Fortinet Network Security Expert 8 Written Exam v8.0 (NSE8)

Page:    1 / 5   
Total 71 questions

The dashboard widget indicates that FortiGuard Web Filtering is not reachable. However,
AntiVirus, IPS, and Application Control have no problems as shown in the exhibit.


You contacted Fortinets customer service and discovered that your FortiGuard Web
Filtering contract is still valid for several months.
What are two reasons for this problem? (Choose two.)

  • A. You have another security device in front of FortiGate blocking ports 8888 and 53.
  • B. FortiGuard Web Filtering is not enabled in any firewall policy.
  • C. You did not enable Web Filtering cache under Web Filtering and E-mail Filtering Options.
  • D. You have a firewall policy blocking ports 8888 and 53.


Answer : B,D

Explanation:
If Web filtering shows unreachable then we have to verify, whether web filtering enabled in security policies or not.
Web filtering enabled in a policy but the port 8888 and 53 are not selected, means the policy blocking the ports.
References:


You are installing a new FortiAP as shown in the exhibit, however, the FortiAP cannot discover the FortiGate. The FortiAP obtained an IP from the DHCP server and is reachable.
Which two configurations will resolve the problem? (Choose two.)

  • A.
  • B.
  • C.
  • D.


Answer : B,D

Explanation:
https://forum.fortinet.com/tm.aspx?m=112739

You are asked to write a FortiAnalyzer report that lists the session that has consumed the most bandwidth. You are required to include the source IP, destination IP, application, application category, hostname, and total bandwidth consumed.
Which dataset meets these requirements?

  • A. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(sentbyte, 0) +coalesce(recbyte , 0)) as bandwidth from $log where $filter LIMIT 1
  • B. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(sentbyte, 0) +coalesce(recbyte, 0)) as bandwidth from $log where $filter LIMIT 1
  • C. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce(sentbyte, 0) +coalesce(rcvdbyte, 0)) as bandwidth from $log where $filter LIMIT 1
  • D. select from_itime(itime) as timestamp, sourceip, destip, app, appcat, hostname, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log where $filter LIMIT 1


Answer : C

Explanation:
References:
http://docs.fortinet.com/uploaded/files/2617/fortianalyzer-5.2.4-dataset-reference.pdf

You are an administrator of FortiGate devices that use FortiManager for central management. You need to add a policy on an ADOM, but upon selecting the ADOM drop- down list, you notice that the ADOM is in locked state. Workflow mode is enabled on your
FortiManager to define approval or notification workflow when creating and installing policy changes.
What caused this problem?

  • A. Another administrator has locked the ADOM and is currently working on it.
  • B. There is pending approval waiting from a previous modification.
  • C. You need to use set workspace-mode workflow on the CLI.
  • D. You have read-only permission on Workflow Approve in the administrator profile.


Answer : D

Explanation:
http://docs.fortinet.com/uploaded/files/2250/FortiManager-5.2.1-Administration-Guide.pdf

Given the following FortiOS 5.2 commands:


Which vulnerability is being addresses when managing FortiGate through an encrypted management protocol?

  • A. Remote Exploit Vulnerability in Bash (ShellShock)
  • B. Information Disclosure Vulnerability in OpenSSL (Heartbleed)
  • C. SSL v3 POODLE Vulnerability
  • D. SSL/TLS MITM vulnerability (CVE-2014-0224)


Answer : C

Explanation:
References:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36913

A customer is authenticating users using a FortiGate and an external LDAP server. The
LDAP user, John Smith, cannot authenticate. The administrator runs the debug command diagnose debug application fnbamd 255 while John Smith attempts the authentication:
Based on the output shown in the exhibit, what is causing the problem?


  • A. The LDAP administrator password in the FortiGate configuration is incorrect.
  • B. The user, John Smith, does have an account in the LDAP server.
  • C. The user, John Smith, does not belong to any allowed user group.
  • D. The user, John Smith, is using an incorrect password.


Answer : A

Explanation:
Fortigate not binded with LDAP server because of failed authentication.
References:

Which Fortinet product is used for antispam protection?

  • A. FortiSwitch
  • B. FortiGate
  • C. FortiWeb
  • D. FortiDB


Answer : B

You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any interface.
Which statement about your implementation is true?

  • A. FortiGate populates the MAC address table based on destination addresses of frames received from all 10 VLANs.
  • B. There will be no impact on the STP protocol.
  • C. All 10 VLANs will become a single broadcast domain for the ARP request.
  • D. The ARP request will not be forwarded across the different VLANs domains.


