Proper study guides for NSE8 NSE8 certified begins with preparation products which designed to deliver the by making you pass the NSE8 test at your first time. Try the free right now.

Also have NSE8 free dumps questions for you:

NEW QUESTION 1
You have received an issue report about users not being able to use a video conferencing application. This application uses two UDP ports and two TCP ports to communicate with servers on the Internet. The network engineering team has confirmed there is no routing problem. You are given a copy of the FortiGate configuration.
Which three configuration objects will you inspect to ensure that no policy is blocking this traffic? (Choose three.)

  • A. config firewall interface-policy
  • B. config firewall DoS-policy
  • C. config firewall policy
  • D. config firewall multicast-policy
  • E. config firewall sniffer-policy

Answer: BCE

NEW QUESTION 2
A café offers free Wi-Fi. Customers’ portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge. You must protect all customers from any other customers’ infected devices that join the same SSID.
Which step meets the requirement?

  • A. Enable deep SSH inspection with antivirus and IPS.
  • B. Use a captive portal to redirect unsecured connections such as HTTP and SMTP to their secured equivalents, preventing worms on infected clients from tampering with other customer traffic.
  • C. Use WPA2 encryption and configure a policy on FortiGate to block all traffic between clients.
  • D. Use WPA2 encryption, and enable “Block Intra-SSID Traffic”.

Answer: B

NEW QUESTION 3
A customer wants to secure the network shown in the exhibit with a full redundancy design. Which security design would you use?
NSE8 dumps exhibit

  • A. Place a FortiGate FGCP Cluster between DD and AA, then connect it to SW1, SW2, SW3, and SW4.
  • B. Place a FortiGate FGCP Cluster between BB and CC, then connect it to SW1, SW2, SW3, and SW4.
  • C. Place a FortiGate FGCP Cluster between BB and AA, then connect it to SW1, SW2, SW3, and SW4.
  • D. Place a FortiGate FGCP Cluster between DD and FF, then connect it to SW1, SW2, SW3, and SW4.

Answer: A

NEW QUESTION 4
You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any interface.
Which statement about your implementation is true?

  • A. FortiGate populates the MAC address table based on destination addresses of frames received from all 10 VLANs.
  • B. There will be no impact on the STP protocol.
  • C. All 10 VLANs will become a single broadcast domain for the ARP request.
  • D. The ARP request will not be forwarded across the different VLANs domains.

Answer: C

Explanation: References: http://kb.fortinet.com/kb/viewAttachment.do?attachID=Fortigate_Transparent_Mode_Techn ical_Guide_FortiOS_4_0_version1.2.pdf&documentID=FD33113

NEW QUESTION 5
You have deployed two FortiGate devices as an HA pair. One FortiGate will process traffic while the other FortiGate is a standby. The standby monitors the primary for failure and only takes the role of processing traffic if it detects that the primary FortiGate has failed.
Which style of FortiGate HA does this scenario describe?

  • A. active-passive HA
  • B. active-active HA
  • C. partial mesh HA
  • D. full mesh HA

Answer: A

NEW QUESTION 6
A data center for example.com hosts several separate Web applications. Users authenticate with all of them by providing their Active Directory (AD) login credentials. You do not have access to Example, Inc.’s AD server. Your solution must do the following:
- provide single sign-on (SSO) for all protected Web applications
- prevent login brute forcing
- scan FTPS connections to the Web servers for exploits
- scan Webmail for OWASP Top 10 vulnerabilities such as session cookie hijacking, XSS, and SQL injection attacks
Which solution meets these requirements?

  • A. Apply FortiGate deep inspection to FTP
  • B. It must forward FTPS, HTTP, and HTTPS to FortiWe
  • C. Configure FortiWeb to query the AD server, and apply SSO for Web request
  • D. FortiWeb must forward FTPS directly to the Web servers without inspection, but proxy HTTP/HTTPS and block Web attacks.
  • E. Deploy FortiDDos to block brute force attack
  • F. Configure FortiGate to forward only FTPS, HTTP, and HTTPS to FortiWe
  • G. Configure FortiWeb to query the AD server, and apply SSO for Web request
  • H. Also configure it to scan FTPS and Web traffic, then forward allowed traffic to the Web servers.
  • I. Use FortiGate to authenticate and proxy HTTP/HTTPS; to verify credentials, FortiGate queries the AD serve
  • J. Also configure FortiGate to scan FTPS before forwarding, and to mitigate SYN flood
  • K. Configure FortiWeb to block Web attacks.
  • L. Install FSSO Agent on server
  • M. Configure FortiGate to inspect FTP
  • N. FortiGate will forward FTPS, HTTP, and HTTPS to FortiWe
  • O. FortiWeb must block Web attacks, then forward all traffic to the Web servers.

Answer: D

Explanation: FSSO agent integrate fortigate with AD then inspect bruteforce,FTPS,HTTP, and HTTPS using fortiweb and then forward all traffic to web server.
References:

NEW QUESTION 7
Your marketing department uncompressed and executed a file that the whole department received using Skype.
NSE8 dumps exhibit
Reviewing the exhibit, which two details do you determine from your initial analysis of the payload?

