Fortinet NSE8 - Fortinet Network Security Expert 8 Written Exam Exam
Page: 2 / 13
Total 65 questions
Question #6 (Topic: )
Your NOC contracts the security team due to a problem with a new application flow. You
are instructed to disable hardware acceleration for the policy shown in the exhibit for
troubleshooting purposes.
[Fortinet-NSE8-8.0/Fortinet-NSE8-6_2.png]
Which command will disable hardware acceleration for the new application policy?
are instructed to disable hardware acceleration for the policy shown in the exhibit for
troubleshooting purposes.
[Fortinet-NSE8-8.0/Fortinet-NSE8-6_2.png]
Which command will disable hardware acceleration for the new application policy?
A.
B.
C.
D.
Answer: D
Question #7 (Topic: )
[Fortinet-NSE8-8.0/Fortinet-NSE8-7_2.png]
Referring to the exhibit, you want to know if aggregating port7 and port22 will work.
Which statement is correct?
Referring to the exhibit, you want to know if aggregating port7 and port22 will work.
Which statement is correct?
A. Yes, LACP is supported on all ports regardless if they are connected to the same NP6.
B. No, LACP is not supported on NP6 platforms.
C. No, LACP is only supported on ports connected to the same NP6.
D. Yes, LACP is supported on ports that are linked together with integrated Switch Fabric.
Answer: C
Question #8 (Topic: )
[Fortinet-NSE8-8.0/Fortinet-NSE8-9_2.png]
The wireless controller diagnostic output is shown in the exhibit.
Which three statements are true? (Choose three.)
The wireless controller diagnostic output is shown in the exhibit.
Which three statements are true? (Choose three.)
A. Firewall policies using device types are blocking Android devices.
B. An access control list applied to the VAP interface blocks Android devices.
C. This is a CAPWAP control channel diagnostic command.
D. There are no wireless clients connected to the guest wireless network.
E. The “src-vis” process is active on the staff wireless network VAP interface.
Answer: A,C,D
Question #9 (Topic: )
Your marketing department uncompressed and executed a file that the whole department
received using Skype.
[Fortinet-NSE8-8.0/Fortinet-NSE8-10_2.png]
Reviewing the exhibit, which two details do you determine from your initial analysis of the
payload?
received using Skype.
[Fortinet-NSE8-8.0/Fortinet-NSE8-10_2.png]
Reviewing the exhibit, which two details do you determine from your initial analysis of the
payload?
A. The payload contains strings that the malware is monitoring to harvest credentials.
B. This is a type of Trojan that will download and pirate movies using your Netflix credentials.
C. This type of threat of a DDoS attack using instant messaging to send e-mails to further spread the infection.
D. This threat payload is uploading private user videos which are then used to extort Bitcoin payments.
Answer: B
Question #10 (Topic: )
A caf offers free Wi-Fi. Customers portable electronic devices often do not have antivirus
software installed and may be hosting worms without their knowledge. You must protect all
customers from any other customers infected devices that join the same SSID.
Which step meets the requirement?
software installed and may be hosting worms without their knowledge. You must protect all
customers from any other customers infected devices that join the same SSID.
Which step meets the requirement?
A. Enable deep SSH inspection with antivirus and IPS.
B. Use a captive portal to redirect unsecured connections such as HTTP and SMTP to their secured equivalents, preventing worms on infected clients from tampering with other customer traffic.
C. Use WPA2 encryption and configure a policy on FortiGate to block all traffic between clients.
D. Use WPA2 encryption, and enable “Block Intra-SSID Traffic”.
Answer: B
