web analytics
Comprehensive Network Security Solution Exam / NSE8_811 Dumps / NSE8_811 Exam Questions / NSE8_811 PDF Dumps / NSE8_811 VCE Dumps

[22-Mar-2021] New PassLeader Network Security Expert 8 NSE8_811 Dumps with VCE and PDF (New Questions)

PassLeader just published the NEWEST Fortinet NSE8_811 exam dumps! And, PassLeader offer two types of the NSE8_811 dumps — NSE8_811 VCE dumps and NSE8_811 PDF dumps, both VCE and PDF contain the NEWEST NSE8_811 exam questions, they will help you PASSING the Fortinet NSE8_811 exam easily! Now, get the NEWEST NSE8_811 dumps in VCE and PDF from PassLeaderhttps://www.passleader.com/nse8.html (130 Q&As Dumps)

What’s more, part of that PassLeader NSE8_811 dumps now are freehttps://drive.google.com/drive/folders/1sCprOO4b4S8Ood-PBlgX0jRfdwx3ixXu

Virtual Domains (VDOMs) allow a FortiGate administrator to do what?

A.    Group two or more FortiGate units to form a single virtual device.
B.    Split a physical FortiGate unit into multiple virtual devices.
C.    Create multiple VLANs in a single physical interface.
D.    Group multiple physical interfaces to form a single virtual interface.

Answer: B

Which statements are correct properties of a partial mesh VPN deployment? (Choose two.)

A.    VPN tunnels interconnect between every single location.
B.    VPN tunnels are not configured between every single location.
C.    Some locations are reached via a hub location.
D.    There are no hub locations in a partial mesh.

Answer: BD
https://docs.fortinet.com/uploaded/files/1086/fortigate-ipsec-vpn-50.pdf (page 64)

You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.)

A.    Download the WSDL file from FortiManager administration GUI.
B.    Make a call with the curl utility on your workstation.
C.    Make a call with the SoapUI API tool on your workstation.
D.    Make a call with the Web browser on your workstation.

Answer: AC

A customer wants to integrate their on-premise FortiGate with their Azure infrastructure. Which two components must be in place to configure the Azure Fabric connector? (Choose two.)

A.    FortiGate-VM virtual appliance deployed on-premise.
B.    An inbound policy from the Azure FortiGate-VM virtual appliance.
C.    An outbound policy from the Azure FortiGate-VM virtual appliance.
D.    A FortiGate-VM virtual appliance deployed in Azure.

Answer: CD

A customer wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUI and to provide different levels of access for different types of employees. Which three actions are required to provide the requested functionality? (Choose three.)

A.    Create a wildcard administrator on the FortiGate.
B.    Enable radius-vdom-override in the CLI.
C.    Create multiple administrator profiles with matching RADIUS VSAs.
D.    Enable accprofile-override in the CLI.
E.    Set the RADIUS authentication type to MS-CHAPv2.

Answer: ACD

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below:
– E-mails can only be accepted if a valid e-mail account exists.
– Only authenticated users can send e-mails out.
Which two actions will satisfy the requirements? (Choose two.)

A.    Configure recipient address verification.
B.    Configure inbound recipient policies.
C.    Configure outbound recipient policies.
D.    Configure access control rules.

Answer: AD

You must create a High Availability deployment with two FortiWebs in Amazon Web Services (AWS); each on different Availability Zones (AZ) from the same region. At the same time, each FortiWeb should be able to deliver content from the Web servers of both of the AZs. Which deployment would fulfill this requirement?

A.    Configure the FortiWebs in Active-Active HA mode and use AWS Elastic Load Balancer (ELB) for the internal Web servers.
B.    Use AWS Elastic Load Balancer (ELB) for both the FortiWebs in standalone mode and the internal Web servers in an ELB sandwich.
C.    Configure the FortiWebs in Active-Active HA mode and use AWS Route 53 to load balance the internal Web servers.
D.    Use AWS Route 53 to load balance the FortiWebs in standalone mode and use AWS Virtual Private Cloud (VPC) Peering to load balance the internal Web servers.

Answer: B

A FortiGate is used as a VPN hub for a number of remote spoke VPN units (Group A) spokes using a phase 1 main mode dial-up tunnel and pre-shared keys. You are asked to establish VPN connectivity for a newly acquired organization’s sites for which new devices will be provisioned Group B spokes. Both existing Group A and new Group B spoke units are dynamically addressed through a single public IP Address on the hub. You are asked to ensure that spokes from Group B have different access permissions than the existing VPN spokes units Group A. Which two solutions meet the requirements for the new spoke group? (Choose two.)

A.    Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spokes.
B.    Implement a new phase 1 dial-up main mode tunnel with certificate authentication.
C.    Implement a new phase 1 dial-up main mode tunnel with pre-shared keys and XAuth.
D.    Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID.

Answer: CD

Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than expected. What is the reason for this discrepancy?