Answer : C

Explanation:
References:
http://kb.fortinet.com/kb/viewAttachment.do?attachID=Fortigate_Transparent_Mode_Techn ical_Guide_FortiOS_4_0_version1.2.pdf&documentID=FD33113

A company wants to protect against Denial of Service attacks and has launched a new project. They want to block the attacks that go above a certain threshold and for some others they are just trying to get a baseline of activity for those types of attacks so they are letting the traffic pass through without action. Given the following:
- The interface to the Internet is on WAN1.
- There is no requirement to specify which addresses are being protected or protected from.
- The protection is to extend to all services.
- The tcp_syn_flood attacks are to be recorded and blocked.
- The udp_flood attacks are to be recorded but not blocked.
- The tcp_syn_flood attacks threshold is to be changed from the default to 1000.
The exhibit shows the current DoS-policy.


Which policy will implement the project requirements?

  • A.
  • B.
  • C.
  • D.


Answer : B,D

Explanation:
B&D both have same policy which fulfills the above criteria.
http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-
52/Examples/Example-%20DoS%20Policy.htm

You notice that your FortiGates memory usage is very high and that the units performance is adversely affected. You want to reduce memory usage.
Which three commands would meet this requirement? (Choose three.)

  • A.
  • B.
  • C.
  • D.
  • E.


Answer : A,D,E

You are asked to design a secure solution using Fortinet products for a company. The company recently has Web servers that were exploited and defaced. The customer has also experienced Denial or Service due to SYN Flood attacks. Taking this into consideration, the customers solution should have the following requirements:
- management requires network-based content filtering with man-in-the-middle inspection
- the customer has no existing public key infrastructure but requires centralized certificate management
- users are tracked by their active directory username without installing any software on their hosts
- Web servers that have been exploited need to be protected from the OWASP Top 10
- notification of high volume SYN Flood attacks when a threshold has been triggered
Which three solutions satisfy these requirements? (Choose three.)

  • A. FortiGate
  • B. FortiClient
  • C. FortiWeb
  • D. FortiAuthenticator
  • E. FortiDDOS


Answer : A,C,E

The FortiGate is used as an IPsec gateway at a branch office. Two tunnels, tunA and tunB, are established between this FortiGate and the headquarters IPsec gateway. The branch offices subnet is 10.1.1.0/24. The headquarters subnet is 10.2.2.0/24. The desired usage for tunA and tunB has been defined as follows:
- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 must be routed out over tunA when tunA is up
- sessions initiated from 10.1.1.0/24 to 10.2.2.0/24 have to be routed out over tunB when tunA is down
- sessions initiated from 10.2.2.0/24 can ingress either on tunA or on tunB
Which static routing configuration meets the requirements?

  • A.
  • B.
  • C.
  • D.


Answer : C

Which command detects where a routing path is broken?

  • A. exec traceroute <destination>
  • B. exec route ping <destination>
  • C. diag route null
  • D. diag debug route <destination>


Answer : A

Which command syntax would you use to configure the serial number of a FortiGate as its host name?

  • A.
  • B.
  • C.
  • D.


Answer : A,B

Explanation:
References:
http://defadhil.blogspot.in/2014/04/how-to- protect-fortigate- from.html

A university is looking for a solution with the following requirements:
- wired and wireless connectivity
- authentication (LDAP)
- Web filtering, DLP and application control
- data base integration using LDAP to provide access to those students who are up-to-date with their monthly payments
- support for an external captive portal
Which solution meets these requirements?

  • A. FortiGate for wireless controller and captive portalFortiAP for wireless connectivityFortiAuthenticator for user authentication and REST API for DB integrationFortiSwitch for PoE connectivityFortiAnalyzer for log and report
  • B. FortiGate for wireless controllerFortiAP for wireless connectivityFortiAuthenticator for user authentication, captive portal and REST API for DB integrationFortiSwitch for PoE connectivityFortiAnalyzer for log and report
  • C. FortiGate for wireless control and user authenticationFortiAuthenticator for captive portal and REST API for DB integrationFortiAP for wireless connectivityFortiSwitch for PoE connectivityFortiAnalyzer for log and report
  • D. FortiGate for wireless controllerFortiAP for wireless connectivity and captive portalFortiSwitch for PoE connectivityFortiAuthenticator for user authentication and REST API for DB integrationFortiAnalyzer for log and reports


Answer : A

Page:    1 / 5   
Total 71 questions