1. Home
  2. Fortinet
  3. NSE8_810

Fortinet Network Security Expert 8 Written Exam (810)

Exam Details

  • Exam Code
    :NSE8_810
  • Exam Name
    :Fortinet Network Security Expert 8 Written Exam (810)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :60 Q&As
  • Last Updated
    :Jun 09, 2025

Fortinet Fortinet Certifications NSE8_810 Questions & Answers

  • Question 51:

    Click the exhibit.

    A VPN IPsec is connecting the headquarters office (HQ) with a branch office (BO) and OSPF is used to redistribute routes between the offices. After deployment, a server with IP address 10.10.10.35 located on the DMZ network of the BO FortiGate, was reported unreachable from hosts located on the LAN network of the same FortiGate.

    Referring to the exhibit, which statement is true?

    A. The ICMP packets are Being blocked by an implicit deny policy.

    B. The incoming access list should have an accept action instead deny action to solve the problem.

    C. A directly connected subnet is being partially superseded by an OSPF redistributed subnet.

    D. Enabling NAT on the VPN firewall policy will solve the problem.

  • Question 52:

    Click the Exhibit button.

    Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?

    A. Create an IPsec tunnel with transport mode encapsulation.

    B. Create an IPsec tunnel with Mode encapsulation.

    C. Create an IPsec tunnel with VXLAN encapsulation.

    D. Create an IPsec tunnel with VLAN encapsulation.

  • Question 53:

    Click the Exhibit button.

    Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?

    A. The high-risk file will be discarded by attachment analysis.

    B. The high-risk tile will go to the system quarantine.

    C. The high-risk file will be received by the recipient.

    D. The high-risk file will be discarded by malware/virus outbreak protection.

  • Question 54:

    You have a customer experiencing problem with a legacy L3L4 firewall device and IPV6 SIP VoIP traffic. They devices is dropping SIP packets, consequently, it process SIP voice calls. Which solution would solve the customer's problem?

    A. Deploy a FortiVoice and enable IPv6 SIP.

    B. Replace their legacy device with a FortiGate and configure it to extract information from the body of the IPv6 packet.

    C. Deploy a FotiVoice and enable an IPv6 SIP session helper.

    D. Replace their legacy device with a FortiGate and deploy a FortiVoice to extract information from the body of the IPv6 SIP packet

  • Question 55:

    Exhibit The exhibit shows a topology where a FortiGate is two VDOMS, root and vd-vlasn. The root VDCM provides SSL-VPN access, where the users authenticated by a FortiAuthenticatator. The vd-lan VDOM provids internal access to a Web server. For the remote users to access the internal web server, there are a few requirements, which are shown below.

    --At traffic must come from the SSI-VPN

    --The vd-lan VDOM only allows authenticated traffic to the Web server.

    -- Users must only authenticate once, using the SSL-VPN portal.

    -- SSL-VPN uses RADIUS-based authentication.

    referring to the exhibit, and the requirement describe above, which two statements are true?

    (Choose two.)

    A. vd-lan authentication messages from root using FSSO.

    B. vd-lan connects to Fort authenticator as a regular FSSO client.

    C. root is configured for FSSO while vd-lan is configuration for RSSO.

    D. root sends "RADIUS Accounting Messages" to FortiAuthenticator.

  • Question 56:

    You want to access the JSON API on FortiManager to retrieve information on an object.

    In this scenario, which two methods will satisfy the requirement? (Choose two.)

    A. Make a call with the Web browser on your workstation.

    B. Make a call with the SoapUl API tool on your workstation.

    C. Download the WSDL file from FortiManager administration GUI.

    D. Make a call with the curl utility on your workstation

  • Question 57:

    You must create a high Availability deployment with two FortiWebs in Amazon Services (AWS): each on

    different Availability Zones(AZ) from the same region. At the same time, each FortiWeb should be able to

    deliver content from the Web server of both of the AZs.

    Which deployment would will this requirement?

    A. Configure the FortiWebs Active-Active Ha mode and use AWS Router 53 load Router balance the internal Web servers.

    B. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic load Balancer (ELB) for the internal Web servers.

    C. Use AWS Router 53 to load balance FortiWebs in standone mode and use AWS Virtual private Cloud (VPC) peering to load balance the internal Web servers.

    D. Use AWS Elastic load Balancer (ELB) for both FortiWebs in standdone mode and the internal Web servers in an ELB sandwich.

  • Question 58:

    CORRECT TEXT

    In a FortiGate 5000 series, two FortiControllers are working as an SLBC cluster in a-p mode. The configuration shown below is applied. config load-balance session-setup set tcp-ingress enable end When statement is true on how new TCP sessions are handled by the Distributor Processor (DP).

    A. The new session added the DP session table is automatically deleted, if the traffic is denied by the processing worker.

    B. No new session is added is the DP session table until the processing worker accepts the traffic.

    C. A new session added m the DP session table remains in the table remain in the traffic is denied by the procession worker.

    D. A new session added in the OP session table remains is the table only if traffic is traffic is accepted by the processing worker.

  • Question 59:

    You have a customer with a SCADA environmental control devices that is trigged a false- positive OPS alert whenever the device's Web GUI is accessed. You cannot seem to create a functional custom IPS filter expert this behavior, and it appears that the device is so old that it does HTTPS support. You need to prevent the false posited IPS alert occurring.

    In this scenario, which two actions would accomplish this task? (Choose two.)

    A. Create a very granular firewall for that device's IP address which does not perform IPS scanning.

    B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow- based.

    C. Create a URL filter with the exempt action for that device's IP address.

    D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.

  • Question 60:

    Click the Exhibit button.

    What are two ways to establish communication between an existing NAT VDOM and a new transparent VDOM? (Choose two.)

    A. Set the set ip 10.10.10. i command to vlink2l.

    B. Set type ppp to the vdom-link, vlink2.

    C. Set the not ip 10.I0.I0.1 command to vlink20.

    D. Set type ethernet to the vdom-link, vlink2.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE8_810 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.