1. Home
  2. Fortinet
  3. NSE8_811

Fortinet NSE 8 Written Exam (NSE8_811)

Exam Details

  • Exam Code
    :NSE8_811
  • Exam Name
    :Fortinet NSE 8 Written Exam (NSE8_811)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE8_811 Questions & Answers

  • Question 21:

    Refer to the exhibit.

    The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device. Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)

    A. Traffic that does not match any SPP policy will be inspected by this SPP.

    B. FortiDDoS will not send a SYN/ACK if a SYN packet is coming from an IP address that is not in the legitimate IP (LIP) address table.

    C. FortiDDoS will start dropping packets as soon as the traffic exceeds the configured minimum threshold.

    D. SYN packets with payloads will be dropped.

  • Question 22:

    FortiMail is configured with the protected domain "internal.lab".

    Which two envelope addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)

    A. MAIL FROM: [email protected]; RCPT TO: [email protected]

    B. MAIL FROM: [email protected]; RCPT TO: [email protected]

    C. MAIL FROM: [email protected]; RCPT TO: [email protected]

    D. MAIL FROM: [email protected]; RCPT TO: [email protected]

  • Question 23:

    Anti-Virus Real-Time Protection is enabled without any exclusions.

    Referring to the exhibit, which two behaviors will the FortiClient endpoint have after receiving the profile update from the FortiClient EMS? (Choose two.)

    A. Access to a downloaded file will always be allowed after 60 seconds when the FortiSandbox is reachable.

    B. The user will not be able to access a downloaded file for a maximum of 60 seconds if it is not a virus and the FortiSandbox is reachable.

    C. Files executed from a mapped network drive will not be inspected by the FortiClient endpoint AntiVirus engine.

    D. If the Real-Time Protection does not detect a virus, the user will be able to access a downloaded file when the FortiSandbox is unreachable.

  • Question 24:

    Refer to the exhibit.

    You have two data centers with a FortiGate 7000-series chassis connected by VPN. All traffic flows over an established generic routing encapsulation (GRE) tunnel between them. You are troubleshooting traffic that is traversing between Server VLAN A and Server VLAN B. The performance is lower than expected and you notice all traffic is only going through the FPM in slot 3 while nothing through the FPM in slot 4.

    Referring to the exhibit, which statement is true?

    A. Removing traffic shaping from the firewall policy allowing this traffic will allow for load-balancing to the other module.

    B. Changing the algorithm to take source IP, destination IP and port into account will load balance this traffic to the other module.

    C. There is no way to load-balance the traffic in this scenario.

    D. Configuring a load-balance flow-rule in the CLI will load-balance this traffic.

  • Question 25:

    Refer to the exhibit.

    A customer is using dynamic routing to exchange the default route between two FortiGate devices using OSPFv2. The output of the get router info ospf neighbor command shows that the neighbor is up, but the default route does not appear in the routing neighbor shown below.

    According to the exhibit, what is causing the problem?

    A. FG2 is within the wrong OSPF area.

    B. OSPF requires the redistribution of connected networks.

    C. There is an OSPF interface network-type mismatch.

    D. A prefix for the default route is missing.

  • Question 26:

    A FortiGate with the default configuration shown below is deployed between two IP telephones. FortiGate receives the INVITE request shown in the exhibit from Phone A (internal) to Phone B (external).

    NVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/UDP 10.31.101.20:5060 From: PhoneA To: PhoneB Call-ID: [email protected] CSeq: 1 INVITE Contact: sip:[email protected] v=0 o=PhoneA 5462346 332134 IN IP4 10.31.101.20 c=IN IP4 10.31.101.20 m=audio 49170 RTP 0 3

    Which two statements are correct after the FortiGate receives the packet? (Choose two.)

    A. NAT takes place only in the SIP application layer.

    B. A pinhole will be opened to accept traffic sent to the FortiGate WAN IP address.

    C. NAT takes place at both the network and SIP application layers.

    D. A pinhole is not required to accept traffic sent to the FortiGate WAN IP address.

  • Question 27:

    Refer to the exhibit.

    You have installed a FortiSandbox and configured it in your FortiMail. Referring to the exhibit, which two statements are correct? (Choose two.)

    A. If FortiMail is not able to obtain the results from the FortiGuard queries, URIs will not be checked by the FortiSandbox.

    B. FortiMail will cache the results for 30 minutes

    C. If the FortiSandbox with IP 10.10.10.3 is not available, the e-mail will be checked by the FortiCloud Sandbox.

    D. FortiMail will wait up to 30 minutes to obtain the scan results.

  • Question 28:

    Refer to the exhibit.

    You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware.

    Referring to the exhibit, which statement is true?

    A. Outgoing traffic is offloaded; you cannot determine if incoming traffic is offloaded at this time.

    B. Outgoing traffic is offloaded; incoming traffic not offloaded.

    C. Incoming and outgoing traffic is offloaded.

    D. Traffic is not offloaded.

  • Question 29:

    An administrator reports continuous high CPU utilization on a FortiGate device due to the IPS engine. Consider the global IPS configuration shown below.

    Which two configuration actions will reduce the CPU usage? (Choose two.)

    A. Reduce the number of packets being logged.

    B. Increase engine-count to 2.

    C. Enable intelligent mode.

    D. Disable fail open.

  • Question 30:

    In a FortiGate 5000 series, two FortiControllers are working as an SLBC cluster in a-p mode. The configuration shown below is applied.

    Which statement is true on how new TCP sessions are handled by the Distributor Processor (DP)?

    A. The new session added in the DP session table is automatically deleted, if the traffic is denied by the processing worker.

    B. No new session is added in the DP session table until the processing worker accepts the traffic.

    C. A new session added in the DP session table remains in the table even if the traffic is denied by the processing worker.

    D. A new session added in the DP session table remains in the table only if traffic is accepted by the processing worker.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE8_811 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.