Labour Day - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
  1. Home
  2. Fortinet
  3. Fortinet Network Security Expert
  4. NSE8_811
  5. Fortinet NSE 8 Written Exam (NSE8_811) Questions and Answers
Note! The NSE8_811 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the NSE8_812 Exam.

NSE8_811 Fortinet NSE 8 Written Exam (NSE8_811) Questions and Answers

Questions 4

Refer to the exhibit.

NSE8_811 Question 4

The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met:

• 20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices

• The FortiGate HA must be in AP mode

Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)

Options:

A.

Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

B.

Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

C.

Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

D.

Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

Buy Now
Questions 5

Exhibit

Click the Exhibit button.

You are trying to configure Link-Aggregation Group (LAG), but ports A and B do not appear on the list of member options. Referring to the exhibit, which statement is correct in this situation?

NSE8_811 Question 5

Options:

A.

The FortiGate model being used does not support LAG.

B.

The FortiGate model does not have an Integrated Switch Fabric (ISF).

C.

The FortiGate SFP+ slot does not have the correct module.

D.

The FortiGate interfaces are defective and require replacement.

Buy Now
Questions 6

A company has just rolled out new remote sites and now you need to deploy a single firewall policy to all of these sites to allow Internet access using FortiManager. For this particular firewall policy, the source address object is called LAN, but its value will change according to the site the policy is being installed.

Which statement about creating the object LAN is correct?

Options:

A.

Create a new object called LAN and enable per-device mapping.

B.

Create a new object called LAN and promote it to the global database.

C.

Create a new object called LAN and use it as a variable on a TCL script.

D.

Create a new object called LAN and set meta-fields per remote site.

Buy Now
Questions 7

Refer to the exhibit.

NSE8_811 Question 7

You have two data centers with a FortiGate 7000-series chassis connected by VPN. All traffic flows over an established generic routing encapsulation (GRE) tunnel between them. You are troubleshooting traffic that is traversing between Server VLAN A and Server VLAN B. The performance is lower than expected and you notice all traffic is only going through the FPM in slot 3 while nothing through the FPM in slot 4.

Referring to the exhibit, which statement is true?

Options:

A.

Removing traffic shaping from the firewall policy allowing this traffic will allow for load-balancing to the

other module.

B.

Changing the algorithm to take source IP, destination IP and port into account will load balance this traffic to the other module.

C.

There is no way to load-balance the traffic in this scenario.

D.

Configuring a load-balance flow-rule in the CLI will load-balance this traffic.

Buy Now
Questions 8

Exhibit

Click the Exhibit button.

The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device.

Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)

NSE8_811 Question 8

Options:

A.

Traffic that does match any spp policy will not be inspection by this spp.

B.

FortiDDos will not send a SYNACK if a SYN packet is coming from an IP address that is not the legtimate IP (LIP) address table.

C.

FortiDooS will start dropping packets as soon as the traffic executed the configured maintain threshold.

D.

SYN packets with payloads will be drooped.

Buy Now
Questions 9

Exhibit

NSE8_811 Question 9

Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?

Options:

A.

The policy redirects all HTTP URLs to HTTPS.

B.

The policy redirects all HTTPS URLs to HTTP.

C.

The policy redirects only HTTPS URLs containing the ˆ/ (. *) S string to HTTP.

D.

The pokey redirects only HTTP URLs containing theˆ/ ( .*)S string to HTTPS.

Buy Now
Exam Code: NSE8_811
Exam Name: Fortinet NSE 8 Written Exam (NSE8_811)
Last Update: Dec 1, 2023
Questions: 65
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 28 Apr 2024