Fortinet NSE 8 Written Exam v1.0 (NSE8_812)

Page:    1 / 4   
Total 60 questions

Which two statements are correct on a FortiGate using the FortiGuard Outbreak Protection Service (VOS)? (Choose two.)

  • A. The FortiGuard VOS can be used only with proxy-base policy inspections.
  • B. If third-party AV database returns a match the scanned file is deemed to be malicious.
  • C. The antivirus database queries FortiGuard with the hash of a scanned file
  • D. The AV engine scan must be enabled to use the FortiGuard VOS feature
  • E. The hash signatures are obtained from the FortiGuard Global Threat Intelligence database

Answer : CE

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.
Which two statements are true regarding the requirements? (Choose two.)

  • A. FortiGate can perform SSH access proxy host-key validation.
  • B. You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.
  • C. SSH traffic is tunneled between the client and the access proxy over HTTPS.
  • D. Traffic is discarded as ZTNA does not support SSH connection rules.

Answer : AC

On a FortiGate configured in Transparent mode, which configuration option allows you to control Multicast traffic passing through the device?

  • A.
  • B.
  • C.
  • D.

Answer : C

Refer to the CLI configuration of an SSL inspection profile from a FortiGate device configured to protect a web server:

Based on the information shown, what is the expected behavior when an HTTP/2 request comes in?

  • A. FortiGate will reject all HTTP/2 ALPN headers.
  • B. FortiGate will strip the ALPN header and forward the traffic.
  • C. FortiGate will rewrite the ALPN header to request HTTP/1.
  • D. FortiGate will forward the traffic without modifying the ALPN header.

Answer : A

Refer to the exhibits.

Topology -

Configuration -

The exhibits show a FortiGate network topology and the output of the status of high availability on the FortiGate.
Given this information, which statement is correct?

  • A. The ethertype values of the HA packets are 0x8890, 0x8891, and 0x8892.
  • B. The cluster mode can support a maximum of four (4) FortiGate VMs.
  • C. The cluster members are on the same network and the IP addresses were statically assigned.
  • D. FGVMEVLQOG33WM3D and FGVMEVGCJNHFYI4A share a virtual MAC address.

Answer : C

Refer to the exhibit showing an SD-WAN configuration.

According to the exhibit, if an internal user pings and from subnet, which outgoing interfaces will be used?

  • A. port16 and port1
  • B. port1 and port1
  • C. port16 and port15
  • D. port1 and port15

Answer : C

A customer’s cybersecurity department needs to implement security for the traffic between two VPCs in AWS, but these belong to different departments within the company. The company uses a single region for all their VPCs.
Which two actions will achieve this requirement while keeping separate management of each departments VPC? (Choose two.)

  • A. Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use routing tables to force traffic through the FortiGate cluster.
  • B. Create an IAM account for the cybersecurity department to manage both existing VPC, create a FortiGate HA Cluster on each VPC and IPSEC VPN to force traffic between the VPCs through the FortiGate clusters.
  • C. Migrate all the instances to the same VPC and create IAM accounts for each department, then implement a new subnet for a FortiGate auto-scaling group and use routing tables to force the traffic through the FortiGate cluster.
  • D. Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPC to force routing through the FortiGate cluster.

Answer : AD

Refer to the exhibit containing the configuration snippets from the FortiGate.

Customer requirements:
SSLVPN Portal must be accessible on standard HTTPS port (TCP/443)
Public IP address ( is assigned to port1 resolves to the public IP address assigned to port1
The customer has a Let’s Encrypt certificate that is going to expire soon and it reports that subsequent attempts to renew that certificate are failing.
Reviewing the requirement and the exhibit, which configuration change below will resolve this issue?

  • A.
  • B.
  • C.
  • D.

Answer : D

Refer to the exhibit.
The exhibit shows the forensics analysis of an event detected by the FortiEDR core.
In this scenario, which statement is correct regarding the threat?

