Fortinet NSE8_812 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:

FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?

AObjects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.

BObjects from the root FortiGate will only be synchronized to FGT__2.

CObjects from the root FortiGate will not be synchronized to any downstream FortiGate.

DObjects from the root FortiGate will only be synchronized to FGT_3.

Answer : D

https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to-synchronizing-objects-across-the-security-fabric-6-4-4

Question 2

You are performing a packet capture on a FortiGate 2600F with the hyperscale licensing installed. You need to display on screen all egress/ingress packets from the port16 interface that have been offloaded to the NP7.

Which three commands need to be run? (Choose three.)

Adiagnose npu sniffer filter intf port16

Bdiagnose npu sniffer filter selector 0

Cdiagnose sniffer packet npudbg

Ddiagnose npu sniffer filter dir 2

Ediagnose sniffer packet port16

Answer : A, C, D

Question 3

Refer to The exhibit, which shows a topology diagram.

A customer wants to use SD-WAN for traffic generated from the data center towards Branches. SD-WAN on HUB should follow the underlay condition on each Branch and the solution should be scalable for hundreds of Branches.

Which SD WAN-Rules strategy should be used?

AManual based on route-tags

BLowest Cost SLA

CAuto based on link quality

DBest Quality based on route-tags

Answer : D

Question 4

An administrator discovers that CPU utilization of a FortiGate-200F is high and determines that no traffic is being accelerated by hardware.

Why is no traffic being accelerated by hardware?

AOper-session-accounting is enabled under np6xlite config.

Bstrict-dirty-session-check is enabled in global config.

Ccheck-protocol-header is set to strict in the global config.

Ddelay-tcp-npu-session is enabled under the firewall policy.

Answer : C

Question 5

Refer to the exhibits.

You are configuring a Let's Encrypt certificate to enable SSL protection to your website. When FortiWeb tries to retrieve the certificate, you receive a certificate status failed, as shown below.

Based on the Server Policy settings shown in the exhibit, which two configuration changes will resolve this issue? (Choose two.)

ADisable Redirect HTTP to HTTPS in the Server Policy.

BRemove the Web Protection Profile from this Server Policy.

CEnable HTTP service in the Server Policy.

DConfigure a TXT record of the domain and point to the IP address of the Virtual Server.

Answer : A, B

Question 6

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit C

A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C Referring to the exhibits, which configuration will restore VPN connectivity?

AOption A

BOption B

COption C

DOption D

Answer : C

The output in Exhibit A shows that the VPN tunnel is not established because the peer IP address is incorrect. The output in Exhibit B shows that the peer IP address is 192.168.1.100, but the baseline VPN configuration in Exhibit C shows that the peer IP address should be 192.168.1.101.

To restore VPN connectivity, you need to change the peer IP address in the VPN tunnel configuration to 192.168.1.101. The correct configuration is shown below:

config vpn ipsec phase1-interface

edit 'wan'

set peer-ip 192.168.1.101

set peer-id 192.168.1.101

set dhgrp 1

set auth-mode psk

set psk SECRET_PSK

end

Option A is incorrect because it does not change the peer IP address. Option B is incorrect because it changes the peer IP address to 192.168.1.100, which is the incorrect IP address. Option D is incorrect because it does not include the necessary configuration for the VPN tunnel.

Question 7

Refer to the exhibit.

What is happening in this scenario?

AThe user status changed at FortiClient EMS to off-net.

BThe user is authenticating against a FortiGate Captive Portal.

CThe user is authenticating against an IdP.

DThe user has not authenticated on their external browser.

Answer : C

Fortinet NSE 8 - Written NSE8_812 Exam Practice Test