Download Fortinet Network Security Expert 8 Written Exam (NSE8 810 - FortiOS 5.6).NSE8_810.Pass4Sure.2019-02-19.60q.vcex

Vendor:	Fortinet
Exam Code:	NSE8_810
Exam Name:	Fortinet Network Security Expert 8 Written Exam (NSE8 810 - FortiOS 5.6)
Date:	Feb 19, 2019
File Size:	6 MB

Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

Demo Questions

Click the Exhibit button.

You are working on an entry level model FortiGate that has been configured in flow-based inspection mode with various settings optimized for performance. It appears that the main Internet firewall policy is using the antivirus profile labelled default. Your customer has found that some virus samples are not being caught by the FortiGate.

Referring to the exhibit, what is causing the problem?

The set default-db configuration was set to extreme.
The set options scan configuration items should have been changed to set options scan avmonitor.
The default AV profile was modified to use quick scan-mode.
The mobile-malware-db configuration was set to enable.

Correct answer: C

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B.
LAG-1 and LAG-2 should be connected to a single 4-port 802.3ad interface on the FortiGate-A.
LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802.3ad trunk on another device.
LAG-1 and LAG-2 should be connected to a 4-port single 802.3ad trunk on another device.

Correct answer: BC

Click the Exhibit button.

You created a custom health-check for your FortiWeb deployment.

Referring to the output shown in the exhibit, which statement is true?

The FortiWeb must receive an RST packet from the server.
The FortiWeb must receive an HTTP 200 response code from the server.
The FortiWeb must receive an ICMP Echo Request from the server.
The FortiWeb must match the hash value of the page index html.

Correct answer: BC

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.

-E-mail can only be accepted if a valid e-mail account exists.

-Only authenticated users can send e-mails out.

Which two actions will satisfy the requirements? (Choose two.)

Configure recipient address verification.
Configure inbound recipient policies.
Configure outbound recipient policies.
Configure access control rules.

Correct answer: AD

Click the Exhibit button.

Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?

Create an IPsec tunnel with transport-mode encapsulation.
Create an IPsec tunnel with tunnel-mode encapsulation.
Create an IPsec tunnel with VXLAN encapsulation.
Create an IPsec tunnel with VLAN encapsulation.

Correct answer: C

Click the Exhibit button.

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware.

Referring to the exhibit, which statement is true?

Incoming and outgoing traffic is offloaded.
Outgoing traffic is offloaded; you cannot determine if incoming traffic is offloaded at this time.
Traffic is not offloaded.
Outgoing traffic is offloaded; incoming traffic not offloaded.

Correct answer: D

You want to access the JSON API on FortiManager to retrieve information on an object.

In this scenario, which two methods will satisfy the requirement? (Choose two.)

Make a call with the Web browser on your workstation.
Make a call with the SoapUPI API tool on your workstation.
Download the WSDL file from FortiManager administration GUI.
Make a call with the curl utility on your workstation.

Correct answer: CD

You have a customer with a SCADA environmental control device that is triggering a false-positive IPS alert whenever the device’s Web GUI is accessed. You cannot seem to create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support.

You need to prevent the false positive IPS alerts from occuring.

In this scenario, which two actions would accomplish this task? (Choose two.)

Create a very granular firewall policy for that device’s IP address which does not perform IPS scanning.
Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based.
Create a URL filter with the Exempt action for that device’s IP address.
Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.

Correct answer: AD

Click the Exhibit button.

A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGates to connect to it.

However, FortiGates A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect white site A is connected, site A is disconnected. The IKE real time debug shows the output in the exhibit when site A is disconnected.

Which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?

set enforce-unique-id disable
set add-route enable
set single-source disable
set route-overlap allow

Correct answer: D

Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?