Download Fortinet NSE 8 - Written Exam.NSE8_812.CertDumps.2023-07-05.20q.tqb

Vendor: Fortinet
Exam Code: NSE8_812
Exam Name: Fortinet NSE 8 - Written Exam
Date: Jul 05, 2023
File Size: 14 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Refer to the exhibits. 
Exhibit A 
 
Exhibit B 
 
Exhibit C 
 
A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C 
Referring to the exhibits, which configuration will restore VPN connectivity? 
Correct answer: B
Explanation:
The VPN configuration shown in Exhibit C is a baseline VPN configuration that uses IKEv2 with preshared keys and AES256 encryption for both IKE and ESP phases. However, this configuration does not match the output shown in Exhibit A and B, which indicate that IKEv1 is used with RSA signatures and AES128 encryption for both IKE and ESP phases. Therefore, to restore VPN connectivity, the configuration needs to be modified to match these parameters. Option B shows the correct configuration that matches these parameters. Option A is incorrect because it still uses IKEv2 instead of IKEv1. Option C is incorrect because it still uses pre-shared keys instead of RSA signatures. Option D is incorrect because it still uses AES256 encryption instead of AES128 encryption. Reference:https://docs.fortinet.com/document/fortigate/7.0.0/cookbook/19662/ipsec-vpn-with-forticlient
The VPN configuration shown in Exhibit C is a baseline VPN configuration that uses IKEv2 with preshared keys and AES256 encryption for both IKE and ESP phases. However, this configuration does not match the output shown in Exhibit A and B, which indicate that IKEv1 is used with RSA signatures and AES128 encryption for both IKE and ESP phases. Therefore, to restore VPN connectivity, the configuration needs to be modified to match these parameters. Option B shows the correct configuration that matches these parameters. Option A is incorrect because it still uses IKEv2 instead of IKEv1. Option C is incorrect because it still uses pre-shared keys instead of RSA signatures. Option D is incorrect because it still uses AES256 encryption instead of AES128 encryption. 
Reference:
https://docs.fortinet.com/document/fortigate/7.0.0/cookbook/19662/ipsec-vpn-with-forticlient
Question 2
An HA topology is using the following configuration:
 
Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?
  1. 600ms
  2. 200ms 
  3. 300ms
  4. 100ms
Correct answer: C
Explanation:
The HA topology shown in the exhibit is using link monitoring with two heartbeat interfaces (port3 and port5) and a heartbeat interval of 100ms. Link monitoring is a feature that allows HA failover to occur when one or more monitored interfaces fail or become disconnected. The heartbeat interval is the time between each heartbeat packet sent by an HA cluster unit to other cluster units through heartbeat interfaces. The failover time is determined by multiplying the heartbeat interval by three (the default deadtime value). Therefore, in this case, the failover time is 100ms x 3 = 300ms. Reference:https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/647723/linkmonitoring-and-ha-failover-time
The HA topology shown in the exhibit is using link monitoring with two heartbeat interfaces (port3 and port5) and a heartbeat interval of 100ms. Link monitoring is a feature that allows HA failover to occur when one or more monitored interfaces fail or become disconnected. The heartbeat interval is the time between each heartbeat packet sent by an HA cluster unit to other cluster units through heartbeat interfaces. The failover time is determined by multiplying the heartbeat interval by three (the default deadtime value). Therefore, in this case, the failover time is 100ms x 3 = 300ms. 
Reference:
https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/647723/linkmonitoring-and-ha-failover-time
Question 3
Refer to the exhibit. 
 
You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:
 
FGT_1 and FGT_3 are configured with the default setting. Which statement is true for the synchronization of fabric-objects?
  1. Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.
  2. Objects from the root FortiGate will only be synchronized to FGT__2.
  3. Objects from the root FortiGate will not be synchronized to any downstream FortiGate.
  4. Objects from the root FortiGate will only be synchronized to FGT_3.
Correct answer: A
Explanation:
The security fabric shown in the exhibit consists of three FortiGate devices connected in a hierarchical topology, where FGT_1 is the root device, FGT_2 is a downstream device, and FGT_3 is a downstream device of FGT_2. FGT_2 has a configuration setting that enables fabric-object synchronization for all objects except firewall policies and firewall policy packages (set sync-fabricobjects enable). Fabric-object synchronization is a feature that allows downstream devices to synchronize their objects (such as addresses, services, schedules, etc.) with their upstream devices in a security fabric. This simplifies object management and ensures consistency across devices. Therefore, in this case, objects from FGT_2 will be synchronized to FGT_1 (the upstream device), but not to FGT_3 (the downstream device). Objects from FGT_1 will not be synchronized to any downstream device because the default setting for fabric-object synchronization is disabled. Objects from FGT_3 will not be synchronized to any device because it does not have fabric-object synchronization enabled. Reference:https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/19662/fabric-objectsynchronization
The security fabric shown in the exhibit consists of three FortiGate devices connected in a hierarchical topology, where FGT_1 is the root device, FGT_2 is a downstream device, and FGT_3 is a downstream device of FGT_2. FGT_2 has a configuration setting that enables fabric-object synchronization for all objects except firewall policies and firewall policy packages (set sync-fabricobjects enable). Fabric-object synchronization is a feature that allows downstream devices to synchronize their objects (such as addresses, services, schedules, etc.) with their upstream devices in a security fabric. This simplifies object management and ensures consistency across devices. 
Therefore, in this case, objects from FGT_2 will be synchronized to FGT_1 (the upstream device), but not to FGT_3 (the downstream device). Objects from FGT_1 will not be synchronized to any downstream device because the default setting for fabric-object synchronization is disabled. Objects from FGT_3 will not be synchronized to any device because it does not have fabric-object synchronization enabled. 
Reference:
https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/19662/fabric-objectsynchronization
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!