Ask Question
Fortinet NSE8_812 Practice Test - Questions Answers, Page 6
List of questions
Question 51
Refer to the exhibit showing a firewall policy configuration.
To prevent unauthorized access of their cloud assets, an administrator wants to enforce authentication on firewall policy ID 1.
What change does the administrator need to make?
Option A
Option B
Option C
Option D
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/238665/authentication-policy-extensions
Question 52
Refer to the exhibit.
A customer wants FortiClient EMS configured to deploy to 1500 endpoints. The deployment will be integrated with FortiOS and there is an Active Directory server.
Given the configuration shown in the exhibit, which two statements about the installation are correct? (Choose two.)
If no client update time is specified on EMS, the user will be able to choose the time of installation if they wish to delay.
A client can be eligible for multiple enabled configurations on the EMS server, and one will be chosen based on first priority
You can only deploy initial installations to Windows clients.
You must use Standard or Enterprise SQL Server rather than the included SQL Server Express
The Windows clients only require 'File and Printer Sharing0 allowed and the rest is handled by Active Directory group policy
Ais correct because if no client update time is specified on EMS, the user will be able to choose the time of installation if they wish to delay. This is because the FortiClient EMS server will not force the installation on the client.
Eis correct because the Windows clients only require 'File and Printer Sharing' allowed and the rest is handled by Active Directory group policy. This is because the Active Directory group policy will configure the Windows clients to automatically install FortiClient and the FortiClient EMS server will only need to push the initial configuration to the clients.
The other options are incorrect. Option B is incorrect because a client can only be eligible for one enabled configuration on the EMS server. Option C is incorrect because you can deploy initial installations to both Windows and macOS clients. Option D is incorrect because you can use the included SQL Server Express to deploy FortiClient EMS.
Deploying FortiClient EMS | FortiClient / FortiOS 7.4.0 - Fortinet Document Library
Configuring FortiClient EMS | FortiClient / FortiOS 7.4.0 - Fortinet Document Library
FortiClient EMS installation requirements | FortiClient / FortiOS 7.4.0 - Fortinet Document Library
https://docs.fortinet.com/document/forticlient/7.0.7/ems-administration-guide/278884/deployment-installers https://docs.fortinet.com/document/forticlient/7.0.7/ems-administration-guide/374506/deploying-forticlient-software-to-endpoints
Question 53
Refer to the exhibit showing FortiGate configurations
FortiManager VM high availability (HA) is not functioning as expected after being added to an existing deployment.
The administrator finds that VRRP HA mode is selected, but primary and secondary roles are greyed out in the GUI The managed devices never show online when FMG-B becomes primary, but they will show online whenever the FMG-A becomes primary.
What change will correct HA functionality in this scenario?
Change the FortiManager IP address on the managed FortiGate to 10.3.106.65.
Make the monitored IP to match on both FortiManager devices.
Unset the primary and secondary roles in the FortiManager CLI configuration so VRRP will decide who is primary.
Change the priority of FMG-A to be numerically lower for higher preference
https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-VRRP-HA-configuration-in-Azure-Public/ta-p/267503 https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-HA-setup-and-troubleshooting/ta-p/222998
Question 54
A remote IT Team is in the process of deploying a FortiGate in their lab. The closed environment has been configured to support zero-touch provisioning from the FortiManager, on the same network, via DHCP options. After waiting 15 minutes, they are reporting that the FortiGate received an IP address, but the zero-touch process failed.
The exhibit below shows what the IT Team provided while troubleshooting this issue:
Which statement explains why the FortiGate did not install its configuration from the FortiManager?
The FortiGate was not configured with the correct pre-shared key to connect to the FortiManager
The DHCP server was not configured with the FQDN of the FortiManager
The DHCP server used the incorrect option type for the FortiManager IP address.
The configuration was modified on the FortiGate prior to connecting to the FortiManager
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-perform-zero-touch-provisioning-with/ta-p/197623
Question 55
Refer to the exhibit.
A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.
How will the sessions be load balanced between server 1 and server 2 during normal operation?
