NSE8_811 Exam Details

  • Exam Code
    :NSE8_811
  • Exam Name
    :Fortinet NSE 8 Written Exam (NSE8_811)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet NSE8_811 Online Questions & Answers

  • Question 11:

    An administrator reports continuous high CPU utilization on a FortiGate device due to the IPS engine. Consider the global IPS configuration shown below.

    Which two configuration actions will reduce the CPU usage? (Choose two.)

    A. Reduce the number of packets being logged.
    B. Increase engine-count to 2.
    C. Enable intelligent mode.
    D. Disable fail open.

  • Question 12:

    Refer to the exhibit.

    Referring to the firewall polices shown in exhibit, which two statements are true? (Choose two.)

    A. The IPv4 policy is allowing security profile groups.
    B. The IPv6 traffic for nse8user is filtered using the DNS profile.
    C. The IPv4 traffic for nse8user is filtered using the DNS profile.
    D. The Web traffic for nse8user is being filtered differently in IPv4 and IPv6.

  • Question 13:

    Refer to the exhibit.

    Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?

    A. The high-risk file will be discarded by attachment analysis.
    B. The high-risk file will go to the system quarantine.
    C. The high-risk file will be received by the recipient.
    D. The high-risk file will be discarded by malware/virus outbreak protection.

  • Question 14:

    A legacy router has been replaced by a FortiGate device. The FortiGate has inherited the management IP address of the router and now the network administrator needs to remove the router from the FortiSIEM configuration. Which two statements about this operation are true? (Choose two.)

    A. FortiSIEM will move the router device into the Decommission folder.
    B. The router will be completely deleted from the FortiSIEM database.
    C. By default, FortiSIEM can only parser event logs for FortiGate devices.
    D. FortiSIEM will discover a new device for the FortiGate with the same IP.

  • Question 15:

    Refer to the exhibit.

    While deploying a new FortiGate-VMX Security node, an administrator receives the error message shown in the exhibit. In this scenario, which statement is correct?

    A. The NSX Manager is not able to connect on the FortiGate Service Manager RestAPI service.
    B. The vCenter is not able to locate the FortiGate-VMX OVF file.
    C. The FortiGate Service Manager does not have the proper permission to register the FortiGate-VMX Service.
    D. The vCenter cannot connect to the FortiGate Service Manager.

  • Question 16:

    You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack?

    A. asymmetric mode
    B. aggressive aging mode
    C. rate limiting mode
    D. blocking mode

  • Question 17:

    Refer to the exhibit.

    You log into FortiManager, access the Device Manager window and notice that one of the managed devices is not in normal status. Referring to the exhibit, which two statements correctly describe the status and result of the affected device? (Choose two.)

    A. The device configuration was changed on the local FortiGate side only; auto-update is disabled.
    B. The changed configuration on the FortiGate will remain the next time that the device configuration is pushed from FortiManager.
    C. The device configuration was changed on both the local FortiGate side and the FortiManager side; auto-update is disabled.
    D. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiManager the next time that the device configuration is pushed.

  • Question 18:

    In a FortiGate 5000 series, two FortiControllers are working as an SLBC cluster in a-p mode. The configuration shown below is applied.

    Which statement is true on how new TCP sessions are handled by the Distributor Processor (DP)?

    A. The new session added in the DP session table is automatically deleted, if the traffic is denied by the processing worker.
    B. No new session is added in the DP session table until the processing worker accepts the traffic.
    C. A new session added in the DP session table remains in the table even if the traffic is denied by the processing worker.
    D. A new session added in the DP session table remains in the table only if traffic is accepted by the processing worker.

  • Question 19:

    FortiMail is configured with the protected domain "internal.lab".

    Which two envelope addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)

    A. MAIL FROM: [email protected]; RCPT TO: [email protected]
    B. MAIL FROM: [email protected]; RCPT TO: [email protected]
    C. MAIL FROM: [email protected]; RCPT TO: [email protected]
    D. MAIL FROM: [email protected]; RCPT TO: [email protected]

  • Question 20:

    Consider the following VDOM configuration: In which two ways can you establish communication between an existing NAT VDOM and a new transparent VDOM? (Choose two.)

    A. Set the set ip 10.10.10.1 command to vlink2l.
    B. Set the set ip 10.10.10.1 command to vlink20.
    C. Set type ppp to the vdom-link, vlink2.
    D. Set type ethernet to the vdom-link, vlink2.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE8_811 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.