Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the Fortinet Network Security Expert NSE8_812 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam NSE8_812 Premium Access

View all detail and faqs for the NSE8_812 exam

Go to Exam

734 Students Passed

92% Average Score

90% Same Questions

Viewing page 4 out of 4 pages

Viewing questions 31-40 out of questions

Questions # 31:

Refer to the exhibit containing the configuration snippets from the FortiGate. Customer requirements:

Question # 31

• SSLVPN Portal must be accessible on standard HTTPS port (TCP/443)

• Public IP address (129.11.1.100) is assigned to portl

• Datacenter.acmecorp.com resolves to the public IP address assigned to portl

The customer has a Let's Encrypt certificate that is going to expire soon and it reports that subsequent attempts to renew that certificate are failing.

Reviewing the requirement and the exhibit, which configuration change below will resolve this issue?

Question # 31

Options:

Option A

Option B

Option C

Option D

Questions # 32:

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.

Which two statements are true regarding the requirements? (Choose two.)

Options:

FortiGate can perform SSH access proxy host-key validation.

You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.

SSH traffic is tunneled between the client and the access proxy over HTTPS

Traffic is discarded as ZTNA does not support SSH connection rules

Questions # 33:

Refer to the exhibit.

Question # 33

A customer has deployed a FortiGate 200F high-availability (HA) cluster that contains & TPM chip. The exhibit shows output from the FortiGate CLI session where the administrator enabled TPM.

Following these actions, the administrator immediately notices that both FortiGate high availability (HA) status and FortiManager status for the FortiGate are negatively impacted.

What are the two reasons for this behavior? (Choose two.)

Options:

The private-data-encryption key entered on the primary did not match the value that the TPM expected.

Configuration for TPM is not synchronized between FortiGate HA cluster members.

The FortiGate has not finished the auto-update process to synchronize the new configuration to FortiManager yet.

TPM functionality is not yet compatible with FortiGate HA.

The administrator needs to manually enter the hex private data encryption key in FortiManager.

Questions # 34:

You are troubleshooting a FortiMail Cloud service integrated with Office 365 where outgoing emails are not reaching the recipients' mail What are two possible reasons for this problem? (Choose two.)

Options:

The FortiMail access control rule to relay from Office 365 servers FQDN is missing.

The FortiMail DKIM key was not set using the Auto Generation option.

The FortiMail access control rules to relay from Office 365 servers public IPs are missing.

A Mail Flow connector from the Exchange Admin Center has not been set properly to the FortiMail Cloud FQDN.

Questions # 35:

A Hub FortiGate is connecting multiple branch FortiGate devices separating the traffic centrally in unique VRFs. Routing information is exchanged using BGP between the Hub and the Branch FortiGate devices.

You want to efficiently enable route leaking of specific routes between the VRFs.

Which two steps are required to achieve this requirement? (Choose two.)

Options:

Create a vdom link between VRF10 and VRF12

Enable Multi-VDOM mode on the Hub FortiGate and add a VDOM to connect VRF10 and VRF12

Enable BGP recursive routing on the HUB FortiGate

Configure route-maps to leak the selected routes using BGP

Questions # 36:

A customer with a FortiDDoS 200F protecting their fibre optic internet connection from incoming traffic sees that all the traffic was dropped by the device even though they were not under a DoS attack. The traffic flow was restored after it was rebooted using the GUI. Which two options will prevent this situation in the future? (Choose two)

Options:

Change the Adaptive Mode.

Create an HA setup with a second FortiDDoS 200F

Move the internet connection from the SFP interfaces to the LC interfaces

Replace with a FortiDDoS 1500F

Questions # 37:

Refer to the exhibit.

Question # 37

You have been tasked with replacing the managed switch Forti Switch 2 shown in the topology.

Which two actions are correct regarding the replacement process? (Choose two.)

Options:

After replacing the FortiSwitch unit, the automatically created trunk name does not change

CLAG-ICL needs to be manually reconfigured once the new switch is connected to the FortiGate

After replacing the FortiSwitch unit, the automatically created trunk name changes.

MCLAG-ICL will be automatically reconfigured once the new switch is connected to the FortiGate.

Questions # 38:

Refer to the exhibits.

Question # 38

A customer wants to deploy 12 FortiAP 431F devices on high density conference center, but they do not currently have any PoE switches to connect them to. They want to be able to run them at full power while having network redundancy

From the FortiSwitch models and sample retail prices shown in the exhibit, which build of materials would have the lowest cost, while fulfilling the customer's requirements?