Fortinet NSE 8 Written Exam v1.0 (NSE8-811)

Page:    1 / 4   
Total 60 questions

In a FortiGate 5000 series, two FortiControllers are working as an SLBC cluster in a-p mode. The configuration shown below is applied.


Which statement is true on how new TCP sessions are handled by the Distributor Processor (DP)?

  • A. The new session added in the DP session table is automatically deleted, if the traffic is denied by the processing worker.
  • B. No new session is added in the DP session table until the processing worker accepts the traffic.
  • C. A new session added in the DP session table remains in the table even if the traffic is denied by the processing worker.
  • D. A new session added in the DP session table remains in the table only if traffic is accepted by the processing worker.


Answer : C

An administrator reports continuous high CPU utilization on a FortiGate device due to the IPS engine. Consider the global IPS configuration shown below.


Which two configuration actions will reduce the CPU usage? (Choose two.)

  • A. Reduce the number of packets being logged.
  • B. Increase engine-count to 2.
  • C. Enable intelligent mode.
  • D. Disable fail open.


Answer : AC

Refer to the exhibit.


You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware.
Referring to the exhibit, which statement is true?

  • A. Outgoing traffic is offloaded; you cannot determine if incoming traffic is offloaded at this time.
  • B. Outgoing traffic is offloaded; incoming traffic not offloaded.
  • C. Incoming and outgoing traffic is offloaded.
  • D. Traffic is not offloaded.


Answer : B

Refer to the exhibit.


You have installed a FortiSandbox and configured it in your FortiMail.
Referring to the exhibit, which two statements are correct? (Choose two.)

  • A. If FortiMail is not able to obtain the results from the FortiGuard queries, URIs will not be checked by the FortiSandbox.
  • B. FortiMail will cache the results for 30 minutes
  • C. If the FortiSandbox with IP 10.10.10.3 is not available, the e-mail will be checked by the FortiCloud Sandbox.
  • D. FortiMail will wait up to 30 minutes to obtain the scan results.


Answer : AD

A FortiGate with the default configuration shown below is deployed between two IP telephones. FortiGate receives the INVITE request shown in the exhibit from
Phone A (internal) to Phone B (external).
NVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 10.31.101.20:5060
From: PhoneA <sip:[email protected]>
To: PhoneB <sip:[email protected]>

Call-ID: [email protected] -

CSeq: 1 INVITE -
Contact: sip:[email protected]
v=0
o=PhoneA 5462346 332134 IN IP4 10.31.101.20
c=IN IP4 10.31.101.20
m=audio 49170 RTP 0 3
Which two statements are correct after the FortiGate receives the packet? (Choose two.)

  • A. NAT takes place only in the SIP application layer.
  • B. A pinhole will be opened to accept traffic sent to the FortiGate WAN IP address.
  • C. NAT takes place at both the network and SIP application layers.
  • D. A pinhole is not required to accept traffic sent to the FortiGate WAN IP address.


Answer : BC

Refer to the exhibit.


You have two data centers with a FortiGate 7000-series chassis connected by VPN. All traffic flows over an established generic routing encapsulation (GRE) tunnel between them. You are troubleshooting traffic that is traversing between Server VLAN A and Server VLAN B. The performance is lower than expected and you notice all traffic is only going through the FPM in slot 3 while nothing through the FPM in slot 4.
Referring to the exhibit, which statement is true?

  • A. Removing traffic shaping from the firewall policy allowing this traffic will allow for load-balancing to the other module.
  • B. Changing the algorithm to take source IP, destination IP and port into account will load balance this traffic to the other module.
  • C. There is no way to load-balance the traffic in this scenario.
  • D. Configuring a load-balance flow-rule in the CLI will load-balance this traffic.


Answer : D

Refer to the exhibit.


A customer is using dynamic routing to exchange the default route between two FortiGate devices using OSPFv2. The output of the get router info ospf neighbor command shows that the neighbor is up, but the default route does not appear in the routing neighbor shown below.

According to the exhibit, what is causing the problem?

  • A. FG2 is within the wrong OSPF area.
  • B. OSPF requires the redistribution of connected networks.
  • C. There is an OSPF interface network-type mismatch.
  • D. A prefix for the default route is missing.


Answer : C

Refer to the exhibit.


Referring to the firewall polices shown in exhibit, which two statements are true? (Choose two.)

  • A. The IPv4 policy is allowing security profile groups.
  • B. The IPv6 traffic for nse8user is filtered using the DNS profile.
  • C. The IPv4 traffic for nse8user is filtered using the DNS profile.
  • D. The Web traffic for nse8user is being filtered differently in IPv4 and IPv6.


Answer : BC

Refer to the exhibit.


Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?

  • A. The high-risk file will be discarded by attachment analysis.
  • B. The high-risk file will go to the system quarantine.
  • C. The high-risk file will be received by the recipient.
  • D. The high-risk file will be discarded by malware/virus outbreak protection.


Answer : D

Consider the following VDOM configuration:


In which two ways can you establish communication between an existing NAT VDOM and a new transparent VDOM? (Choose two.)

  • A. Set the set ip 10.10.10.1 command to vlink2l.
  • B. Set the set ip 10.10.10.1 command to vlink20.
  • C. Set type ppp to the vdom-link, vlink2.
  • D. Set type ethernet to the vdom-link, vlink2.


Answer : BD

Refer to the exhibit.


You log into FortiManager, access the Device Manager window and notice that one of the managed devices is not in normal status.
Referring to the exhibit, which two statements correctly describe the status and result of the affected device? (Choose two.)

  • A. The device configuration was changed on the local FortiGate side only; auto-update is disabled.
  • B. The changed configuration on the FortiGate will remain the next time that the device configuration is pushed from FortiManager.
  • C. The device configuration was changed on both the local FortiGate side and the FortiManager side; auto-update is disabled.
  • D. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiManager the next time that the device configuration is pushed.


Answer : CD

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below. "¢ E-mails can only be accepted if a valid e-mail account exists. "¢ Only authenticated users can send e-mails out.
Which two actions will satisfy the requirements? (Choose two.)

  • A. Configure recipient address verification.
  • B. Configure inbound recipient policies.
  • C. Configure outbound recipient policies.
  • D. Configure access control rules.


Answer : AD

Refer to the exhibit.


The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device.
Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)

  • A. Traffic that does not match any SPP policy will be inspected by this SPP.
  • B. FortiDDoS will not send a SYN/ACK if a SYN packet is coming from an IP address that is not in the legitimate IP (LIP) address table.
  • C. FortiDDoS will start dropping packets as soon as the traffic exceeds the configured minimum threshold.
  • D. SYN packets with payloads will be dropped.


Answer : AD

FortiMail is configured with the protected domain "internal.lab".
Which two envelope addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)



Answer : BC


Anti-Virus Real-Time Protection is enabled without any exclusions.
Referring to the exhibit, which two behaviors will the FortiClient endpoint have after receiving the profile update from the FortiClient EMS? (Choose two.)

  • A. Access to a downloaded file will always be allowed after 60 seconds when the FortiSandbox is reachable.
  • B. The user will not be able to access a downloaded file for a maximum of 60 seconds if it is not a virus and the FortiSandbox is reachable.
  • C. Files executed from a mapped network drive will not be inspected by the FortiClient endpoint AntiVirus engine.
  • D. If the Real-Time Protection does not detect a virus, the user will be able to access a downloaded file when the FortiSandbox is unreachable.


Answer : AB

Page:    1 / 4   
Total 60 questions