Practice Free NSE8_812 Exam Online Questions

Question #1

You want to use the MTA adapter feature on FortiSandbox in an HA-Cluster.

Which statement about this solution is true?

A . The configuration of the MTA Adapter Local Interface is different than on port1.
B . The MTA adapter is only available in the primary node.
C . The MTA adapter mode is only detection mode.
D . The configuration is different than on a standalone device.

Reveal Solution Hide Solution

Question #2

Review the following FortiGate-6000 configuration excerpt:

Based on the configuration, which statement is correct regarding SNAT source port partitioning behavior?

A . It dynamically distributes SNAT source ports to operating FPCs or FPMs.
B . It is the default SNAT configuration and preserves active sessions when an FPC or FPM goes down.
C . It statically distributes SNAT source ports to operating FPCs or FPMs
D . It equally distributes SNAT source ports across chassis slots.

Reveal Solution Hide Solution

Question #3

Refer to the exhibit showing an SD-WAN configuration.

According to the exhibit, if an internal user pings 10.1.100.2 and 10.1.100.22 from subnet 172.16.205.0/24, which outgoing interfaces will be used?

A . port16 and port1
B . port1 and port1
C . port16 and port15
D . port1 and port15

Reveal Solution Hide Solution

Question #4

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.

Which two statements are true regarding the requirements? (Choose two.)

A . FortiGate can perform SSH access proxy host-key validation.
B . You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.
C . SSH traffic is tunneled between the client and the access proxy over HTTPS
D . Traffic is discarded as ZTNA does not support SSH connection rules

Reveal Solution Hide Solution

Question #5

You must analyze an event that happened at 20:37 UTC.

One log relevant to the event is extracted from FortiGate logs:

The devices and the administrator are all located in different time zones Daylight savings time (DST) is disabled

• The FortiGate is at GMT-1000.

• The FortiAnalyzer is at GMT-0800

• Your browser local time zone is at GMT-03.00

You want to review this log on FortiAnalyzer GUI, what time should you use as a filter?

A . 20:37:08
B . 10:37:08
C . 17:37:08
D . 12.37:08

Reveal Solution Hide Solution

Question #6

Refer to the exhibits.

A customer wants to deploy 12 FortiAP 431F devices on high density conference center, but they do not currently have any PoE switches to connect them to. They want to be able to run them at full power while having network redundancy

From the FortiSwitch models and sample retail prices shown in the exhibit, which build of materials would have the lowest cost, while fulfilling the customer’s requirements?

A . 1x FortiSwitch 248EFPOE
B . 2x FortiSwitch 224E-POE
C . 2x FortiSwitch 248E-FPOE
D . 2x FortiSwitch 124E-FPOE

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The customer wants to deploy 12 FortiAP 431F devices on a high density conference center, but they do not have any PoE switches to connect them to. They want to be able to run them at full power while having network redundancy. PoE switches are switches that can provide both data and power to connected devices over Ethernet cables, eliminating the need for separate power adapters or outlets. PoE switches are useful for deploying devices such as wireless access points, IP cameras, and VoIP phones in locations where power outlets are scarce or inconvenient. The FortiAP 431F is a wireless access point that supports PoE+ (IEEE 802.3at) standard, which can deliver up to 30W of power per port. The FortiAP 431F has a maximum power consumption of 25W when running at full power. Therefore, to run 12 FortiAP 431F devices at full power, the customer needs PoE switches that can provide at least 300W of total PoE power budget (25W x 12). The customer also needs network redundancy, which means that they need at least two PoE switches to connect the FortiAP devices in case one switch fails or loses power. From the FortiSwitch models and sample retail prices shown in the exhibit, the build of materials that has the lowest cost while fulfilling the customer’s requirements is 2x FortiSwitch 248E-FPOE. The FortiSwitch 248E-FPOE is a PoE switch that has 48 GE ports with PoE+ capability and a total PoE power budget of 370W. It also has 4x 10 GE SFP+ uplink ports for high-speed connectivity. The sample retail price of the FortiSwitch 248E-FPOE is $1,995, which means that two units will cost $3,990. This is the lowest cost among the other options that can meet the customer’s requirements. Option A is incorrect because the FortiSwitch 248EFPOE is a non-PoE switch that has no PoE capability or power budget. It cannot provide power to the FortiAP devices over Ethernet cables. Option B is incorrect because the FortiSwitch 224E-POE is a PoE switch that has only 24 GE ports with PoE+ capability and a total PoE power budget of 185W. It cannot provide enough ports or power to run 12 FortiAP devices at full power. Option D is incorrect because the FortiSwitch 124E-FPOE is a PoE switch that has only 24 GE ports with PoE+ capability and a total PoE power budget of 185W. It cannot provide enough ports or power to run 12 FortiAP devices at full power.

References:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_Secure_Access_Series.pdf

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiAP_400_Series.pdf

Question #7

An HA topology is using the following configuration:

Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?

A . 600ms
B . 200ms
C . 300ms
D . 100ms

Reveal Solution Hide Solution

Question #8

Refer to the exhibits.

A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.

The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.

Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)

A)

A . Option A
B . Option B
C . Option C
D . Option D

Reveal Solution Hide Solution

Question #9

Refer to the exhibit, which shows a VPN topology.

The device IP 10.1.100.40 downloads a file from the FTP server IP 192.168.4.50

Referring to the exhibit, what will be the traffic flow behavior if ADVPN is configured in this environment?

A . All the session traffic will pass through the Hub
B . The TCP port 21 must be allowed on the NAT Device2
C . ADVPN is not supported when spokes are behind NAT
D . Spoke1 will establish an ADVPN shortcut to Spoke2

Reveal Solution Hide Solution

Question #10

You are creating the CLI script to be used on a new SD-WAN deployment You will have branches with a different number of internet connections and want to be sure there is no need to change the Performance SLA configuration in case more connections are added to the branch.

The current configuration is:

Which configuration do you use for the Performance SLA members?

A . set members any
B . set members 0
C . current configuration already fulfills the requirement
D . set members all

Reveal Solution Hide Solution

1 2

Exams