PassLeader just published the NEWEST Fortinet NSE8_812 exam dumps! And, PassLeader offer two types of the NSE8_812 dumps — NSE8_812 VCE dumps and NSE8_812 PDF dumps, both VCE and PDF contain the NEWEST NSE8_812 exam questions, they will help you PASSING the Fortinet NSE8_812 exam easily! Now, get the NEWEST NSE8_812 dumps in VCE and PDF from PassLeader — https://www.passleader.com/nse8-812.html (198 Q&As Dumps)
What’s more, part of that PassLeader NSE8_812 dumps now are free — https://drive.google.com/drive/folders/1cDWnIf_DJEFgVEbiodH_-L_uXDSQ73sa
NEW QUESTION 172
A cafe offers free Wi-Fi. Customers’ portable electronic devices often do not have antivirus software installed and may be hosting worms without their knowledge. You must protect all customers from any other customers’ infected devices that join the same SSID. Which step meets the requirement?
A. Enable deep SSH inspection with antivirus and IPS.
B. Use a captive portal to redirect unsecured connections such as HTTP and SMTP to their secured equivalents, preventing worms on infected clients from tampering with other customer traffic.
C. Use WPA2 encryption and configure a policy on FortiGate to block all traffic between clients.
D. Use WPA2 encryption, and enable “Block lntra-SSID Traffic”.
Answer: D
NEW QUESTION 173
You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application. What are two causes of this problem? (Choose two.)
A. The application control database is not updated.
B. SSL inspection is not enabled.
C. A client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype.
D. The FakeSkype.botnet signature is included on your application control sensor.
Answer: AB
NEW QUESTION 174
You are an administrator of FortiGate devices that use FortiManager for central management. You need to add a policy on an ADOM, but upon selecting the ADOM drop-down list, you notice that the ADOM is in locked state. Workflow mode is enabled on your FortiManager to define approval or notification workflow when creating and installing policy changes. What caused this problem?
A. Another administrator has locked the ADOM and is currently working on it.
B. There is pending approval waiting from a previous modification.
C. You need to use set workspace-mode workflow on the CLI.
D. You have read-only permission on Workflow Approve in the administrator profile.
Answer: A
NEW QUESTION 175
You are asked to design a secure solution using Fortinet products for a company. The company recently has Web servers that were exploited and defaced. The customer has also experienced Denial or Service due to SYN Flood attacks. Taking this into consideration, the customer’s solution should have the following requirements:
– management requires network-based content filtering with man-in-the-middle inspection
– the customer has no existing public key infrastructure but requires centralized certificate management
– users are tracked by their active directory username without installing any software on their hosts
– Web servers that have been exploited need to be protected from the OW ASP Top 10
– notification of high volume SYN Flood attacks when a threshold has been triggered
Which three solutions satisfy these requirements? (Choose three.)
A. FortiGate
B. FortiCiient
C. FortiWeb
D. FortiAuthenticator
E. FortiDDOS
Answer: CDE
NEW QUESTION 176
A customer has the following requirements:
– local peer with two Internet links
– remote peer with one Internet link
– secure traffic between the two peers
– granular control with Accept policies
Which solution provides security and redundancy for traffic between the two peers?
A. a fully redundant VPN with interface mode configuration
B. a partially redundant VPN with interface mode configuration
C. a partially redundant VPN with tunnel mode configuration
D. a fully redundant VPN with tunnel mode configuration
Answer: B
NEW QUESTION 177
Regarding tunnel-mode SSL VPN, which three statements are correct? (Choose three.)
A. Split tunneling is supported.
B. It requires the installation of a VPN client.
C. It requires the use of an Internet browser.
D. It does not support traffic from third-party network applications.
E. An SSL VPN IP address is dynamically assigned to the client by the FortiGate unit.
Answer: ABE
NEW QUESTION 178
You are managing a FortiAnalyzer appliance. After an upgrade, you notice that the unit no longer displays historical logs, reports do not produce any data, and FortiView summary views are empty. However, you notice that the unit is receiving logs on the dashboard widgets. Which step resolves this problem?
