web analytics
Comprehensive Network Security Solution Exam / NSE8_811 Dumps / NSE8_811 Exam Questions / NSE8_811 PDF Dumps / NSE8_811 VCE Dumps

[13-Dec-2020] New PassLeader Network Security Expert 8 NSE8_811 Dumps with VCE and PDF (New Questions)

PassLeader just published the NEWEST Fortinet NSE8_811 exam dumps! And, PassLeader offer two types of the NSE8_811 dumps — NSE8_811 VCE dumps and NSE8_811 PDF dumps, both VCE and PDF contain the NEWEST NSE8_811 exam questions, they will help you PASSING the Fortinet NSE8_811 exam easily! Now, get the NEWEST NSE8_811 dumps in VCE and PDF from PassLeaderhttps://www.passleader.com/nse8.html (85 Q&As Dumps –> 130 Q&As Dumps)

What’s more, part of that PassLeader NSE8_811 dumps now are freehttps://drive.google.com/drive/folders/1sCprOO4b4S8Ood-PBlgX0jRfdwx3ixXu

A customer has the following requirements:
– local peer with two Internet links
– remote peer with one Internet link
– secure traffic between the two peers
– granular control with Accept policies
Which solution provides security and redundancy for traffic between the two peers?

A.    a fully redundant VPN with interface mode configuration
B.    a partially redundant VPN with interface mode configuration
C.    a partially redundant VPN with tunnel mode configuration
D.    a fully redundant VPN with tunnel mode configuration

Answer: B

Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)

A.    Split tunneling is supported.
B.    It requires the installation of a VPN client.
C.    It requires the use of an Internet browser.
D.    It does not support traffic from third-party network applications.
E.    An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.

Answer: ABE

You have received an issue report about users not being able to use a video conferencing application. This application uses two UDP ports and two TCP ports to communicate with servers on the Internet. The network engineering team has confirmed there is no routing problem. You are given a copy of the FortiGate configuration. Which three configuration objects will you inspect to ensure that no policy is blocking this traffic? (Choose three.)

A.    config firewall interface-policy
B.    config firewall DoS-policy
C.    config firewall policy
D.    config firewall multicast-policy
E.    config firewall sniffer-policy

Answer: ABC

You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any interface. Which statement about your implementation is true?

A.    FortiGate populates the MAC address table based on destination addresses of frames received from all10 VLANs.
B.    There will be no impact on the STP protocol.
C.    All 10 VLANs will become a single broadcast domain for the ARP request.
D.    The ARP request will not be forwarded across the different VLANs domains.

Answer: C

Which two features are supported only by FortiMail but not by FortiGate? (Choose two.)

B.    built-in MTA
C.    end-to-end IBE encryption
D.    FortiGuard Antispam

Answer: BC

You are hosting Web applications that must be PCI DSS compliant. The Web applications are protected by a FortiWeb. Compliance will be tested during the quarterly security review. In this scenario, which three FortiWeb features should you use? (Choose three.)

A.    Vulnerability Scan.
B.    Auto-learning.
C.    Syn Cookie.
D.    Credit Card Detection.
E.    The config system advanced set weark_enc disable end command.

Answer: ACD

Your FortiGate has multiple CPUs. You want to verify the load for each CPU. Which two commands will accomplish this task? (Choose two.)

A.    get system performance status
B.    diag system mpstat
C.    diag system cpu stat
D.    diag system top

Answer: AD

You are asked to implement a wireless network for a conference center and need to provision a high number of access points to support a large number of wireless client connections. Which statement describes a valid solution for this requirement?

A.    Use a captive portal for guest access.
Use both 2.4 GHz and 5 GHz bands.
Enable frequency and access point hand-off.
Use more channels, thereby supporting more clients.
B.    Use an open wireless network with no portal.
Use both 2.4 GHz and 5 GHz bands.
Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
C.    Use a pre-shared key only for wireless client security.
Use the 5 GHz band only for greater security.
Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
D.    Use a captive portal for guest access.
Use both the 2.4 GHz and 5 GHz bands, and configure frequency steering.
Configure rogue access point detection in order to automatically control the transmit power of each AP.

