Summer Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Note! NSE8_811 has been withdrawn. The new exam code is NSE8_812

NSE8_811 Practice Exam Questions with Answers Fortinet NSE 8 Written Exam (NSE8_811) Certification

Question # 6

Click the Exhibit button. An administrator implements a multi-chassis link aggregation (MCLAG) solution using two FortiSwitch 448Ds and one FortiGate 3700D. As describes in the network topology shown in the exhibit, two links are connected to each FortiSwitch. What is requires to implement this solution? (Choose two.)

NSE8_811 question answer

A.

Replace the FortiGate as this one does not have an ISF.

B.

Create two separate link aggregated (LAG) interfaces on the FortiGate side for each FortiSwitch.

C.

Add set fortilink-split-interface disable on the FortiLink interface.

D.

An ICL link between both FortiSwitch devices needs to be added.

Full Access
Question # 7

You configure an outgoing firewall policy with a web filter for accessing the internet. The access to URL https// itacm.co and web belonging to the same category should be blocked. You notice that the Web server presents a certificate with CN=www acme.com. The www.it.acme site is as '' information Technology and the www.acme.com site is categorized as ''Business".

Which statements is correct in this scenario?

A.

Category "information Technology" needs to blocked, the FortiGate is able to inspection the URL with HTTPS sessions.

B.

Category "Business" need a to be block: the certificate name takes precedence over the SNI.

C.

SSL inspection must be configured to deep-inspection: the category "information Technology "needs to be blocked.

D.

Category :information Technology" needs to be blocked, the SNI takes precedence over the certificate name.

Full Access
Question # 8

Click the exhibit.

A VPN IPsec is connecting the headquarters office (HQ) with a branch office (BO) and OSPF is used to redistribute routes between the offices. After deployment, a server with IP address 10.10.10.35 located on the DMZ network of the BO FortiGate, was reported unreachable from hosts located on the LAN network of the same FortiGate.

NSE8_811 question answer

Referring to the exhibit, which statement is true?

A.

The ICMP packets are Being blocked by an implicit deny policy.

B.

The incoming access list should have an accept action instead deny action to solve the problem.

C.

A directly connected subnet is being partially superseded by an OSPF redistributed subnet.

D.

Enabling NAT on the VPN firewall policy will solve the problem.

Full Access
Question # 9

Click the exhibit.

You created an aggregate interface between your FortiGate and a switch consisting of two 1 Gbps links as shown in the exhibit. However, the maximum bandwidth never exceeds. 1 Gbps and employees are complaining that the network is slow. After troubleshooting, you notice only one member interface is being used. The configuration for the aggregate interface is shown in the exhibit.

In this scenario, which command will solve this problem?

NSE8_811 question answer

A.

config system interface

edit Agg1

set min-links 2

end

B.

config system interface

edit Agg1

set weight 2

end

C.

config system interface

edit Agg1

set Algorithm L4

end

D.

config system interface

edit Agg1

set lacp-mode active

end

Full Access