A. Execute the CLI command exec sql-local rebuild-db.
B. Execute the CLI command diag sql remove hcache.
C. Execute the CLI command exec sql-local reinsert-logs.
D. Restore the unit settings from a previous backup.
Answer: A
NEW QUESTION 179
You have received an issue report about users not being able to use a video conferencing application. This application uses two UDP ports and two TCP ports to communicate with servers on the Internet. The network engineering team has confirmed there is no routing problem. You are given a copy of the FortiGate configuration. Which three configuration objects will you inspect to ensure that no policy is blocking this traffic? (Choose three.)
A. config firewall interface-policy
B. config firewall DoS-policy
C. config firewall policy
D. config firewall multicast-policy
E. config firewall sniffer-policy
Answer: ABC
NEW QUESTION 180
You implemented FortiGate in transparent mode with 10 different VLAN interfaces in the same forwarding domain. You have defined a policy to allow traffic from any interface to any interface. Which statement about your implementation is true?
A. FortiGate populates the MAC address table based on destination addresses of frames received from all10 VLANs.
B. There will be no impact on the STP protocol.
C. All10 VLANs will become a single broadcast domain for the ARP request.
D. The ARP request will not be forwarded across the different VLANs domains.
Answer: C
NEW QUESTION 181
A customer wants to implement a RADIUS Single Sign On (RSSO) solution for multiple FortiGate devices. The customer’s network already includes a RADIUS server that can generate the logon and logoff accounting records. However, the RADIUS server can send those records to only one destination. What should the customer do to overcome this limitation?
A. Send the RADIUS records to an LDAP server and add the LDAP server to the FortiGate configuration.
B. Send the RADIUS records to an RSSO Collector Agent.
C. Send the RADIUS records to one of the FortiGate devices, which can replicate them to the other FortiGate units.
D. Use the RADIUS accounting proxy feature available in FortiAuthenticator devices.
Answer: B
NEW QUESTION 182
Which two features are supported only by FortiMail but not by FortiGate? (Choose two.)
A. DNSBL
B. built-in MTA
C. end-to-end IBE encryption
D. FortiGuard Antispam
Answer: BC
NEW QUESTION 183
You are hosting Web applications that must be PCI DSS compliant. The Web applications are protected by a FortiWeb. Compliance will be tested during the quarterly security review. In this scenario, which three FortiWeb features should you use? (Choose three.)
A. Vulnerability Scan
B. Auto-learning
C. Syn Cookie
D. Credit Card Detection
E. the config system advanced set weark_enc disable end command
Answer: ACD
NEW QUESTION 184
Your FortiGate has multiple CPUs. You want to verify the load for each CPU. Which two commands will accomplish this task? (Choose two.)
A. get system performance status
B. diag system mpstat
C. diag system cpu stat
D. diag system top
Answer: AD
NEW QUESTION 185
You are asked to implement a wireless network for a conference center and need to provision a high number of access points to support a large number of wireless client connections. Which statement describes a valid solution for this requirement?
A. Use a captive portal for guest access.
Use both 2.4 GHz and 5 GHz bands.
Enable frequency and access point hand-off.
Use more channels, thereby supporting more clients.
B. Use an open wireless network with no portal.
Use both 2.4 GHz and 5 GHz bands.
Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
C. Use a pre-shared key only for wireless client security.
Use the 5 GHz band only for greater security.
Use 802.11ac capable access points and configure channel bonding to support greater throughput for wireless clients.
D. Use a captive portal for guest access.
Use both the 2.4 GHz and 5 GHz bands, and configure frequency steering.
Configure rogue access point detection in order to automatically control the transmit power of each AP.
Answer: A
NEW QUESTION 186
There is an interface-mode IPsec tunnel configured between FortiGate1 and FortiGate2. You want to run OSPF over the IPsec tunnel. On both FortiGates. the IPsec tunnel is based on physical interface Port1. Port1 has the default MTU setting on both FortiGate units. Which statement is true about this scenario?
A. A multicast firewall policy must be added on FortiGate1 and FortiGate2 to allow protocol 89.
B. The MTU must be set manually in the OSPF interface configuration.
C. The MTU must be set manually on the IPsec interface.
D. An IP address must be assigned to the IPsec interface on FortiGate1 and FortiGate2.
Answer: D
NEW QUESTION 187
Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate devices? (Choose three.)