  • A. The payload contains strings that the malware is monitoring to harvest credentials.
  • B. This is a type of Trojan that will download and pirate movies using your Netflix credentials.
  • C. This type of threat of a DDoS attack using instant messaging to send e-mails to further spread the infection.
  • D. This threat payload is uploading private user videos which are then used to extort Bitcoin payments.

Answer: B

NEW QUESTION 8
You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application.
What are two causes of this problem? (Choose two.)

  • A. The application control database is not updated.
  • B. SSL inspection is not enabled.
  • C. A client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype
  • D. The FakeSkype.botnet signature is included on your application control sensor.

Answer: AB

NEW QUESTION 9
A FortiGate is deployed in the NAT/Route operation mode. This operation mode operates at which OSI layer?

  • A. Layer 4
  • B. Layer 1
  • C. Layer 3
  • D. Layer 2

Answer: C

NEW QUESTION 10
Referring to the exhibit, which statement is true?
NSE8 dumps exhibit

  • A. The packet failed the HMAC validation.
  • B. The packet did not match any of the local IPsec SAs.
  • C. The packet was protected with an unsupported encryption algorithm.
  • D. The IPsec negotiation failed because the SPI was unknown.

Answer: A

Explanation: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33101

NEW QUESTION 11
You are asked to design a secure solution using Fortinet products for a company. The company recently has Web servers that were exploited and defaced. The customer has also experienced Denial or Service due to SYN Flood attacks. Taking this into consideration, the customer’s solution should have the following requirements:
- management requires network-based content filtering with man-in-the-middle inspection
- the customer has no existing public key infrastructure but requires centralized certificate management
- users are tracked by their active directory username without installing any software on their hosts
- Web servers that have been exploited need to be protected from the OWASP Top 10
- notification of high volume SYN Flood attacks when a threshold has been triggered Which three solutions satisfy these requirements? (Choose three.)

  • A. FortiGate
  • B. FortiClient
  • C. FortiWeb
  • D. FortiAuthenticator
  • E. FortiDDOS

Answer: ACE

NEW QUESTION 12
FortiGate1 has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between FortiGate1 and FortiGate2 is on UDP port 500. A PC on FortuGate2’s local area network is sending continuous ping requests over the VPN tunnel to a PC of FortiGate1’s local area network. No other traffic is sent over the tunnel.
NSE8 dumps exhibit
Which statement is true on this scenario?

  • A. FortiGate1 sends an R-U-THERE packet every 300 seconds while ping traffic is flowing.
  • B. FortiGate1 sends an R-U-THERE packet if pings stop for 300 seconds and no IKE packet is received during this period.
  • C. FortiGate1 sends an R-U-THERE packet if pings stop for 60 seconds and no IKE packet is received during this period.
  • D. FortiGate1 sends an R-U-THERE packet every 60 seconds while ping traffic is flowing.

Answer: C

Explanation: References: http://kb.fortinet.com/kb/documentLink.do?externalID=FD35337

NEW QUESTION 13
The exhibit shows an LDAP server configuration in a FortiGate device.
NSE8 dumps exhibit
The LDAP user, John Smith, has the following LDAP attributes:
NSE8 dumps exhibit
John Smith’s LDAP password is ABC123.
Which CLI command should you use to test the LDAP authentication using John Smith’s credentials?

  • A. diagnose test authserver ldap Lab jsmith ABC123
  • B. diagnose test authserver ldap-direct Lab jsmith ABC123
  • C. diagnose test authserver ldap Lab ‘John Smith’ ABC123
  • D. diagnose test authserver ldap-direct Lab john ABC123

Answer: A

Explanation: References: https://forum.fortinet.com/tm.aspx?m=119178

NEW QUESTION 14
An administrator wants to assign static IP addresses to users connecting tunnel-mode SSL VPN. Each SSL VPN user must always get the same unique IP address which is never assigned to any other user.
Which solution accomplishes this task?

  • A. TACACS+ authentication with an attribute-value (AV) pair containing each user’s IP address.
  • B. RADIUS authentication with each user’s IP address stored in a Vendor Specific Attribute (VSA).
  • C. LDAP authentication with an LDAP attribute containing each user’s IP address.
  • D. FSSO authentication with an LDAP attribute containing each user’s IP address.

Answer: D

NEW QUESTION 15
Which command syntax would you use to configure the serial number of a FortiGate as its host name?

  • A. NSE8 dumps exhibit
  • B. NSE8 dumps exhibit
  • C. NSE8 dumps exhibit
  • D. NSE8 dumps exhibit

Answer: AB

Explanation: References:
http://defadhil.blogspot.in/2014/04/how-to- protect-fortigate- from.html

NEW QUESTION 16
Referring to the command output shown in the exhibit, how many hosts are connected to the FortiGate?
NSE8 dumps exhibit

  • A. 7
  • B. 6
  • C. 2
  • D. 256

Answer: B

Explanation: References:
http://cookbook.fortinet.com/troubleshooting-fortigate-installation/

100% Valid and Newest Version NSE8 Questions & Answers shared by Certleader, Get Full Dumps HERE: https://www.certleader.com/NSE8-dumps.html (New 65 Q&As)