NSE8_810 Online Practice Questions and Answers

Click the Exhibit button.

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware. Referring to the exhibit, which statement is true?

A. Incoming and outgoing traffic is offloaded

B. Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time.

C. Traffic is not offloaded.

D. Outgoing traffic is offloaded: incoming traffic not offloaded.

Exhibit

Click the Exhibit button.

The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device.

Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)

A. Traffic that does match any spp policy will not be inspection by this spp.

B. FortiDDos will not send a SYNACK if a SYN packet is coming from an IP address that is not the legtimate IP (LIP) address table.

C. FortiDooS will start dropping packets as soon as the traffic executed the configured maintain threshold.

D. SYN packets with payloads will be drooped.

You are administrating the FortiGate 5000 and FortiGate 7000 series products. You want to access the HTTPS GU of the blade located n logical slot of the secondary chassis in a high-availability cluster.

Which URL will accomplish this task?

A. https//192.168.1.99.44302

B. https//192.168.1.99.44313

C. https//192.168.1.99.44322

D. https//192.168.1.99.44323

Click to the Exhibit button. You need to apply the security features below to the network shown in the exhibit. -high grade DDoS protection -Web security and load balancing for Server1 and Server2 -Solution must be PCI DSS compliant -Enhanced security to DNS 1 and DNS 2

What are three solutions for this scenario? (Choose three.)

A. FortiWeb forVDOM-A

B. FortDDoS between FG1 and FG2 and the Internet

C. FortiADC for VDOM-A

D. FortADC for VDoM-B

E. FortiDDoS between FG1 and FG2 and VDOMs

Click the exhibit button.

A FortiGate device is configured to authenticate SSL VPN users using digital certificates. Part of the

FortiGate configuration is shown in the exhibit.

Which two statements are true in this scenario? (Choose two.)

A. The authentication will fail if the OCSP server is down.

B. OCSP is used to verify that the user-signed certificate has not expired.

C. The authentication will fail if the certificate does not contain user principle name (UPN) information.

D. The authentication will fail if the user certificate does not contain the CA_Cert string in the Failed.

Exhibit Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?

A. The policy redirects all HTTP URLs to HTTPS.

B. The policy redirects all HTTPS URLs to HTTP.

C. The policy redirects only HTTPS URLs containing the ^/ (. *) S string to HTTP.

D. The pokey redirects only HTTP URLs containing the^/ ( .*)S string to HTTPS.

You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris.

Which prevention mode on FortiDDoS will protect you against this specific type of attack?

A. aggressive aging mode

B. rate limiting mode

C. blocking mode

D. asymmetric mode

Click the exhibit.

You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.

In this scenario, which command will solve this problem?

A. config system interface edit Agg1 set min-links 2 end

B. config system interface edit Agg1 set weight 2 end

C. config system interface edit Agg1 set Algorithm L4 end

D. config system interface edit Agg1 set lacp-mode active end

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

A. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B

B. LAG-1 and LAG 2 should be connected to a single 4-port 802 3ad interface on the FortiGate-A.

C. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802 3ad trunk on another device.

D. LAG-1 and LAG-2 should be connected to a 4-port single 802 3ad trunk on another device.

Click the Exhibit button.

Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate 瑽 to reach the server.

Which two actions satisfy this requirement? (Choose two.)

A. Use Kerberos authentication.

B. FortiGate-A must generate a RADUIS accounting packets.

C. Use FortiAuthenticator.

D. Use the Collector Agent.