Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet NSE8_811

Fortinet NSE8_811 Exam Practice Questions (P. 3)

  • Full Access (60 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
Refer to the exhibit.

A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGate devices to connect to it. However, FortiGate A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect while site A is connected, site A is disconnected. The IKE real-time debug shows the output in the exhibit when site A is disconnected.
Referring to the exhibit, which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?
  1. A
    set route-overlap allow
  2. B
    set single-source disable
  3. C
    set enforce-unique-id disable
  4. D
    set add-route enable

Correct Answer:
A

Question #12
A customer wants to enable SYN flood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source
IP address.
Which SYN flood mitigation mode must the customer use?
  1. A
    SYN retransmission
  2. B
    SYN/ACK cookie
  3. C
    SYN cookie
  4. D
    ACK cookie

Correct Answer:
C

Question #13
Refer to the exhibit.

You configured AV and Web filtering for your outgoing Internet connections. You later notice that not all Web sessions are being inspected and you start troubleshooting the problem.
Referring to the exhibit, what can be causing this problem?
  1. A
    The Web session is using QUIC which is not inspected by the FortiGate.
  2. B
    There are problems with the connection to the Web filter servers, therefore the Web session cannot be categorized.
  3. C
    The SSL inspection options are not set to deep inspection.
  4. D
    Web filtering is not licensed; therefore, no inspection occurs.

Correct Answer:
A

Question #14
You are administering the FortiGate 5000 and FortiGate 7000 series products. You want to access the HTTPS GUI of the blade located in logical slot 3 of the secondary chassis in a high-availability cluster.
Which URL will accomplish this task?
  1. A
    https://192.168.1.99:44322
  2. B
    https://192.168.1.99:44323
  3. C
    https://192.168.1.99:44313
  4. D
    https://192.168.1.99:44302

Correct Answer:
B

Question #15
Refer to the exhibit.

Given the configuration shown in the exhibit, which two statements are true? (Choose two.)
  1. A
    LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802.3ad trunk on another device.
  2. B
    LAG-1 and LAG-2 should be connected to a 4-port single 802.3ad trunk on another device.
  3. C
    port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B.
  4. D
    LAG-1 and LAG-2 should be connected to a single 4-port 802.3ad interface on the FortiGate-A.

Correct Answer:
AC

Previous Questions Next Questions

All Pages