Fortinet nse8-812 practice test
Fortinet NSE 8 Written Exam
Last exam update: Nov 26 ,2024
Question 1
Refer to the exhibit.
You are operation an internal network with multiple OSPF routers on the same LAN segment. FGT_3 needs to be added to the OSPF network and has the configuration shown in the exhibit. FGT_3 is not establishing any OSPF connection.
What needs to be changed to the configuration to make sure FGT_3 will establish OSPF neighbors without affecting the DR/BDR election?
- D. None
Answer:
b
Question 2
On a FortiGate configured in Transparent mode, which configuration option allows you to control Multicast traffic passing through the device?
- D. None
Answer:
c
Question 3
Refer to the exhibits.
Configuration 
Topology 
A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.
The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.
Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)
- E. None
Answer:
ae
Question 4
Refer to the exhibit.
A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.
How will the sessions be load balanced between server 1 and server 2 during normal operation?
- A. Server 1 will receive 25% of the sessions, Server 2 will receive 75% of the sessions
- B. Server 1 will receive 20% of the sessions, Server 2 will receive 66 6% of the sessions
- C. Server 1 will receive 33.3% of the sessions, Server 2 will receive 66 6% of the sessions
- D. Server 1 will receive 0% of the sessions, Server 2 will receive 100% of the sessions
Answer:
c
Question 5
Refer to the exhibits, which show a firewall policy configuration and a network topology.
Configuration 
Topology 
An administrator has configured an inbound SSL inspection profile on a FortiGate device (FG-1) that is protecting a data center hosting multiple web pages.
Given the scenario shown in the exhibits, which certificate will FortiGate use to handle requests to xyz.com?
- A. FortiGate will fall-back to the default Fortinet_CA_SSL certificate
- B. FortiGate will reject the connection since no certificate is defined
- C. FortiGate will use the Fortmet_CA_Untrusted certificate for the untrusted connection
- D. FortiGate will use the first certificate in the server-cert listthe abc.com certificate
Answer:
d
Question 6
Refer to the exhibit.
To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.
Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phase1-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)
- A. set net-device disable
- B. set mode-cfg enable
- C. set ike-version 1
- D. set add-route enable
- E. set mode-cfg-allow-client-selector enable
Answer:
bde
Question 7
A retail customer with a FortiADC HA cluster load balancing five webservers in L7 Full NAT mode is receiving reports of users not able to access their website during a sale event. But for clients that were able to connect, the website works fine.
CPU usage on the FortiADC and the web servers is low, application and database servers are still able to handle more traffic, and the bandwidth utilization is under 30%.
Which two options can resolve this situation? (Choose two.)
- A. Change the persistence rule to LB_PERSIS_SSL_SESS_ID
- B. Add more web servers to the real server pool
- C. Disable SSL between the FortiADC and the web servers
- D. Add a connection-pool to the FortiADC virtual server
Answer:
a
Question 8
An automation stitch was configured using an incoming webhook as the trigger named my_incoming_webhook.
The action is configured to execute the CLI Script shown:
The base Curl command starts with: curl -k -x POST -H Authorization: Bearer --data <data> <url>
Which Curl command will successfully work with the configured automation stitch?
- A. data: { hostname: bad_host_1, ip: [1.1.1.1]}url: http://192.168.226.129/api/v2/monitor/system/automation-stitch/webhook/my_incoming_webhook
- B. data: { hostname: bad_host_1, ip: 1.1.1.1}url: http://192.168.226.129/api/v2/monitor/system/automation-stitch/webhook/my_incoming_webhook
- C. data: { hostname: bad_host_1, ip: [1.1.1.1]}url: http://192.168.226.129/api/v2/cmdb/system/automation-stitch/webhook/my_incoming_webhook
- D. data: { hostname: bad_host_1, ip: 1.1.1.1}url: http://192.168.226.129/api/v2/cmdb/system/automation-stitch/webhook/my_incoming_webhook
Answer:
b
Question 9
Refer to the exhibits.
Exhibit A 
Exhibit B 
A customer wants to deploy 12 FortiAP 431F devices on high density conference center, but they do not currently have any PoE switches to connect them to. They want to be able to run them at full power while having network redundancy.
From the FortiSwitch models and sample retail prices shown in the exhibit, which build of materials would have the lowest cost, while fulfilling the customers requirements?
- A. 1x FortiSwitch 248E-FPOE
- B. 2x FortiSwitch 224E-POE
- C. 2x FortiSwitch 248E-FPOE
- D. 2x FortiSwitch 124E-FPOE
Answer:
b
Question 10
A customer with a FortiDDoS 200F protecting their fibre optic internet connection from incoming traffic sees that all the traffic was dropped by the device even though they were not under a DoS attack. The traffic flow was restored after it was rebooted using the GUI.
Which two options will prevent this situation in the future? (Choose two.)
- A. Change the Adaptive Mode.
- B. Create an HA setup with a second FortiDDoS 200F.
- C. Move the internet connection from the SFP interfaces to the LC interfaces.
- D. Replace with a FortiDDoS 1500F.
Answer:
a,b