Fortinet NSE8_810 - Fortinet Network Security Expert 8 Written Exam (NSE8 810 - FortiOS 5.6) Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Topic 1)
Click the Exhibit button.
You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware.
Referring to the exhibit, which statement is true?
[Fortinet-NSE8-810-1.0/xmlfile-11_1.jpg]
You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware.
Referring to the exhibit, which statement is true?
[Fortinet-NSE8-810-1.0/xmlfile-11_1.jpg]
A. Incoming and outgoing traffic is offloaded.
B. Outgoing traffic is offloaded; you cannot determine if incoming traffic is offloaded at this time.
C. Traffic is not offloaded.
D. Outgoing traffic is offloaded; incoming traffic not offloaded.
Answer: D
Question #7 (Topic: Topic 1)
You want to access the JSON API on FortiManager to retrieve information on an object.
In this scenario, which two methods will satisfy the requirement? (Choose two.)
In this scenario, which two methods will satisfy the requirement? (Choose two.)
A. Make a call with the Web browser on your workstation.
B. Make a call with the SoapUPI API tool on your workstation.
C. Download the WSDL file from FortiManager administration GUI. curl utility on your workstation.
D. Make a call with the
Answer: CD
Question #8 (Topic: Topic 1)
You have a customer with a SCADA environmental control device that is triggering a false-positive IPS alert whenever the device’s Web GUI is accessed. You
cannot seem to create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support.
You need to prevent the false positive IPS alerts from occuring.
In this scenario, which two actions would accomplish this task? (Choose two.)
cannot seem to create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support.
You need to prevent the false positive IPS alerts from occuring.
In this scenario, which two actions would accomplish this task? (Choose two.)
A. Create a very granular firewall policy for that device’s IP address which does not perform IPS scanning.
B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow-based. Exempt action for that device’s IP address.
C. Create a URL filter with the
D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.
Answer: AD
Question #9 (Topic: Topic 1)
Click the Exhibit button.
A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGates to connect to it.
However, FortiGates A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect white site A is
connected, site A is disconnected. The IKE real time debug shows the output in the exhibit when site A is disconnected.
Which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?
[Fortinet-NSE8-810-1.0/xmlfile-14_1.jpg]
set enforce-unique-id disable
A.
set add-route enable
B.
set single-source disable
C.
set route-overlap allow
D.
A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGates to connect to it.
However, FortiGates A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect white site A is
connected, site A is disconnected. The IKE real time debug shows the output in the exhibit when site A is disconnected.
Which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?
[Fortinet-NSE8-810-1.0/xmlfile-14_1.jpg]
set enforce-unique-id disable
A.
set add-route enable
B.
set single-source disable
C.
set route-overlap allow
D.
Answer: D
Question #10 (Topic: Topic 1)
Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?
[Fortinet-NSE8-810-1.0/xmlfile-16_1.jpg]
[Fortinet-NSE8-810-1.0/xmlfile-16_1.jpg]
A. The policy redirects all HTTP URLs to HTTPS.
B. The policy redirects all HTTPS URLs to HTTP.
C. The policy redirects only HTTPS URLs containing ^/(.*)$ string to HTTP.
D. The policy redirects only HTTPS URLs containing ^/(.*)$ string to HTTPS.
Answer: A
