1. Home
  2. Fortinet
  3. NSE8_811

Fortinet NSE 8 Written Exam (NSE8_811)

Exam Details

  • Exam Code
    :NSE8_811
  • Exam Name
    :Fortinet NSE 8 Written Exam (NSE8_811)
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 30, 2024

Fortinet Fortinet Certifications NSE8_811 Questions & Answers

  • Question 31:

    Refer to the exhibit.

    You need to apply the security features listed below to the network shown in the exhibit.

    High grade DDoS protection Web security and load balancing for Server 1 and Server 2 Solution must be PCI DSS compliant Enhanced security to DNS 1 and DNS 2

    What are three solutions for this scenario? (Choose three.)

    A. FortiDDoS between FG1 and FG2 and the Internet

    B. FortiADC for VDOM-A

    C. FortiWeb for VDOM-A

    D. FortiADC for VDOM-B

    E. FortiDDoS between FG1 and FG2 and VDOMs

  • Question 32:

    A customer wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUI and to provide different levels of access for different types of employees.

    Which three actions are required to provide the requested functionality? (Choose three.)

    A. Create a wildcard administrator on the FortiGate.

    B. Enable radius-vdom-override in the CLI.

    C. Create multiple administrator profiles with matching RADIUS VSAs.

    D. Enable accprofile-override in the CLI.

    E. Set the RADIUS authentication type to MS-CHAPv2.

  • Question 33:

    Refer to the exhibit.

    The exhibit shows a topology where a FortiGate is split into two VDOMs, root and vd-lan. The root VDOM

    provides external SSL-VPN access, where the users are authenticated by a FortiAuthenticator. The vd-lan

    VDOM provides internal access to a Web server.

    For the remote users to access the internal Web server, there are a few requirements as follows:

    All traffic must come from the SSL-VPN.

    The vd-lan VDOM only allows authenticated traffic to the Web server.

    Users must only authenticate once, using the SSL-VPN portal.

    SSL-VPN uses RADIUS-based authentication.

    Given these requirements and the topology shown in the exhibit, which two statements are true? (Choose

    two.)

    A. vd-lan connects to FortiAuthenticator as a regular FSSO client.

    B. root is configured for FSSO while vd-lan is configured for RSSO.

    C. root sends "RADIUS Accounting Messages" to FortiAuthenticator

    D. vd-lan receives authentication messages from root using FSSO.

  • Question 34:

    Refer to the exhibit.

    The FortiAP profile used by the FortiGate managed AP is shown in the exhibit. Which two statements in this scenario are correct? (Choose two.)

    A. Interference will be prevented between FortiAP devices using this profile.

    B. This profile will map specific SSIDs available to the FortiAP devices.

    C. All FortiAP devices using this profile will have Radio 1 monitor wireless clients.

    D. All FortiAP devices using this profile will have Radio 1 scan rogue access points.

  • Question 35:

    You cannot ping the FortiGate default gateway 10.10.10.1 from the FortiGate CLI. The FortiGate interface facing the default gateway is wan1 and its IP address is 10.10.10.254/24. During the initial troubleshooting tests, you confirm that you can ping other IP addresses in the 10.10.10.0/24 subnet from the FortiGate CLI without packets lost.

    Which two CLI commands will help you to troubleshoot this problem? (Choose two.)

    A. diagnose debug flow filter saddr 10.10.10.1 diagnose debug flow trace start 10

    B. diagnose hardware deviceinfo nic wan1

    C. diagnose ip arp list

    D. diag sniffer packet wan1 'arp and host 10.10.10.1'

  • Question 36:

    An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.

    Which action will reduce the WAN usage by the monitoring system?

    A. Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.

    B. Install both Supervisor and Collector on each remote site.

    C. Install local Collectors on each remote site.

    D. Disable real-time log upload on the remote sites.

  • Question 37:

    A customer is looking for a way to remove javascripts, macros and hyperlinks from documents traversing the network without affecting the integrity of the content. You propose to use the Content disarm and reconstruction (CDR) feature of the FortiGate.

    Which two considerations are valid to implement CDR in this scenario? (Choose two.)

    A. The inspection mode of the FortiGate is not relevant for CDR to operate.

    B. CDR is supported on HTTPS, SMTPS, and IMAPS if deep inspection is enabled.

    C. CDR can only be performed on Microsoft Office Document and PDF files.

    D. Files processed by CDR can have the original copy quarantined on the FortiGate.

  • Question 38:

    Refer to the exhibit.

    As shown in the exhibit, a FortiADC is load-balancing IPv4 traffic between two next-hop routers. The FortiADC does not know the IP addresses of the servers. Also, the FortiADC is doing Layer 7 content inspection and modification.

    In this scenario, which application delivery control is configured in the FortiADC?

    A. Layer 3

    B. Layer 4

    C. Layer 7

    D. Layer 2

  • Question 39:

    Refer to the exhibit.

    You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of member options.

    Referring to the exhibit, which statement is correct in this situation?

    A. The FortiGate interfaces are defective and require replacement.

    B. The FortiGate model does not have an Integrated Switch Fabric (ISF).

    C. The FortiGate model being used does not support LAG.

    D. The FortiGate SFP+ slot does not have the correct module.

  • Question 40:

    You have deployed a FortiGate in NAT/Route mode as a Secure Web Gateway with a few IP-based authentication firewall policies. Your customer reports that some users now have different browsing permissions from what is expected. All these users are browsing using Internet Explorer through a Remote Desktop Connection to a Terminal Server. When you look at the FortiGate logs, the username for the Terminal Server IP is not consistent.

    Which action will correct this problem?

    A. Change the FSSO Polling mode to Windows NetAPI.

    B. Configure FSSO Advanced with LDAP integration.

    C. Install the TS/Citrix agent on the terminal server.

    D. Make sure the Terminal Server is using the correct DNS server.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE8_811 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.