Network Security Expert

[PDF and VCE] Format for Free NSE8_811 Dumps With Exam Questions Download

Tens of thousands of competitors, pages of hard questions and unsatisfied exam preparation situations… Do not worried about all those annoying things! We, help you with your Network Security Expert Newest NSE8_811 practice Fortinet NSE 8 Written Exam (NSE8_811) exam. We will assist you clear the Jul 03,2022 Hotest NSE8_811 exam questions exam with Network Security Expert NSE8_811 actual tests. We NSE8_811 vce are the most comprehensive ones.

We Geekcert has our own expert team. They selected and published the latest NSE8_811 preparation materials from Official Exam-Center.

The following are the NSE8_811 free dumps. Go through and check the validity and accuracy of our NSE8_811 dumps.If you need to check sample questions of the NSE8_811 free dumps, go through the Q and As from NSE8_811 dumps below.

Question 1:

Refer to the exhibit.

The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met:

20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices The FortiGate HA must be in AP mode

Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)

A. Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

B. Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

C. Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

D. Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

Correct Answer: AC


Question 2:

You want to manage a FortiGate with the FortiCloud service. The FortiGate shows up in your list of devices on the FortiCloud Web site, but all management functions are either missing or grayed out.

Which statement is correct in this scenario?

A. The management tunnel mode on the managed FortiGate must be changed to normal.

B. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud.

C. The managed FortiGate requires that a FortiCloud management license be purchased and applied.

D. You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard.

Correct Answer: D


Question 3:

Refer to the exhibit.

The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?

A. The policy redirects all HTTPS URLs to HTTP.

B. The policy redirects all HTTP URLs to HTTPS.

C. The policy redirects only HTTP URLs containing the ^/(.*)$ string to HTTPS.

D. The policy redirects only HTTPS URLs containing the ^/(.*)$ string to HTTP.

Correct Answer: B


Question 4:

You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as

Slowloris.

Which prevention mode on FortiDDoS will protect you against this specific type of attack?

A. asymmetric mode

B. aggressive aging mode

C. rate limiting mode

D. blocking mode

Correct Answer: B


Question 5:

You want to access the JSON API on FortiManager to retrieve information on an object. In this scenario, which two methods will satisfy the requirement? (Choose two.)

A. Download the WSDL file from FortiManager administration GUI.

B. Make a call with the curl utility on your workstation.

C. Make a call with the SoapUI API tool on your workstation.

D. Make a call with the Web browser on your workstation.

Correct Answer: AC


Question 6:

Refer to the exhibit.

You created a custom health-check for your FortiWeb deployment. Given the output shown in the exhibit, which statement is true?

A. The FortiWeb must receive an RST packet from the server.

B. The FortiWeb must receive an HTTP 200 response code from the server.

C. The FortiWeb must match the hash value of the page index.html.

D. The FortiWeb must receive an ICMP Echo Request from the server.

Correct Answer: B


Question 7:

Refer to the exhibit.

You created an aggregate interface between a FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds 1 Gbps and employees are reporting that the network is slow. After troubleshooting, you notice that only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.

In this scenario, which command will solve this problem?

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: A


Question 8:

Refer to the exhibit.

A FortiGate device is configured to authenticate SSL VPN users using digital certificates. A partial FortiGate configuration is shown in the exhibit.

Referring to the exhibit, which two statements about this configuration are true? (Choose two.)

A. The authentication will fail if the user certificate does not contain the user principal name (UPN) information.

B. The authentication will fail if the user certificate does not contain the CA_Cert string in the CA field.

C. The authentication will fail if the OCSP server is down.

D. OCSP is used to verify that the user-signed certificate has not expired.

Correct Answer: AC


Question 9:

Refer to the exhibit.

A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGate devices to connect to it. However, FortiGate A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect while site A is connected, site A is disconnected. The IKE real-time debug shows the output in the exhibit when site A is disconnected.

Referring to the exhibit, which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?

A. set route-overlap allow

B. set single-source disable

C. set enforce-unique-id disable

D. set add-route enable

Correct Answer: A


Question 10:

A customer wants to enable SYN flood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source IP address. Which SYN flood mitigation mode must the customer use?

A. SYN retransmission

B. SYN/ACK cookie

C. SYN cookie

D. ACK cookie

Correct Answer: C


Question 11:

Refer to the exhibit.

You configured AV and Web filtering for your outgoing Internet connections. You later notice that not all Web sessions are being inspected and you start troubleshooting the problem.

Referring to the exhibit, what can be causing this problem?

A. The Web session is using QUIC which is not inspected by the FortiGate.

B. There are problems with the connection to the Web filter servers, therefore the Web session cannot be categorized.

C. The SSL inspection options are not set to deep inspection.

D. Web filtering is not licensed; therefore, no inspection occurs.

Correct Answer: A


Question 12:

You are administering the FortiGate 5000 and FortiGate 7000 series products. You want to access the HTTPS GUI of the blade located in logical slot 3 of the secondary chassis in a high-availability cluster.

Which URL will accomplish this task?

A. https://192.168.1.99:44322

B. https://192.168.1.99:44323

C. https://192.168.1.99:44313

D. https://192.168.1.99:44302

Correct Answer: B


Question 13:

You cannot ping the FortiGate default gateway 10.10.10.1 from the FortiGate CLI. The FortiGate interface facing the default gateway is wan1 and its IP address is 10.10.10.254/24. During the initial troubleshooting tests, you confirm that you can ping other IP addresses in the 10.10.10.0/24 subnet from the FortiGate CLI without packets lost.

Which two CLI commands will help you to troubleshoot this problem? (Choose two.)

A. diagnose debug flow filter saddr 10.10.10.1 diagnose debug flow trace start 10

B. diagnose hardware deviceinfo nic wan1

C. diagnose ip arp list

D. diag sniffer packet wan1 \’arp and host 10.10.10.1\’

Correct Answer: AC


Question 14:

An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.

Which action will reduce the WAN usage by the monitoring system?

A. Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.

B. Install both Supervisor and Collector on each remote site.

C. Install local Collectors on each remote site.

D. Disable real-time log upload on the remote sites.

Correct Answer: C


Question 15:

Refer to the exhibit.

As shown in the exhibit, a FortiADC is load-balancing IPv4 traffic between two next-hop routers. The FortiADC does not know the IP addresses of the servers. Also, the FortiADC is doing Layer 7 content inspection and modification.

In this scenario, which application delivery control is configured in the FortiADC?

A. Layer 3

B. Layer 4

C. Layer 7

D. Layer 2

Correct Answer: D