  • A. This is an exfiltration attack and has been stopped by FortiEDR
  • B. This is an exfiltration attack and has not been stopped by FortiEDR
  • C. This is a ransomware attack and has not been stopped by FortiEDR
  • D. This is a ransomware attack and has been stopped by FortiEDR

Answer : C

An automation stitch was configured using an incoming webhook as the trigger named ‘my_incoming_webhook’.
The action is configured to execute the CLI Script shown:

The base Curl command starts with: curl -k -x POST -H ‘Authorization: Bearer ’ --data <data> <url>
Which Curl command will successfully work with the configured automation stitch?

  • A. data: ‘{ “hostname”: “bad_host_1”, “ip”: [“”]}’
  • B. data: ‘{ “hostname”: “bad_host_1”, “ip”: “”}’
  • C. data: ‘{ “hostname”: “bad_host_1”, “ip”: [“”]}’
  • D. data: ‘{ “hostname”: “bad_host_1”, “ip”: “”}’

Answer : B

A customer wants to use the FortiAuthenticator REST API to retrieve an SSO group called SalesGroup. The following API call is being made with the ‘curl’ utility:

Which two statements correctly describe the expected behavior of the FortiAuthenticator REST API? (Choose two.)

  • A. Only users with the “Full permission” role can access the REST API
  • B. This API call will fail because it requires that API version 2
  • C. If the REST API web service access key is lost, it cannot be retrieved and must be changed.
  • D. The syntax is incorrect because the API calls needs the get method

Answer : CD

Refer to the exhibit.

A customer has deployed a FortiGate 200F high-availability (HA) cluster that contains a TPM chip. The exhibit shows output from the FortiGate CLI session where the administrator enabled TPM.
Following these actions, the administrator immediately notices that both FortiGate high availability (HA) status and FortiManager status for the FortiGate are negatively impacted.
What are the two reasons for this behavior? (Choose two.)

  • A. The private-data-encryption key entered on the primary did not match the value that the TPM expected.
  • B. Configuration for TPM is not synchronized between FortiGate HA cluster members.
  • C. The FortiGate has not finished the auto-update process to synchronize the new configuration to FortiManager yet.
  • D. TPM functionality is not yet compatible with FortiGate HA.
  • E. The administrator needs to manually enter the hex private data encryption key in FortiManager.

Answer : AB

Refer to the exhibits.

Dictionary -

Recipient -

Topology -

The exhibits show a FortiMail network topology, Inbound configuration settings, and a Dictionary Profile.
You are required to integrate a third-party’s host service ( into the e-mail processing path.
All inbound e-mails must be processed by FortiMail antispam and antivirus with FortiSandbox integration. If the email is clean, FortiMail must forward it to the third-party service, which will send the email back to FortiMail for final delivery. FortiMail must not scan the e-mail again.
Which three configuration tasks must be performed to meet these requirements? (Choose three.)

  • A. Change the scan order in FML-GW to antispam-sandbox-content
  • B. Apply the Catch-All profile to the CF_Inbound profile and configure a content action profile to deliver to the FQDN
  • C. Create an access receive rule with a Sender value of, Recipient value of *, and action value of Safe
  • D. Apply the Catch-All profile to the AS_Inbound profile and configure an access delivery rule to deliver to the host
  • E. Create an IP policy with a Source value of, enable precedence, and place the policy at the top of the list

Answer : ABE

Refer to the exhibit showing a FortiSOAR playbook.

You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.
What should be your next step?

  • A. Go to the Incident Response tasks dashboard and run the pending actions
  • B. Click on the notification icon on FortiSOAR GUI and run the pending input action
  • C. Run the Mark Drive by Download playbook action
  • D. Reply to the e-mail with the requested Playbook action

Answer : A

Review the following FortiGate-6000 configuration excerpt:

Based on the configuration, which statement is correct regarding SNAT source port partitioning behavior?

  • A. It dynamically distributes SNAT source ports to operating FPCs or FPMs.
  • B. It is the default SNAT configuration and preserves active sessions when an FPC or FPM goes down.
  • C. It statically distributes SNAT source ports to operating FPCs or FPMs.
  • D. It equally distributes SNAT source ports across chassis slots.

Answer : C

Page:    1 / 4   
Total 60 questions