1. Home
  2. Fortinet
  3. NSE8_811

Fortinet NSE 8 Written Exam (NSE8_811)

Exam Details

  • Exam Code
    :NSE8_811
  • Exam Name
    :Fortinet NSE 8 Written Exam (NSE8_811)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE8_811 Questions & Answers

  • Question 11:

    Refer to the exhibit.

    You have deployed several perimeter FortiGate devices with internal segmentation FortiGate devices behind them. All FortiGate devices are logging to FortiAnalyzer. When you search the logs in FortiAnalyzer for denied traffic, you see numerous log messages, as shown in the exhibit, on your perimeter FortiGate device only.

    Which two actions will reduce the number of these log messages? (Choose two.)

    A. Disable DNS events logging from FortiGate in the config log fortianalyzer filter section.

    B. Apply an application control profile to the perimeter FortiGate devices that does not inspect DNS traffic to the outbound firewall policy.

    C. Remove DNS signatures from the IPS profile applied to the outbound firewall policy.

    D. Configure the internal FortiGate devices to communicate to FortiGuard using port 8888.

  • Question 12:

    Consider the following configuration setting:

    Which two statements about local authentication are true? (Choose two.)

    A. The FortiGate will allow the TCP connection when a ClientHello message indicating a renegotiation is received.

    B. The user's IP address will be blocked 15 seconds after five login failures.

    C. The user will be blocked 15 seconds after five login failures.

    D. The user will need to re-authenticate after five minutes.

  • Question 13:

    You are asked to implement a single FortiGate 5000 chassis using Session-aware Load Balance Cluster (SLBC) with Active-Passive FortiControllers. Both FortiControllers have the configuration shown below, with the rest of the configuration set to the default values.

    Both FortiControllers show Master status. What is the problem in this scenario?

    A. The b1 interface of the two FortiControllers do not see each other.

    B. The management interface of both FortiControllers was connected on the same network.

    C. The chassis ID settings on FortiController on slot 2 should be set to 2.

    D. The priority should be set higher for FortiController on slot-1.

  • Question 14:

    You must create a High Availability deployment with two FortiWebs in Amazon Web Services (AWS); each on different Availability Zones (AZ) from the same region. At the same time, each FortiWeb should be able to deliver content from the Web servers of both of the AZs.

    Which deployment would fulfill this requirement?

    A. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic Load Balancer (ELB) for the internal Web servers.

    B. Use AWS Elastic Load Balancer (ELB) for both the FortiWebs in standalone mode and the internal Web servers in an ELB sandwich.

    C. Configure the FortiWebs in Active-Active HA mode and use AWS Route 53 to load balance the internal Web servers.

    D. Use AWS Route 53 to load balance the FortiWebs in standalone mode and use AWS Virtual Private Cloud (VPC) Peering to load balance the internal Web servers.

  • Question 15:

    Refer to the exhibit.

    A company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they were all in the same Layer 2 segment.

    Referring to the exhibit, what is configured on the FortiGate devices on each DC to allow this connectivity?

    A. Create an IPsec tunnel with VXLAN encapsulation.

    B. Create an IPsec tunnel with VLAN encapsulation.

    C. Create an IPsec tunnel with transport-mode encapsulation.

    D. Create an IPsec tunnel with tunnel-mode encapsulation.

  • Question 16:

    Refer to the exhibit.

    Referring to the firewall polices shown in exhibit, which two statements are true? (Choose two.)

    A. The IPv4 policy is allowing security profile groups.

    B. The IPv6 traffic for nse8user is filtered using the DNS profile.

    C. The IPv4 traffic for nse8user is filtered using the DNS profile.

    D. The Web traffic for nse8user is being filtered differently in IPv4 and IPv6.

  • Question 17:

    Refer to the exhibit.

    Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?

    A. The high-risk file will be discarded by attachment analysis.

    B. The high-risk file will go to the system quarantine.

    C. The high-risk file will be received by the recipient.

    D. The high-risk file will be discarded by malware/virus outbreak protection.

  • Question 18:

    Consider the following VDOM configuration:

    In which two ways can you establish communication between an existing NAT VDOM and a new transparent VDOM? (Choose two.)

    A. Set the set ip 10.10.10.1 command to vlink2l.

    B. Set the set ip 10.10.10.1 command to vlink20.

    C. Set type ppp to the vdom-link, vlink2.

    D. Set type ethernet to the vdom-link, vlink2.

  • Question 19:

    Refer to the exhibit.

    You log into FortiManager, access the Device Manager window and notice that one of the managed devices is not in normal status.

    Referring to the exhibit, which two statements correctly describe the status and result of the affected device? (Choose two.)

    A. The device configuration was changed on the local FortiGate side only; auto-update is disabled.

    B. The changed configuration on the FortiGate will remain the next time that the device configuration is pushed from FortiManager.

    C. The device configuration was changed on both the local FortiGate side and the FortiManager side; auto-update is disabled.

    D. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiManager the next time that the device configuration is pushed.

  • Question 20:

    A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.

    E-mails can only be accepted if a valid e-mail account exists. Only authenticated users can send e-mails out.

    Which two actions will satisfy the requirements? (Choose two.)

    A. Configure recipient address verification.

    B. Configure inbound recipient policies.

    C. Configure outbound recipient policies.

    D. Configure access control rules.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE8_811 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.