user is authenticating against a FortiGate Captive Portal.

CThe user is authenticating against an IdP.

DThe user has not authenticated on their external browser.

Answer : C

Fortinet NSE 8 - Written NSE8_812 Exam Practice Test