Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the Fortinet Network Security Expert NSE8_812 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam NSE8_812 Premium Access

View all detail and faqs for the NSE8_812 exam

Go to Exam

734 Students Passed

92% Average Score

90% Same Questions
Viewing page 3 out of 4 pages
Viewing questions 21-30 out of questions
Questions # 21:

Refer to the exhibits, which show a topology and diagnostic commands.

Question # 21

Which two statements about the path resolution are true? (Choose two.)

Options:

A.

Latency is the quality criteria.

B.

wan1 is currently used as an outgoing interface.

C.

wan2 is currently used as an outgoing interface.

D.

Packet-loss is the quality criteria.

Questions # 22:

Refer to the exhibit.

Question # 22

A customer wants to automate the creation and configuration of FortiGate VM instances in a VMware vCenter environment using Terraform. They have the creation part working with the code shown in the exhibit.

Which code snippet will allow Terraform to automatically connect to a newly deployed FortiGate if its IP was dynamically assigned by VMware NSX-T?

Options:

A.

B.

C.

D.

Questions # 23:

Refer to the exhibits.

Question # 23

Question # 23

The exhibits show a FortiGate network topology and the output of the status of high availability on the FortiGate.

Given this information, which statement is correct?

Options:

A.

The ethertype values of the HA packets are 0x8890, 0x8891, and 0x8892

B.

The cluster mode can support a maximum of four (4) FortiGate VMs

C.

The cluster members are on the same network and the IP addresses were statically assigned.

D.

FGVMEVLQOG33WM3D and FGVMEVGCJNHFYI4A share a virtual MAC address.

Questions # 24:

Refer to the exhibits.

Question # 24

A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.

The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.

Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)

A)

Question # 24

B)

Question # 24

C)

Question # 24

D)

Question # 24

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Questions # 25:

Review the following FortiGate-6000 configuration excerpt:

Question # 25

Based on the configuration, which statement is correct regarding SNAT source port partitioning behavior?

Options:

A.

It dynamically distributes SNAT source ports to operating FPCs or FPMs.

B.

It is the default SNAT configuration and preserves active sessions when an FPC or FPM goes down.

C.

It statically distributes SNAT source ports to operating FPCs or FPMs

D.

It equally distributes SNAT source ports across chassis slots.

Questions # 26:

Refer to the exhibit.

Question # 26

A customer has deployed a FortiGate 300E with virtual domains (VDOMs) enabled in the multi-VDOM mode. There are three VDOMs: Root is for management and internet access, while VDOM 1 and VDOM 2 are used for segregating internal traffic. AccountVInk and SalesVInk are standard VDOM links in Ethernet mode.

Given the exhibit, which two statements below about VDOM behavior are correct? (Choose two.)

Options:

A.

You can apply OSPF routing on the VDOM link in either PPP or Ethernet mode

B.

Traffic on AccountVInk and SalesVInk will not be accelerated.

C.

The VDOM links are in Ethernet mode because they have IP addressed assigned on both sides.

D.

Root VDOM is an Admin type VDOM, while VDOM 1 and VDOM 2 are Traffic type VDOMs.

E.

OSPF routing can be configured between VDOM 1 and Root VDOM without any configuration changes to AccountVInk

Questions # 27:

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.

Which two statements are true regarding the requirements? (Choose two.)

Options:

A.

FortiGate can perform SSH access proxy host-key validation.

B.

You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.

C.

SSH traffic is tunneled between the client and the access proxy over HTTPS

D.

Traffic is discarded as ZTNA does not support SSH connection rules

Questions # 28:

Refer to the exhibit.

Question # 28

A customer has deployed a FortiGate 200F high-availability (HA) cluster that contains & TPM chip. The exhibit shows output from the FortiGate CLI session where the administrator enabled TPM.

Following these actions, the administrator immediately notices that both FortiGate high availability (HA) status and FortiManager status for the FortiGate are negatively impacted.

What are the two reasons for this behavior? (Choose two.)

Options:

A.

The private-data-encryption key entered on the primary did not match the value that the TPM expected.

B.

Configuration for TPM is not synchronized between FortiGate HA cluster members.

C.

The FortiGate has not finished the auto-update process to synchronize the new configuration to FortiManager yet.

D.

TPM functionality is not yet compatible with FortiGate HA.

E.

The administrator needs to manually enter the hex private data encryption key in FortiManager.

Questions # 29:

Refer to the exhibits, which show a network topology and VPN configuration.

Question # 29

A network administrator has been tasked with modifying the existing dial-up IPsec VPN infrastructure to detect the path quality to the remote endpoints.

After applying the configuration shown in the configuration exhibit, the VPN clients can still connect and access the protected 172.16.205.0/24 network, but no SLA information shows up for the client tunnels when issuing the diagnose sys link-monitor tunnel all command on the FortiGate CLI.

What is wrong with the configuration?

Options:

A.

SLA link monitoring does not work with the net-device setting.

B.

The admin needs to disable the mode-cfg setting.

C.

IPsec Phase1 Interface has to be configured in IPsec main mode.

D.

It is necessary to use the IKEv2 protocol in this situation.

Questions # 30:

Refer to the exhibit.

Question # 30

A customer wants FortiClient EMS configured to deploy to 1500 endpoints. The deployment will be integrated with FortiOS and there is an Active Directory server.

Given the configuration shown in the exhibit, which two statements about the installation are correct? (Choose two.)

Options:

A.

If no client update time is specified on EMS, the user will be able to choose the time of installation if they wish to delay.

B.

A client can be eligible for multiple enabled configurations on the EMS server, and one will be chosen based on first priority

C.

You can only deploy initial installations to Windows clients.

D.

You must use Standard or Enterprise SQL Server rather than the included SQL Server Express

E.

The Windows clients only require "File and Printer Sharing0 allowed and the rest is handled by Active Directory group policy

Viewing page 3 out of 4 pages
Viewing questions 21-30 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA