NSE8_811 Exam Details

  • Exam Code
    :NSE8_811
  • Exam Name
    :Fortinet NSE 8 Written Exam (NSE8_811)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE8_811 Online Questions & Answers

  • Question 1:

    A customer wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUI and to provide different levels of access for different types of employees. Which three actions are required to provide the requested functionality? (Choose three.)

    A. Create a wildcard administrator on the FortiGate.
    B. Enable radius-vdom-override in the CLI.
    C. Create multiple administrator profiles with matching RADIUS VSAs.
    D. Enable accprofile-override in the CLI.
    E. Set the RADIUS authentication type to MS-CHAPv2.

  • Question 2:

    You configured a firewall policy with only a Web filter profile for accessing the Internet. Access to websites belonging to the "Information Technology" category are blocked and to the "Business" category are allowed. SSL deep inspection is

    not enabled on this policy.

    A user wants to access the website https://www.it-acme.com which presents a certificate with CN=www.acme.com. The it-acme.com domain is categorized as "Information Technology" and the acme.com domain is categorized as "Business".

    Which statement regarding this scenario is correct?

    A. The FortiGate is able to read the URL within HTTPS sessions when using SSL certificate inspection so the website will be blocked by the "Information Technology".
    B. The website will be blocked by category "Information Technology" as the SNI takes precedence over the certificate name.
    C. The website will be allowed by category "Business" as the certificate name takes precedence over the URL.
    D. Only with SSL deep inspection enabled will the FortiGate be able to categorized this website.

  • Question 3:

    A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.

    E-mails can only be accepted if a valid e-mail account exists.

    Only authenticated users can send e-mails out.

    Which two actions will satisfy the requirements? (Choose two.)

    A. Configure recipient address verification.
    B. Configure inbound recipient policies.
    C. Configure outbound recipient policies.
    D. Configure access control rules.

  • Question 4:

    You have configured an HA cluster with two FortiGate devices. You want to make sure that you are able to manage the individual cluster members directly using port3.

    Referring to the configuration shown, in which two ways can you accomplish this task? (Choose two.)

    A. Create a management VDOM and disable the HA synchronization for this VDOM, assign port3 to this VDOM, then configure specific IPs for port3 on both cluster members.
    B. Configure port3 to be a dedicated HA management interface; then configure specific IPs for port3 on both cluster members.
    C. Allow administrative access in the HA heartbeat interfaces.
    D. Disable the sync feature on port3; then configure specific IPs for port3 on both cluster members.

  • Question 5:

    A customer is experiencing problems with a legacy L3/L4 firewall device and the IPv6 SIP VoIP traffic. Their device is dropping SIP packets, consequently, it cannot process SIP voice calls. Which solution will solve the customer's problem?

    A. Replace their legacy device with a FortiGate and deploy a FortiVoice to extract information from the body of the IPv6 SIP packet.
    B. Deploy a FortiVoice and enable IPv6 SIP.
    C. Deploy a FortiVoice and enable an IPv6 SIP session helper.
    D. Replace their legacy device with a FortiGate and configure it to extract information from the body of the IPv6 SIP packet.

  • Question 6:

    Refer to the exhibit.

    Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate-B to reach the server.

    Referring to the exhibit, which two actions satisfy this requirement? (Choose two.)

    A. Use Kerberos authentication.
    B. Use the Collector Agent.
    C. Use FortiAuthenticator.
    D. FortiGate-A must generate a RADIUS accounting packet.

  • Question 7:

    Refer to the exhibit.

    You have installed a FortiSandbox and configured it in your FortiMail.

    Referring to the exhibit, which two statements are correct? (Choose two.)

    A. If FortiMail is not able to obtain the results from the FortiGuard queries, URIs will not be checked by the FortiSandbox.
    B. FortiMail will cache the results for 30 minutes
    C. If the FortiSandbox with IP 10.10.10.3 is not available, the e-mail will be checked by the FortiCloud Sandbox.
    D. FortiMail will wait up to 30 minutes to obtain the scan results.

  • Question 8:

    Refer to the exhibit.

    You need to apply the security features listed below to the network shown in the exhibit.

    High grade DDoS protection Web security and load balancing for Server 1 and Server 2 Solution must be PCI DSS compliant Enhanced security to DNS 1 and DNS 2

    What are three solutions for this scenario? (Choose three.)

    A. FortiDDoS between FG1 and FG2 and the Internet
    B. FortiADC for VDOM-A
    C. FortiWeb for VDOM-A
    D. FortiADC for VDOM-B
    E. FortiDDoS between FG1 and FG2 and VDOMs

  • Question 9:

    Anti-Virus Real-Time Protection is enabled without any exclusions.

    Referring to the exhibit, which two behaviors will the FortiClient endpoint have after receiving the profile update from the FortiClient EMS? (Choose two.)

    A. Access to a downloaded file will always be allowed after 60 seconds when the FortiSandbox is reachable.
    B. The user will not be able to access a downloaded file for a maximum of 60 seconds if it is not a virus and the FortiSandbox is reachable.
    C. Files executed from a mapped network drive will not be inspected by the FortiClient endpoint AntiVirus engine.
    D. If the Real-Time Protection does not detect a virus, the user will be able to access a downloaded file when the FortiSandbox is unreachable.

  • Question 10:

    You are asked to implement a single FortiGate 5000 chassis using Session-aware Load Balance Cluster (SLBC) with Active-Passive FortiControllers. Both FortiControllers have the configuration shown below, with the rest of the configuration set to the default values.

    Both FortiControllers show Master status. What is the problem in this scenario?

    A. The b1 interface of the two FortiControllers do not see each other.
    B. The management interface of both FortiControllers was connected on the same network.
    C. The chassis ID settings on FortiController on slot 2 should be set to 2.
    D. The priority should be set higher for FortiController on slot-1.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE8_811 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.