Server 1 will receive 25% of the sessions, Server 2 will receive 75% of the sessions
Server 1 will receive 20% of the sessions, Server 2 will receive 66.6% of the sessions
Server 1 will receive 33.3% of the sessions, Server 2 will receive 66 6% of the sessions
Server 1 will receive 0% of the sessions Server 2 will receive 100% of the sessions
Question 56
Refer to the exhibit, which shows a VPN topology.
The device IP 10.1.100.40 downloads a file from the FTP server IP 192.168.4.50
Referring to the exhibit, what will be the traffic flow behavior if ADVPN is configured in this environment?
All the session traffic will pass through the Hub
The TCP port 21 must be allowed on the NAT Device2
ADVPN is not supported when spokes are behind NAT
Spoke1 will establish an ADVPN shortcut to Spoke2
D is correct because Spoke1 will establish an ADVPN shortcut to Spoke2 when it detects that there is a demand for traffic between them. This is explained in the Fortinet Community article on Technical Tip: Fortinet Auto Discovery VPN (ADVPN) under Summary - ADVPN sequence of events.
Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Fortinet-Auto-Discovery-VPN-ADVPN/ta-p/195698
Question 57
Refer to the exhibits.
A customer has deployed a FortiGate with iBGP and eBGP routing enabled. HQ is receiving routes over eBGP from ISP 2; however, only certain routes are showing up in the routing table-Assume that BGP is working perfectly and that the only possible modifications to the routing table are solely due to the prefix list that is applied on HQ.
Given the exhibits, which two routes will be active in the routing table on the HQ firewall? (Choose two.)
172.16.204.128/25
172.16.201.96/29
172,620,64,27
172.16.204.64/27
The prefix list in the exhibit is configured to match prefixes that are either in the 172.16.204.0/24 subnet or in the 172.62.0.0/16 subnet. The routes that match these prefixes will be active in the routing table on the HQ firewall.
The routes that match the following prefixes will not be active in the routing table:
172.16.201.96/29
172.62.0.64/27
These routes do not match the criteria set by the prefix list.
Prefix lists | FortiGate / FortiOS 7.4.0 - Fortinet Document Library
Configuring BGP | FortiGate / FortiOS 7.4.0 - Fortinet Document Library
Question 58
Refer to the exhibits.
The exhibits show a diagram of a requested topology and the base IPsec configuration.
A customer asks you to configure ADVPN via two internet underlays. The requirement is that you use one interface with a single IP address on DC FortiGate.
In this scenario, which feature should be implemented to achieve this requirement?
Use network-overlay id
Change advpn2 to IKEv1
Use local-id
Use peer-id
A is correct because using network-overlay id allows you to configure multiple ADVPN tunnels on a single interface with a single IP address on the DC FortiGate. This is explained in the FortiGate Administration Guide under ADVPN > Configuring ADVPN > Configuring ADVPN on the hub.
Reference: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/978793/advpn https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/978793/advpn/978794/configuring-advpn
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-case-of-Network-Ids-with-ADVPN-shortcut/ta-p/241025
Question 59
You are creating the CLI script to be used on a new SD-WAN deployment You will have branches with a different number of internet connections and want to be sure there is no need to change the Performance SLA configuration in case more connections are added to the branch.
The current configuration is:
Which configuration do you use for the Performance SLA members?
set members any
set members 0
current configuration already fulfills the requirement
set members all
Performance SLA | FortiGate / FortiOS 7.4.0
Configuring Performance SLA | FortiGate / FortiOS 7.4.0
Question 60
You must configure an environment with dual-homed servers connected to a pair of FortiSwitch units using an MCLAG.
Multicast traffic is expected in this environment, and you should ensure unnecessary traffic is pruned from links that do not have a multicast listener.
In which two ways must you configure the igmps-f lood-traffic and igmps-flood-report settings? (Choose two.)
disable on ICL trunks
enable on ICL trunks
disable on the ISL and FortiLink trunks
enable on the ISL and FortiLink trunks
https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801194/deploying-mclag-topologies
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question