Answer: A

There is an interface-mode IPsec tunnel configured between FortiGate1 and FortiGate2. You want to run OSPF over the IPsec tunnel. On both FortiGates. the IPsec tunnel is based on physical interface Port1. Port1 has the default MTU setting on both FortiGate units. Which statement is true about this scenario?

A.    A multicast firewall policy must be added on FortiGate1 and FortiGate2 to allow protocol 89.
B.    The MTU must be set manually in the OSPF interface configuration.
C.    The MTU must be set manually on the IPsec interface.
D.    An IP address must be assigned to the IPsec interface on FortiGate1 and FortiGate2.

Answer: D

Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate devices? (Choose three.)

A.    mismatched phase 2 selectors
B.    mismatched Anti-Replay configuration
C.    mismatched Perfect Forward Secrecy
D.    failed Dead Peer Detection negotiation
E.    mismatched IKE version

Answer: ACE

Which three statements about throughput on a wireless network are true? (Choose three.)

A.    A wireless device labelled as 300 Mbps should be expected to provide a throughput of 300Mbps.
B.    Be careful to ensure the capabilities of the wireless clients match those of the access points, in order to achieve higher throughput.
C.    Reducing the duty cycles of the wireless media by generating fewer beacons may improve throughput.
D.    Because of the higher level of RF noise that is typical in the 2.4 GHz ISM band, throughput of 2.4 GHz devices will typically be less than 5 GHz devices.
E.    Because of the full-duplex nature of the medium and the minimal overhead generated by CSMA/CA, the actual aggregate throughput is typically close to the data rate.

Answer: ACD

An administrator wants to assign static IP addresses to users connecting tunnel-mode SSL VPN. Each SSL VPN user must always get the same unique IP address which is never assigned to any other user. Which solution accomplishes this task?

A.    TACACS+ authentication with an attribute-value (AV) pair containing each user’s IP address.
B.    RADIUS authentication with each user’s IP address stored in a Vendor Specific Attribute (VSA).
C.    LDAP authentication with an LDAP attribute containing each user’s IP address.
D.    FSSO authentication with an LDAP attribute containing each user’s IP address.

Answer: D

Which VPN protocol is supported by FortiGate units?

A.    E-LAN
B.    PPTP
D.    OpenVPN

Answer: B

A FortiGate is deployed in the NAT/Route operation mode. This operation mode operates at which OSI layer?

A.    Layer 4
B.    Layer 1
C.    Layer 3
D.    Layer 2

Answer: C

Which Fortinet product is used for antispam protection?

A.    FortiSwitch
B.    FortiGate
C.    FortiWeb
D.    FortiDB

Answer: B

FortiGatel has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between FortiGatel and FortiGate2 is on UDP port 500. A PC on FortuGate2’s local area network is sending continuous ping requests over the VPN tunnel to a PC of FortiGatel’s local area network. No other traffic is sent over the tunnel. Which statement is true on this scenario?

A.    FortiGatel sends an R-U-TH ERE packet every 300 seconds while ping traffic is flowing.
B.    FortiGatel sends an R-U-TH ERE packet if pings stop for 300 seconds and no IKE packet is received during this period.
C.    FortiGatel sends an R-U-THERE packet if pings stop for 60 seconds and no IKE packet is received during this period.
D.    FortiGatel sends an R-U-TH ERE packet every 60 seconds while ping traffic is flowing.

Answer: C

The wireless controller diagnostic output is shown on the exhibit:
Which three statements are true? (Choose three.)

A.    Firewall policies using device types are blocking Android devices.
B.    An access control list applied to the VAP interface blocks Android devices.
C.    This is a CAPWAP control channel diagnostic command.
D.    There are no wireless clients connected to the guest wireless network.
E.    The “src-vis” process is active on the staff wireless network VAP interface.

Answer: ACD

Referring to the command output shown on the exhibit:
How many hosts are connected to the FortiGate?

A.    7
B.    6
C.    2
D.    256

Answer: B


Learning the PassLeader NSE8_811 dumps with VCE and PDF for 100% passing Fortinet certificationhttps://www.passleader.com/nse8.html (85 Q&As Dumps –> 130 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE8_811 dumps for freehttps://drive.google.com/drive/folders/1sCprOO4b4S8Ood-PBlgX0jRfdwx3ixXu