Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE8

Fortinet NSE8 Exam Practice Questions (P. 5)

  • Full Access (65 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
A caf offers free Wi-Fi. Customers portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge.
You must protect all customers from any other customers infected devices that join the same SSID.
Which step meets the requirement?
  1. A
    Enable deep SSH inspection with antivirus and IPS.
  2. B
    Use a captive portal to redirect unsecured connections such as HTTP and SMTP to their secured equivalents, preventing worms on infected clients from tampering with other customer traffic.
  3. C
    Use WPA2 encryption and configure a policy on FortiGate to block all traffic between clients.
  4. D
    Use WPA2 encryption, and enable "Block Intra-SSID Traffic".

Correct Answer:
D

Question #22
You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application.
What are two causes of this problem? (Choose two.)
  1. A
    The application control database is not updated.
  2. B
    SSL inspection is not enabled.
  3. C
    A client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype
  4. D
    The FakeSkype.botnet signature is included on your application control sensor.

Correct Answer:
AB

Question #23
Given the following FortiOS 5.2 commands:

Which vulnerability is being addresses when managing FortiGate through an encrypted management protocol?
  1. A
    Remote Exploit Vulnerability in Bash (ShellShock)
  2. B
    Information Disclosure Vulnerability in OpenSSL (Heartbleed)
  3. C
    SSL v3 POODLE Vulnerability
  4. D
    SSL/TLS MITM vulnerability (CVE-2014-0224)

Correct Answer:
C
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36913

Question #24

Given the following error message:

FortiManager fails to import policy ID 1.
What is the problem?
  1. A
    FortiManager already has Address LAN which has interface mapping set to "internal" in its database, it is contradicting with the STUDENT-2 FortiGate device which has address LAN mapped to "any".
  2. B
    FortiManager already has address LAN which has interface mapping set to "any" in its database; this conflicts with the STUDENT-2 FortiGate device which has address "LAN" mapped to "internal".
  3. C
    Policy ID 1 for this managed FortiGate device already exists on the FortiManager policy package named STUDENT-2.
  4. D
    Policy ID 1 does not have interface mapping on FortiManager.

Correct Answer:
D
http://kb.fortinet.com/kb/documentLink.do?externalID=FD38544

Question #25
You are an administrator of FortiGate devices that use FortiManager for central management. You need to add a policy on an ADOM, but upon selecting the
ADOM drop-down list, you notice that the ADOM is in locked state. Workflow mode is enabled on your FortiManager to define approval or notification workflow when creating and installing policy changes.
What caused this problem?
  1. A
    Another administrator has locked the ADOM and is currently working on it.
  2. B
    There is pending approval waiting from a previous modification.
  3. C
    You need to use set workspace-mode workflow on the CLI.
  4. D
    You have read-only permission on Workflow Approve in the administrator profile.

Correct Answer:
D
http://docs.fortinet.com/uploaded/files/2250/FortiManager-5.2.1-Administration-Guide.pdf

Previous Questions Next Questions

All Pages