A.    You applied an antivirus profile on some of the policies, and no traffic can be accelerated.
B.    You disabled all security profiles on some of the firewall policies, and the traffic matching those policies is now accelerated.
C.    You enabled HA session-pickup, which is turn disabled session accounting.
D.    You changed from active-passive to active-active, causing the session traffic counters to become inaccurate.

Answer: D
Because of Active/Active failover traffic segregate to boxes where it reduces the bandwidth utilization.

You notice that memory usage is high and FortiGate has entered conserve mode. You want FortiGate’s IPS engine to focus only on exploits and attacks that are applicable to your specific network. Which two steps would you take to reduce RAM usage without weakening security? (Choose two.)

A.    Configure IPS to pass files that are larger than a specific threshold, instead of buffering and scanning them.
B.    Reduce the size of the signature three (filters) that FortiGate must search by disabling scans for applications and OS stacks that do not exist on your network.
C.    Disable application control for protocols that are not used on your network.
D.    Disable IPS for traffic destined for the FortiGate itself.

Answer: BC

Which statements are correct regarding an IPv6 over IPv4 IPsec configuration? (Choose two.)

A.    The source quick mode selector must be an IPv4 address.
B.    The destination quick mode selector must be an IPv6 address.
C.    The Local Gateway IP must be an IPv4 address.
D.    The remote gateway IP must be an IPv6 address.

Answer: BC

A customer wants to enable SYN flood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source IP address. Which SYN flood mitigation mode must the customer use?

A.    SYN retransmission
B.    SYN/ACK cookie
C.    SYN cookie
D.    ACK cookie

Answer: C

An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site. Which action will reduce the WAN usage by the monitoring system?

A.    Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.
B.    Install both Supervisor and Collector on each remote site.
C.    Install local Collectors on each remote site.
D.    Disable real-time log upload on the remote sites.

Answer: C

A customer has a SCADA environmental control device that is triggering a false-positive IPS alert whenever the Web GUI of the device is accessed. You cannot create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support. You need to prevent the false positive IPS alerts from occurring. In this scenario, which two actions will accomplish this task? (Choose two.)

A.    Create a URL filter with the Exempt action for that device IP address.
B.    Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.
C.    Create a very specific firewall policy for that device IP address which does not perform IPS scanning.
D.    Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based.

Answer: AC

A customer is looking for a way to remove javascripts, macros and hyperlinks from documents traversing the network without affecting the integrity of the content. You propose to use the Content disarm and reconstruction (CDR) feature of the FortiGate. Which two considerations are valid to implement CDR in this scenario? (Choose two.)

A.    The inspection mode of the FortiGate is not relevant for CDR to operate.
B.    CDR is supported on HTTPS, SMTPS, and IMAPS if deep inspection is enabled.
C.    CDR can only be performed on Microsoft Office Document and PDF files.
D.    Files processed by CDR can have the original copy quarantined on the FortiGate.

Answer: CD

You are administering the FortiGate 5000 and FortiGate 7000 series products. You want to access the HTTPS GUI of the blade located in logical slot 3 of the secondary chassis in a high-availability cluster. Which URL will accomplish this task?


Answer: B

A legacy router has been replaced by a FortiGate device. The FortiGate has inherited the management IP address of the router and now the network administrator needs to remove the router from the FortiSIEM configuration. Which two statements about this operation are true? (Choose two.)

A.    FortiSIEM will move the router device into the Decommission folder.
B.    The router will be completely deleted from the FortiSIEM database.
C.    By default, FortiSIEM can only parser event logs for FortiGate devices.
D.    FortiSIEM will discover a new device for the FortiGate with the same IP.

Answer: AD

Refer to the exhibit:
An organization has a FortiGate cluster that is connected to two independent ISPs. You must configure the FortiGate failover for a single ISP failure to occur without disruption. Which two FortiGate BGP features are enabled to accomplish this task? (Choose two.)

A.    EBGP multipath
B.    Graceful restart
C.    Synchronization
D.    BFD

Answer: BD

Refer to the exhibit:
Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate-B to reach the server. Which two actions satisfy this requirement? (Choose two.)

A.    Use Kerberos authentication.
B.    Use the Collector Agent.
C.    Use FortiAuthenticator.
D.    FortiGate-A must generate a RADIUS accounting packet.

Answer: CD

Refer to the exhibit:
A company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they were all in the same Layer 2 segment. What is configured on the FortiGate devices on each DC to allow this connectivity?

A.    Create an IPsec tunnel with VXLAN encapsulation.
B.    Create an IPsec tunnel with VLAN encapsulation.
C.    Create an IPsec tunnel with transport-mode encapsulation.
D.    Create an IPsec tunnel with tunnel-mode encapsulation.

Answer: A


Learning the PassLeader NSE8_811 dumps with VCE and PDF for 100% passing Fortinet certificationhttps://www.passleader.com/nse8.html (130 Q&As Dumps)

BONUS!!! Download part of PassLeader NSE8_811 dumps for freehttps://drive.google.com/drive/folders/1sCprOO4b4S8Ood-PBlgX0jRfdwx3ixXu