NSE8_811 Online Practice Questions and Answers
You are building a FortiGate cluster which is stretched over two locations. The HA connections for the cluster are terminated on the local switches in the data centers. Once the FortiGate devices have booted, they do not form a cluster. The network operators inform you that CRC errors are present on the switches where the FortiGate devices are connected.
What should you do to solve this problem?
A. Set the speed/duplex setting to 1 Gbps / Full Duplex.
B. Replace the cables where the CRC errors occur.
C. Place the HA interfaces in dedicated VLANs.
D. Change the ethertype for the HA packets.
An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.
Which action will reduce the WAN usage by the monitoring system?
A. Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.
B. Install both Supervisor and Collector on each remote site.
C. Install local Collectors on each remote site.
D. Disable real-time log upload on the remote sites.
Refer to the exhibit.
You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of member options.
Referring to the exhibit, which statement is correct in this situation?
A. The FortiGate interfaces are defective and require replacement.
B. The FortiGate model does not have an Integrated Switch Fabric (ISF).
C. The FortiGate model being used does not support LAG.
D. The FortiGate SFP+ slot does not have the correct module.
You have deployed a FortiGate in NAT/Route mode as a Secure Web Gateway with a few IP-based authentication firewall policies. Your customer reports that some users now have different browsing permissions from what is expected. All these users are browsing using Internet Explorer through a Remote Desktop Connection to a Terminal Server. When you look at the FortiGate logs, the username for the Terminal Server IP is not consistent.
Which action will correct this problem?
A. Change the FSSO Polling mode to Windows NetAPI.
B. Configure FSSO Advanced with LDAP integration.
C. Install the TS/Citrix agent on the terminal server.
D. Make sure the Terminal Server is using the correct DNS server.
Refer to the exhibit.
While deploying a new FortiGate-VMX Security node, an administrator receives the error message shown
in the exhibit.
In this scenario, which statement is correct?
A. The NSX Manager is not able to connect on the FortiGate Service Manager RestAPI service.
B. The vCenter is not able to locate the FortiGate-VMX OVF file.
C. The FortiGate Service Manager does not have the proper permission to register the FortiGate-VMX Service.
D. The vCenter cannot connect to the FortiGate Service Manager.
Refer to the exhibit.
You have installed a FortiSandbox and configured it in your FortiMail. Referring to the exhibit, which two statements are correct? (Choose two.)
A. If FortiMail is not able to obtain the results from the FortiGuard queries, URIs will not be checked by the FortiSandbox.
B. FortiMail will cache the results for 30 minutes
C. If the FortiSandbox with IP 10.10.10.3 is not available, the e-mail will be checked by the FortiCloud Sandbox.
D. FortiMail will wait up to 30 minutes to obtain the scan results.
Refer to the exhibit.
You have deployed several perimeter FortiGate devices with internal segmentation FortiGate devices behind them. All FortiGate devices are logging to FortiAnalyzer. When you search the logs in FortiAnalyzer for denied traffic, you see numerous log messages, as shown in the exhibit, on your perimeter FortiGate device only.
Which two actions will reduce the number of these log messages? (Choose two.)
A. Disable DNS events logging from FortiGate in the config log fortianalyzer filter section.
B. Apply an application control profile to the perimeter FortiGate devices that does not inspect DNS traffic to the outbound firewall policy.
C. Remove DNS signatures from the IPS profile applied to the outbound firewall policy.
D. Configure the internal FortiGate devices to communicate to FortiGuard using port 8888.
You must create a High Availability deployment with two FortiWebs in Amazon Web Services (AWS); each on different Availability Zones (AZ) from the same region. At the same time, each FortiWeb should be able to deliver content from the Web servers of both of the AZs.
Which deployment would fulfill this requirement?
A. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic Load Balancer (ELB) for the internal Web servers.
B. Use AWS Elastic Load Balancer (ELB) for both the FortiWebs in standalone mode and the internal Web servers in an ELB sandwich.
C. Configure the FortiWebs in Active-Active HA mode and use AWS Route 53 to load balance the internal Web servers.
D. Use AWS Route 53 to load balance the FortiWebs in standalone mode and use AWS Virtual Private Cloud (VPC) Peering to load balance the internal Web servers.
Refer to the exhibit.
You are working on FortiGate 61E operating in flow-based inspection mode with various settings optimized for performance. The main Internet firewall policy is using the "default" antivirus profile. You found that some executable virus samples files downloaded over HTTP are not being blocked by the FortiGate.
Referring to the exhibit, how can this be fixed?
A. Change the set scan-mode configuration to full.
B. Disable the emulator feature.
C. Change the set default-db configuration to extreme.
D. Add set content-disarm enable to the configuration.
A legacy router has been replaced by a FortiGate device. The FortiGate has inherited the management IP address of the router and now the network administrator needs to remove the router from the FortiSIEM configuration.
Which two statements about this operation are true? (Choose two.)
A. FortiSIEM will move the router device into the Decommission folder.
B. The router will be completely deleted from the FortiSIEM database.
C. By default, FortiSIEM can only parser event logs for FortiGate devices.
D. FortiSIEM will discover a new device for the FortiGate with the same IP.
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.