Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE8

Fortinet NSE8 Exam Practice Questions (P. 3)

  • Full Access (65 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
FortiGate1 has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between FortiGate1 and FortiGate2 is on UDP port 500. A PC on
FortuGate2s local area network is sending continuous ping requests over the VPN tunnel to a PC of FortiGate1s local area network. No other traffic is sent over the tunnel.

Which statement is true on this scenario?
  1. A
    FortiGate1 sends an R-U-THERE packet every 300 seconds while ping traffic is flowing.
  2. B
    FortiGate1 sends an R-U-THERE packet if pings stop for 300 seconds and no IKE packet is received during this period.
  3. C
    FortiGate1 sends an R-U-THERE packet if pings stop for 60 seconds and no IKE packet is received during this period.
  4. D
    FortiGate1 sends an R-U-THERE packet every 60 seconds while ping traffic is flowing.

Correct Answer:
C
http://kb.fortinet.com/kb/documentLink.do?externalID=FD35337

Question #12
The FortiGate is an IPsec VPN hub. A VPN spoke protecting subnet 192.168.222.0/24 has successfully brought up a tunnel with the FortiGate. This remote network is present in the FortiGate routing table as shown in the exhibit.

Which statement is true?
  1. A
    This subnet was learned during quick-mode negotiation and was dynamically injected into the routing table.
  2. B
    The FortiGate administrator configured this subnet as a locally connected subnet on the "BranchOffice" phase1 interface.
  3. C
    The route in the exhibit is bound to "BranchOffice_0" which is a tunnel other than "BranchOffice".
  4. D
    The FortiGate administrator configured a static route for 192.168.222.0/24.

Correct Answer:
B

Question #13
There is an interface-mode IPsec tunnel configured between FortiGate1 and FortiGate2. You want to run OSPF over the IPsec tunnel. On both FortiGates. the
IPsec tunnel is based on physical interface port1. Port1 has the default MTU setting on both FortiGate units.
Which statement is true about this scenario?
  1. A
    A multicast firewall policy must be added on FortiGate1 and FortiGate2 to allow protocol 89.
  2. B
    The MTU must be set manually in the OSPF interface configuration.
  3. C
    The MTU must be set manually on the IPsec interface.
  4. D
    An IP address must be assigned to the IPsec interface on FortiGate1 and FortiGate2.

Correct Answer:
B
If MTU doesnt match then the neighbour ship gets stuck in exchange state.

Question #14
Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate devices? (Choose three.)
  1. A
    mismatched phase 2 selectors
  2. B
    mismatched Anti-Replay configuration
  3. C
    mismatched Perfect Forward Secrecy
  4. D
    failed Dead Peer Detection negotiation
  5. E
    mismatched IKE version

Correct Answer:
ACE
In IPsec negotiations, Perfect Forward Secrecy (PFS) ensures that each new cryptographic key is unrelated to any previous key. Either enable or disable PFS on both the tunnel peers; otherwise, the LAN-to-LAN (L2L) IPsec tunnel is not established

Question #15
Which three statements about throughput on a wireless network are true? (Choose three.)
  1. A
    A wireless device labelled as 300 Mbps should be expected to provide a throughput of 300Mbps.
  2. B
    Be careful to ensure the capabilities of the wireless clients match those of the access points, in order to achieve higher throughput.
  3. C
    Reducing the duty cycles of the wireless media by generating fewer beacons may improve throughput.
  4. D
    Because of the higher level of RF noise that is typical in the 2.4 GHz ISM band, throughput of 2.4 GHz devices will typically be less than 5 GHz devices.
  5. E
    Because of the full-duplex nature of the medium and the minimal overhead generated by CSMA/CA, the actual aggregate throughput is typically close to the

Correct Answer:
D
http://www.tp-link.in/faq-499.html

Previous Questions Next Questions

All Pages