Fortinet NSE 8 - Recertification Exam (NSE8_813) Free Practice Test

Question 1

Refer to the exhibits.
Configuration

Topology

A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2).
CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.
The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.
Given this scenario, which two configuration tasks must the administrator perform on CL-1?
(Choose two.)

A.

B.

C.

D.

E.

Correct Answer: C,E

Question 2

Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)

A. It requires the use of an Internet browser.

B. It requires the installation of a VPN client.

C. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.

D. Split tunneling is supported.

E. It does not support traffic from third-party network applications.

Correct Answer: B,C,D

Question 3

Refer to the exhibit showing a FortiSOAR playbook.

You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.
What should be your next step?

A. Run the Mark Drive by Download playbook action

B. Reply to the e-mail with the requested Playbook action

C. Go to the Incident Response tasks dashboard and run the pending actions

D. Click on the notification icon on FortiSOAR GUI and run the pending input action

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN.
During a scheduled maintenance window, you make a series of configuration changes.
When the next FortiAnalyzer weekly report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than expected.
What is the reason for this discrepancy?

A. You changed from active-passive to active-active, causing the session traffic counters to become inaccurate.

B. You enabled HA session-pickup, which is turn disabled session accounting.

C. You applied an antivirus profile on some of the policies, and no traffic can be accelerated.

D. You disabled all security profiles on some of the firewall policies, and the traffic matching those policies is now accelerated.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

FortiMail is configured with the protected domain "internal.lab".
Which two envelope addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)

A. MAIL FROM: [email protected]; RCPT TO: [email protected]

B. MAIL FROM: [email protected]; RCPT TO: [email protected]

C. MAIL FROM: [email protected]; RCPT TO: [email protected]

D. MAIL FROM: [email protected]; RCPT TO: [email protected]

Correct Answer: A,B

Question 6

Consider the following configuration setting:

Which two statements about local authentication are true? (Choose two.)

A. The FortiGate will allow the TCP connection when a ClientHello message indicating a renegotiation is received.

B. The user's IP address will be blocked 15 seconds after five login failures.

C. The user will need to re-authenticate after five minutes.

D. The user will be blocked 15 seconds after five login failures.

Correct Answer: B,C

Question 7

Which command detects where a routing path is broken?

A. diag debug route <destination>

B. exec route ping <destination>

C. diag route null

D. exec traceroute <destination>

Correct Answer: D

Question 8

An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.
Which action will reduce the WAN usage by the monitoring system?

A. Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.

B. Install both Supervisor and Collector on each remote site.

C. Install local Collectors on each remote site.

D. Disable real-time log upload on the remote sites.

Correct Answer: C

Question 9

Refer to the exhibit.

Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?

A. The high-risk file will be discarded by attachment analysis.

B. The high-risk file will go to the system quarantine.

C. The high-risk file will be discarded by malware/virus outbreak protection.

D. The high-risk file will be received by the recipient.

Correct Answer: C

Question 10

Refer to the exhibit.

The exhibit shows the topology a customer wants to implement using a flexible authentication scheme. Users connecting from trusted remote locations are authenticated using only their username/password when connecting to the SSLVPN FortiGate in the data center.
When connecting from the Untrusted Clients, users must authenticate using 2-factor authentication.
In this scenario, which RADIUS attribute can be used as a RADIUS policy selector on the FortiAuthenticator to accomplish this goal?

A. Calling-Station-Id

B. Framed-IP-Address

C. Tunnel-Client-Auth-Id

D. Login-IP-Host

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Fortinet NSE 8 - Recertification (NSE8_813) Free Practice Test