A. mismatched phase 2 selectors
B. mismatched Anti-Replay configuration
C. mismatched Perfect Forward Secrecy
D. failed Dead Peer Detection negotiation
E. mismatched IKE version
Answer: ACE
Explanation:
In IPsec negotiations, Perfect Forward Secrecy (PFS) ensures that each new cryptographic key is unrelated to any previous key. Either enable or disable PFS on both the tunnel peers; otherwise, the LAN-to-LAN (L2L) IPsec tunnel is not established.
NEW QUESTION 188
Which three statements about throughput on a wireless network are true? (Choose three.)
A. A wireless device labelled as 300 Mbps should be expected to provide a throughput of 300Mbps.
B. Be careful to ensure the capabilities of the wireless clients match those of the access points, in order to achieve higher throughput.
C. Reducing the duty cycles of the wireless media by generating fewer beacons may improve throughput.
D. Because of the higher level of RF noise that is typical in the 2.4 GHz ISM band, throughput of 2.4 GHz devices will typically be less than 5 GHz devices.
E. Because of the full-duplex nature of the medium and the minimal overhead generated by CSMA/CA, the actual aggregate throughput is typically close to the data rate.
Answer: ACD
Explanation:
http://www.tp-link.in/faq-499.html
NEW QUESTION 189
An administrator wants to assign static IP addresses to users connecting tunnel-mode SSL VPN. Each SSL VPN user must always get the same unique IP address which is never assigned to any other user. Which solution accomplishes this task?
A. TACACS+ authentication with an attribute-value (AV) pair containing each user’s IP address.
B. RADIUS authentication with each user’s IP address stored in a Vendor Specific Attribute (VSA).
C. LDAP authentication with an LDAP attribute containing each user’s IP address.
D. FSSO authentication with an LDAP attribute containing each user’s IP address.
Answer: D
NEW QUESTION 190
Which VPN protocol is supported by FortiGate units?
A. E-LAN
B. PPTP
C. DMVPN
D. OpenVPN
Answer: B
NEW QUESTION 191
You have deployed two FortiGate devices as an HA pair. One FortiGate will process traffic while the other FortiGate is a standby. The standby monitors the primary for failure and only takes the role of processing traffic if it detects that the primary FortiGate has failed. Which style of FortiGate HA does this scenario describe?
A. active-passive HA
B. active-active HA
C. partial mesh HA
D. full mesh HA
Answer: A
NEW QUESTION 192
Which Fortinet product is used for antispam protection?
A. FortiSwitch
B. FortiGate
C. FortiWeb
D. FortiDB
Answer: B
NEW QUESTION 193
A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic. Which statement about the VoIP configuration options is correct?
A. FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.
B. Restricting SIP requests is only possible when using the SIP Session Helper.
C. By default, VoIP traffic will be processed using the SIP Session Helper.
D. Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.
Answer: D
NEW QUESTION 194
Which two types of interface have built-in active bypass in FortiDDoS devices? (Choose two.)
A. Copper
B. QSFP+
C. SFP
D. LC
E. SFP+
Answer: AE
NEW QUESTION 195
A Hub FortiGate is connecting multiple branch FortiGate devices separating the traffic centrally in unique VRFs. Routing information is exchanged using BGP between the Hub and the Branch FortiGate devices. You want to efficiently enable route leaking of specific routes between the VRFs. Which two steps are required to achieve this requirement? (Choose two.)
A. Create a vdom link between VRF10 and VRF12.
B. Enable Multi-VDOM mode on the Hub FortiGate and add a VDOM to connect VRF10 and VRF12.
C. Enable BGP recursive routing on the HUB FortiGate.
D. Configure route-maps to leak the selected routes using BGP.
Answer: AD
NEW QUESTION 196
……
Learning the PassLeader NSE8_812 dumps with VCE and PDF for 100% passing Fortinet certification — https://www.passleader.com/nse8-812.html (198 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE8_812 dumps for free — https://drive.google.com/drive/folders/1cDWnIf_DJEFgVEbiodH_-L_uXDSQ73sa