Free Preparation Discussions
MENU
Fortinet NSE8_812 Exam Questions
- Fortinet Certified Expert Certifications
- Fortinet FCX Fortinet Certified Expert Cybersecurity Certifications
- Topic 1: Fortinet Security Fabric: This section of the Fortinet NSE 8 - Written NSE8_812 exam covers the core principles of the Fortinet Security Fabric architecture, its components, and their collaboration to provide an integrated security solution.
- Topic 2: FortiGate Next-Generation Firewalls (NGFWs): This topic evaluates the skills of Network Security Professionals in configuring, deploying, and managing FortiGate firewalls. The topic of the NSE8_812 exam focuses on application control, firewall policies, intrusion prevention, and threat protection.
- Topic 3: Fortinet Secure SD-WAN: Fortinet network security professionals who attempt the Fortinet NSE 8 - Written NSE8_812 exam must be familiar with the concepts of Secure SD-WAN to cover this topic.
- Topic 4: Fortinet Advanced Threat Protection (ATP): This topic of the Fortinet NSE8_812 exam addresses FortiSandbox and other Advanced Threat Protection (ATP) technologies offered by Fortinet to detect and prevent advanced threats.
- Topic 5: Fortinet Security Services: It highlights the various Fortinet security services available, including FortiGuard threat intelligence and FortiCare support.
- Topic 6: Networking Fundamentals: The Fortinet NSE 8 - Written NSE8_812 exam will also evaluate your understanding of fundamental Fortinet networking concepts, such as IP addressing, routing, and switching.
Free Fortinet NSE8_812 Exam Actual Questions
Note: Premium Questions for NSE8_812 were last updated On Nov. 12, 2024 (see below)
Refer to the exhibit, which shows a Branch1 configuration and routing table.
In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.
In this scenario, which configuration change will meet this requirement?
The default load balancing mode for the SD-WAN implicit rule is source IP based. This means that traffic will be load balanced evenly between the overlay members, regardless of the member's priority.
To prevent traffic from being load balanced, you can configure the priority of each overlay member to 10. This will make the member ineligible for load balancing.
The other options are not correct. Changing the load balancing mode to source-IP based will still result in traffic being load balanced. Creating a new static route with the internet sdwan-zone only will not affect the load balancing of the overlay interface. Configuring the cost in each overlay member to 10 will also not affect the load balancing, as the cost is only used when the implicit rule cannot find a match for the destination IP address.
An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the Online Certificate Status Protocol (OCSP) server.
Part of the FortiGate configuration is shown below:
Based on this configuration, which two statements are true? (Choose two.)
Bis correct because the OCSP check of the certificate can be combined with a certificate revocation list (CRL). This means that the FortiGate will check the OCSP server to see if the certificate has been revoked, and it will also check the CRL to see if the certificate has been revoked.
Dis correct because if the OCSP server is unreachable, authentication will succeed if the certificate matches the CA. This is because the FortiGate will fall back to using the CRL if the OCSP server is unreachable.
The other options are incorrect. Option A is incorrect because OCSP checks can go to other OCSP servers, not just the FortiAuthenticator. Option C is incorrect because OCSP certificate responses can be cached by the FortiGate.
References:
Configuring SSL VPN authentication using digital certificates | FortiGate / FortiOS 7.2.0 - Fortinet Document Library
Online Certificate Status Protocol (OCSP) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library
Certificate Revocation Lists (CRLs) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library
A customer is planning on moving their secondary data center to a cloud-based laaS. They want to place all the Oracle-based systems Oracle Cloud, while the other systems will be on Microsoft Azure with ExpressRoute service to their main data center.
They have about 200 branches with two internet services as their only WAN connections. As a security consultant you are asked to design an architecture using Fortinet products with security, redundancy and performance as a priority.
Which two design options are true based on these requirements? (Choose two.)
a) Systems running on Azure will need to go through the main data center to access the services on Oracle Cloud. This is because the Oracle Cloud is not directly connected to the Azure Cloud. The traffic will need to go through the main data center in order to reach the Oracle Cloud.
c) Branch FortiGate devices must be configured as VPN clients for the branches' internal network to be able to access Oracle services without using public IPs. This is because the Oracle Cloud does not allow direct connections from the internet. The traffic will need to go through the FortiGate devices in order to reach the Oracle Cloud.
The other options are not correct.
b) Use FortiGate VM for IPSEC over ExpressRoute, as traffic is not encrypted by Azure. This is not necessary. Azure does encrypt traffic over ExpressRoute.
d) Two ExpressRoute services to the main data center are required to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge. This is not necessary. A single ExpressRoute service can be used to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge.
Refer to the exhibit, which shows the high availability configuration for the FortiAuthenticator (FAC1).
Based on this information, which statement is true about the next FortiAuthenticator (FAC2) member that will join an HA cluster with this FortiAuthenticator (FAC1)?
Which two statements are correct on a FortiGate using the FortiGuard Outbreak Protection Service (VOS)? (Choose two.)
c) The antivirus database queries FortiGuard with the hash of a scanned file. This is how the FortiGuard VOS service works. The FortiGate queries FortiGuard with the hash of a scanned file, and FortiGuard returns a list of known malware signatures that match the hash.
e) The hash signatures are obtained from the FortiGuard Global Threat Intelligence database. This is where the FortiGuard VOS service gets its hash signatures from. The FortiGuard Global Threat Intelligence database is updated regularly with new malware signatures.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Micaela
7 days agoIvette
9 days agoKristel
19 days agoRuby
24 days agoGeorgene
25 days agoMignon
1 months agoTyra
1 months agoBulah
2 months agoLetha
2 months agoNicolette
2 months agoMarla
2 months agoMatthew
2 months agoCarli
3 months agoViki
5 months agoRikki
5 months agoCarolynn
5 months agoJolene
5 months agoPaul
5 months agoMitsue
5 months ago